 
| Subject: | |
| From: | |
| Reply To: | TechNet E-Mail Forum. |
| Date: | Mon, 25 Jan 1999 15:03:02 -0600 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Security Update
---------------
Gaping Security Hole In IE/Outlook And Office
By Peter Deegan
If you have Office installed, and you use Internet Explorer to view an
infected Web page, that page-without your knowledge, or any action on your
part-can wreak havoc on your system. It can drop a virus, delete a folder,
scramble data, send your tax files to Timbuktu... anything. Similarly, if
you use Outlook 98 or later to view an infected HTML message, that
message-with no action on your part-can do anything to your system.
Anti-virus legend Dr. Vesselin Bontchev confirmed [this] report by showing
me an HTML file that exploits the security hole. It's... scary. It's way
too easy to exploit, unlike some more obscure security problems you don't
have to be a 'rocket scientist' to spread trouble. For that reason, WOW has
decided to be quick about warning our readers to get the protective patch
before examples of this spread 'in the wild.'
At Microsoft, a team has been working day and night for the last few days to
find a fix. Microsoft will be posting that fix in the next few hours.
Let me make this really clear. Every single Office user who also uses
Internet Explorer or Outlook 98 or later, MUST INSTALL THIS PATCH. It's only
a matter of time before some %$#@! cretin figures out how to exploit this
hole. You-and everyone you know-needs protection NOW.
There's actually TWO security patches out today. We're particularly
concerned with the Word 97 Template patch, but you should get the Forms 2.0
patch as well. More info on both problems below.
Word 97 Template Security Patch:
http://www.microsoft.com/security/bulletins/ms99-002.asp
Microsoft Security Bulletin
http://officeupdate.microsoft.com/downloaddetails/wd97sp.htm
Office Update Download Page
Forms 2.0 Security Patch:<br>
http://officeupdate.microsoft.com/downloaddetails/fm2paste.htm
Office Update Download Page
http://www.microsoft.com/security/bulletins/ms99-001.asp
Microsoft Security Bulletin
Please. Take a few seconds to forward this article to everyone you know who
doesn't subscribe to WOW. Urge them in no uncertain terms to get the
patches, and apply them immediately.
All I ask is that you keep this article intact-don't change it-and that you
send it in its entirety. If there are any updates, we'll post them to
href="http://www.wopr.com/ immediately.
And thanks to WOWser DavidF. Excellent work, my man.
Raśl Cantero
Business e-mail: [log in to unmask]
Personal e-mail: [log in to unmask] or [log in to unmask]
################################################################
TechNet E-Mail Forum provided as a free service by IPC using LISTSERV 1.8c
################################################################
To subscribe/unsubscribe, send a message to [log in to unmask] with following text in the body:
To subscribe: SUBSCRIBE TechNet <your full name>
To unsubscribe: SIGNOFF TechNet
################################################################
Please visit IPC's web site (http://www.ipc.org) "On-Line Services" section for additional information.
For technical support contact Hugo Scaramuzza at [log in to unmask] or 847-509-9700 ext.312
################################################################
|
|
|
