 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
3 |
 |
Members:
0 |
 |
Total:
3 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 09/09/2003 7:31 PM |
|
What it is
Ok, this will be a LONG one, so take a deep breath. Microsoft recently announced several new vulnerabilities in Microsoft Office. Although we don't yet see any viruses or worms implementing these vulnerabilities, we feel they're dangerous enough you will want to patch your Office programs as a preventive measure. Worms or viruses may be just a week or two away. These vulnerabilities are especially dangerous because they can be invoked from files we normally don't think of as containing viruses (Excel, Word, Access, etc.) Here is a description of each:
One (MS03-035/MS03-036) is in the converter from WordPerfect to other Office or Works products. Law offices especially may find themselves using this particular converter frequently. This vulnerability can be automatically invoked by opening a carefully crafted WordPerfect document in Microsoft Word or by clicking on a file with a WPD extension (either from a disk or in email) that has certain properties. This vulnerability affects the following products:
MS-035 (Converter Vulnerability - Word and Works only)
Word 97, 98 (J), 2000, and 2002
Works Suite 2001, 2002, and 2003
MS-036 (Converter Vulnerability - all Office products)
Office 97, 2000, and XP
Word 98 (J)
FrontPage® 2000 and 2002
Publisher 2000 and 2002
Works Suite 2001, 2002, and 2000
The second vulnerability affects all programs in the Microsoft Office suite because it is in the Visual Basic interpreter. There are also some programs that are outside the normal Office suite that are affected including Visio, Project, Publisher, Great Plains, Dynamics, eEnterprise, and Solomon. This vulnerability allows any one of these programs to invoke a Visual Basic application without your knowledge. Again - this vulnerability will not be show in windowsupdate. It will be detected by Officeupdate properly - even if you have one of the other products installed but not MS Office. This vulnerability affects the following products:
Visual Basic for Applications SDK 5.0, 6.0, 6.2, and 6.3
Office 97, 2000, and XP
Word 98 (J)
Visio® 2000 and 2002
Project 2000 and 2002
Publisher 2002
Works Suite 2001, 2002, and 2003
Business Solutions Great Plains® 7.5
Business Solutions Dynamics® 6.0 and 7.0
Business Solutions eEnterprise® 6.0 and 7.0
Business Solutions Solomon® 4.5, 5.0, and 5.5
The last vulnerability affects Microsoft Access users. If you don't have Access 97, 2000 or XP or the snapshot viewer for Access installed this one won't affect you. The vulnerability is in the Access snapshot viewer, an optional tool that allows you to snapshot reports and send them to people to view. The snapshot viewer can be installed on a computer that doesn't have Access. Just because you don't have Access doesn't mean you don't have the viewer. You should check your Add/Remove programs list to be sure that Microsoft Access Viewer isn't in the list (in addition to Microsoft Access or Office). The following versions are affected:
Microsoft Access 97
Microsoft Access 2000
Microsoft Access 2002
What to do
Unfortunately Microsoft doesn't offer as clean an upgrade and patching path for Office as they do for their operating systems. These vulnerabilities will not be indicated using the normal windowsupdate.Microsoft.com site! You need to manually visit a separate site to update Microsoft Office. This site is:
http://office.microsoft.com/officeupdate/mainCatalog.aspx?CTT=98
(gosh isn't THAT easy to memorize) :)
Furthermore you will need to have your original installation disks handy to do the update. This means the installation disks for the particular version of office installed on your machine. If you have Office 2000 SP1 for instance - those are the disks you need. Office 2000 or Office 2000 SP2 disks won't do - you need the ones for the version that was originally installed on your PC. The patches will not install without your installation disks in many cases. If you are installing the patch and it keeps asking you for the disk - you may have the wrong set - or the wrong disk from the correct set (Disk 1, Disk 2, etc.). This can especially be a problem for those that have offices with multiple versions of MS Office floating around, or who installed from a network install point and don't have access to the original install set. If you fall into one of these categories - contact your system administrator for help getting the installation done. Badger them until they have a solution for you - it's important.
Once you run the office update wizard (you may have to accept an install of the activeX control) you will be presented with a checklist of items that require patching. We recommend taking all checked patches.
If you cannot run Office update or need to distribute these patches to a wider audience, you may download the patches individually at the following addresses. Note that there are different patch files for different versions of Office:
MS03-035: http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-035.asp
MS03-036: http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-036.asp
MS03-037: http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-037.asp
MS03-038: http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-038.asp
Until you have patched, we recommend that you save each new Office document attachment that you receive via Email to disk before opening it (rather than opening it directly from an eMail) so that you allow your virus scanner to have a whack at it before it opens. This goes for Zipped office files as well. Be sure to keep your signatures updated.
Further information
PLEASE don't wait until there is a virus implementing one of these (remember the havoc that Slammer and Blast wreaked because people didn't patch):
Word Perfect Converter vulnerability -Word only (MS-035):
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-035.asp
Word Perfect Converter vulnerability - All Office products (MS03-036):
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-036.asp
Visual Basic for Applications vulnerability - All Office, Visio, Project, and accounting products (MS03-037):
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-037.asp
MS Access/Access viewer vulnerability - All Access and Access viewer products (MS03-038):
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-038.asp
This concludes this viruswarning update. Cheers and have a pleasant day!
Lee Drake
Aztek Computer Solutions, Inc.
274 N. Goodman St. Ste B269
Rochester, NY 14607
the human side of computing
Email: ldrake@azcomputer.net
Web: www.azcomputer.net Office Phone: 585-242-2060
Fax number: 585-242-9441
|
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|