Re: Symantec Security Response SecBul-10042001, Revision1, Malfor med Microsoft Excel or PowerPoint documents bypass Microsoft macro securi ty features

From: Alan Claver (alc@ATHLETICS.PSU.EDU)
Date: 10/06/01 

Message-ID:  <9BD52C7E13FED111A1730006290566FF1B9AE4@bjc119-3.athletics.psu.edu>
Date:         Sat, 6 Oct 2001 10:48:01 -0400
From: Alan Claver <alc@ATHLETICS.PSU.EDU>
Subject:      Re: Symantec Security Response SecBul-10042001, Revision1, Malfor med Microsoft Excel or PowerPoint documents bypass Microsoft macro securi ty features
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

> Additionally, Microsoft has released a security bulletin,
> MS01-050, for this issue with links to product security
> patches. Users of individual Microsoft Office products as
> well as bundled Microsoft Office suites should download and
> install the appropriate security patches to secure their
> applications:

Although not mentioned in this recent message, it's important to alert users
of Office XP (2002) that in order to apply the security patches, they must
have access to the installation media (CD-ROM, network share) before the
patch will be installed.

Personally, I can't understand this. Security alerts should not a seen as an
appoportunity push anti-piracy agendas.

============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?si=53&BI;=245&UL;=http://www.ant
ivirus.com/smex2000_rebate

Relevant Pages

  • Critical Alert Update - W32.Slammer
    ... PSS Security Response Team Alert - Update: ... SP2, and Microsoft SQL Desktop Engine Version (MSDE) 2000 RTM, Microsoft SQL ... and all applications that install Microsoft SQL Desktop ...
    (microsoft.public.sqlserver.security)
  • Critical Alert Update - W32.Slammer
    ... PSS Security Response Team Alert - Update: ... SP2, and Microsoft SQL Desktop Engine Version (MSDE) 2000 RTM, Microsoft SQL ... and all applications that install Microsoft SQL Desktop ...
    (microsoft.public.security)
  • Re: Microsoft notice on W32.Slammer
    ... >PSS Security Response Team Alert - New Worm: ... >1434 utilizing a vulnerability that was patched in Microsoft Security ... > Microsoft, however, recommends that customers install the most recent ... >cumulative security patch for Microsoft SQL Server 2000 which is Microsoft ...
    (microsoft.public.sqlserver.security)
  • RE: [Full-Disclosure] FW: Microsoft Security Bulletin MS03-035: Flaw in Microsoft Word Could Enable
    ... receive the same cryptic error message if you try to install SP2 but SP1 ... > should review my security settings. ... Microsoft Word supports the use of macros to allow ... >> has a security model designed to validate whether a macro should be ...
    (Full-Disclosure)
  • Re: ?Expired Security Certif for MS Update
    ... MBSA should run fine on a new install. ... faith in the downloads I have, that used the expired certificate to get ... At the risk of sounding like an alien abductee, this security invasion ... Microsoft and signed by a CA that your computer trusts I would not worry ...
    (microsoft.public.windowsxp.security_admin)