I Find This Funny Fw: Microsoft Security Bulletin MS01-050

Warren Togami warren at togami.com
Fri Oct 5 01:00:00 PDT 2001


I find this funny...

I tried the patch, and now my Office 2000 crashes when opening normal Excel
and Powerpoint documents.

Go Microsoft!

----- Original Message -----
From: "Microsoft Product Security" <secnotif at MICROSOFT.COM>
To: <MICROSOFT_SECURITY at ANNOUNCE.MICROSOFT.COM>
Sent: Thursday, October 04, 2001 11:56 AM
Subject: Microsoft Security Bulletin MS01-050


The following is a Security  Bulletin from the Microsoft Product Security
Notification Service.

Please do not  reply to this message,  as it was sent  from an unattended
mailbox.
                    ********************************

-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------
Title:      Malformed Excel or PowerPoint Document Can Bypass Macro
            Security
Date:       04 October 2001
Software:   Microsoft Excel or PowerPoint for Windows or Macintosh
Impact:     Run Code Of Attacker's Choice
Bulletin:   MS01-050

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-050.asp.
- ----------------------------------------------------------------------

Issue:
======
Excel and PowerPoint have a macro security framework that controls
the execution of macros and prevents macros from running
automatically. Under this framework, any time a user opens a
document the document is scanned for the presence of macros.
If a document contains macros, the user is notified and asked
if he wants to run the macros or the macros are disabled entirely,
depending on the security setting. A flaw exists in the way macros
are detected that can allow a malicious user to bypass macro
checking.

A malicious attacker could attempt to exploit this vulnerability
by crafting a specially formed Excel or PowerPoint document with
macro code that would run automatically when the user opened it.
The attacker could carry out this attack by hosting the malicious
file on a web site, a file share, or by sending it through email.

Mitigating Factors:
====================
 - The macro code could not execute without the user's
   first opening the document.

Patch Availability:
===================
 - A patch is available to fix this vulnerability. Please read the
   Security Bulletin at
   http://www.microsoft.com/technet/security/bulletin/ms01-050.asp
   for information on obtaining this patch.

Acknowledgment:
===============
 - Peter Ferrie, Symantec Security Response
   (http://securityresponse.symantec.com)

- ---------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE
FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN
IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.


-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQEVAwUBO7zat40ZSRQxA/UrAQFJIwf/XFk6QbriqnTwYxWUQQxpvM/Dr0XkBonD
3tw4hTuioM3ppA4A7MHgnQpymv8+DY3q0wygMDllPQ9MYOgl3oPLwpvYifPfvsD/
iXG69zNm3XoPXbjP9Rs/IagLfa0JJRE7Yljo3//DoBKqRWYc7U6tWhoaGnYBLZ6h
/Fluo4GUHWY5hxweYyerBmptQzwTD0HyW99MTMbFvc3ej9YrfhNyazeptOi6y804
0+9YSBjUEcq71GX5/ZNPvut6lhgDRQSSNOIpVrvmTv4YNX4+5uasMMTg8CkzQpWU
Ch/aFrOh8TpCP4Nwkh7+shXgOViHGeubNa5ZuPh/+ctJng2V9xDT8A==
=uVE3
-----END PGP SIGNATURE-----



More information about the LUAU mailing list