Re: Symantec Security Response SecBul-10042001, Revision1, Malformed Microsoft Excel or PowerPoint documents bypass Microsoft macro securi ty features

From: Microsoft Security Response Center (secure@MICROSOFT.COM)
Date: 10/09/01


Message-ID:  <949915AAAC8CED4B823E2B1BBD0B3E7F8FA264@red-msg-18.redmond.corp.microsoft.com>
Date:         Tue, 9 Oct 2001 14:51:28 -0700
From: Microsoft Security Response Center <secure@MICROSOFT.COM>
Subject:      Re: Symantec Security Response SecBul-10042001, Revision1, Malformed Microsoft Excel or PowerPoint documents bypass Microsoft macro securi ty features
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM


-----BEGIN PGP SIGNED MESSAGE-----

Hi everyone,

I wanted to take a moment and clear up a mis-understanding about the
way MSI-based patches work when they ask for the original media. To
be clear, it's NOT an anti-piracy device.

It's actually a resiliency feature of the Windows Installer. It asks
for the original install location to ensure the integrity of the
local installation by comparing the files on the local system with
the original files. It automatically repairs any files on the local
system it finds are damaged.

We have heard the frustrations that users have voiced and the design
has been modified in Windows Installer 2.0. We're working hard to do
what we can so that future Office versions can to take advantage of
those changes.=20

I hope this helps to clear up any mis-understanding.

Regards,

Christopher Budd
Security Program Manager
Microsoft Security Response Center mailto://secure@microsoft.com

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQEVAwUBO8NxT40ZSRQxA/UrAQGscwf/YctsBTz551Uqk+LBgd+fTyHjRXhNPydT
1zWwVeqgLPuYzaorJM+7W4QLVQAu3gDndZ8r/7Noar/Zh0ts6cUumP+s3OOlZK12
SDwQI8eSPIEWk1b2oGwM2dC3BdjCN60ohC+vtfR2pj7C3TsCEBL7/NzgND6/DJPo
1otrLeaJcislOg/yIJ8fgjO1lUH2aw4al81tOSN4NaS4iPM7qxBmyauG5ZcCsfUQ
AGVqkwyrQ5ciy3xq+EqbXW6HNgpBjgXHuONwkW1+hU2S9K7WPivIsL25hSMAqYPF
6CmkKge1voU5bdnDdI1gwDn1Z9PAYJzuvSJrtotAWVmoCfqWuR9pvw==
=C9nr
-----END PGP SIGNATURE-----

======================================
Delivery co-sponsored by Trend Micro, Inc.
======================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?siS&BI;$5&UL;=http://www.ant
ivirus.com/smex2000_rebate



Relevant Pages

  • Re: UAC
    ... As I described the Vista security 'features' to my sister before I set it up ... Internet Explorer 7 is an attempt to kind-of emulate Firefox, but Microsoft ... Vista ... Five Misunderstood Features in Windows Vista: ...
    (microsoft.public.windows.vista.general)
  • Re: What would you say about a set of anti-piracy technologies that allows -
    ... Microsoft has been for some time pushing its Trusted Computing initiative. ... There are some fundamental security issues that we mustn't lose sight of, otherwise we are being lulled into a false sense of security by the vendor speak through the product evangelists at Microsoft. ... If Microsoft or another vendor wants to turn on and off features and harvest data about the usage of target systems the end user needs to know - what hidden "features" are embedded within the software that may be turned on / turned off at a later stage. ... It's called Software License Protection Services and it poses a big threat to your security! ...
    (microsoft.public.security)
  • Re: Symantec Security Response SecBul-10042001, Revision1, Malfor med Microsoft Excel or PowerPoint
    ... Symantec Security Response SecBul-10042001, Revision1, Malfor med Microsoft Excel or PowerPoint documents bypass Microsoft macro securi ty features ...
    (NT-Bugtraq)
  • Re: Warning on .CHM files
    ... I read the info on Microsoft and it certainly takes some consideration ... Some features are disabled and some require opening some ... of Vista's security. ...
    (borland.public.delphi.non-technical)
  • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
    ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
    (Securiteam)