Archive of UserLand's first discussion group, started October 5, 1998.
Re: Email Virus - SANS News Flash about it.
Author: Mark Alexander Posted: 7/18/2000; 8:22:47 PM Topic: Outlook Express and the virus Msg #: 18760 (In response to 18757) Prev/Next: 18759 / 18761
The announcement discusses 2 different security holes.1) IE - Access Issue: The first one is that IE will open an Access DB attachment if called from within a web page. It incorrectly prompts you about opening the document after it has already opened the DB and executed the script.
This hole can be closed by changing the security settings within Access
2) IE - Office Issue: The second one is that IE can cause excel or powerpoint to save a file in any embedded scripts in any location that the user reading the email has write access to. This includes things like the startup directory.
This hole can be closed by updating office with patches.
I personally think that if the user only has write access to non-system directories that will also minimize the risk, but this approach is much harder to setup and maintain. ( I have a secured NT setup in my office with a huge amount of access control limits set for each and every user and directory. It was a large effort to setup and its security is only as good as my ability to explicitly limit access to important directories. I would not reccommend this approach, I setup this system to experiment with NT access controls and compare them to Unix. I am much more comfortable with my efforts to harden and lock down my Unix systems)
To directly answer your questions, I think that removing office would close these holes, but I think changing the default security settings in Access and patching the rest of Office would close these holes as well.
Note: I am not a Windows security expert. I have a large amount of experience playing with NT and Win2K security, but I do not consider myself an expert in this area. I am much more comfortable with Unix, Macintosh and network security issues.
This page was archived on 6/13/2001; 4:55:44 PM.
© Copyright 1998-2001 UserLand Software, Inc.