-TOP STORIES-
>
> ** Dangerous New Microsoft Cracking Threat
>
> The System Administration, Networking, and Security (SANS) Institute on
> Monday identified what it called "probably the most dangerous
> programming error" found in any workstation running Windows 95, 98,
> 2000, and NT 4.0.
>
> A security alert issued by the cooperative research and education group
> states that users are vulnerable to a total compromise when they
> preview or read an infected E-mail--without having to open any
> attachment--if they're running any of the affected operating systems
> and have Microsoft Access 97 or 2000, Internet Explorer 4.0 or higher,
> including version 5.5 that ships with Windows 2000.
>
> According to the institute, the exploit was first discovered June 27,
> but Microsoft requested that SANS not release the details of the
> vulnerability until the company developed a fix. Microsoft posted a
> workaround on July 14 that is available at www.sans.org. Users running
> systems with Outlook, Outlook Express, Eudora, or any mail reader that
> uses Internet Explorer to render HTML documents are also vulnerable to
> this exploit through E-mail.
>
> According to the SANS advisory, a hacker could get into Microsoft
> Access using ActiveX controls without the victim knowing that it's
> happening. "This is a very serious problem," says Forrester Research
> analyst Frank Prince. "Anyone with Visual Basic knowledge could
> potentially send an E-mail -- that doesn't have to be opened--and give
> the hacker complete access to the user's system."
>
> Prince says he agrees with SANS's decision not to publicize the
> vulnerability until a patch was available. "The bar is so low for this
> exploit, and the potential for damage so high, a lot of people with
> Visual Basic knowledge would jump on the Internet to see what they
> could do. I'll bet a lot are doing just that right now," he says. For a
> complete workaround for the security flaw, visit
> http://http://www.sans.org/newlook/resources/win_flaw.htm --George V. Hulme
>
...
> ____________________________________________________
> Copyright 2000 CMP Media. A service of InformationWeek.
>
> ** Dangerous New Microsoft Cracking Threat
>
> The System Administration, Networking, and Security (SANS) Institute on
> Monday identified what it called "probably the most dangerous
> programming error" found in any workstation running Windows 95, 98,
> 2000, and NT 4.0.
>
> A security alert issued by the cooperative research and education group
> states that users are vulnerable to a total compromise when they
> preview or read an infected E-mail--without having to open any
> attachment--if they're running any of the affected operating systems
> and have Microsoft Access 97 or 2000, Internet Explorer 4.0 or higher,
> including version 5.5 that ships with Windows 2000.
>
> According to the institute, the exploit was first discovered June 27,
> but Microsoft requested that SANS not release the details of the
> vulnerability until the company developed a fix. Microsoft posted a
> workaround on July 14 that is available at www.sans.org. Users running
> systems with Outlook, Outlook Express, Eudora, or any mail reader that
> uses Internet Explorer to render HTML documents are also vulnerable to
> this exploit through E-mail.
>
> According to the SANS advisory, a hacker could get into Microsoft
> Access using ActiveX controls without the victim knowing that it's
> happening. "This is a very serious problem," says Forrester Research
> analyst Frank Prince. "Anyone with Visual Basic knowledge could
> potentially send an E-mail -- that doesn't have to be opened--and give
> the hacker complete access to the user's system."
>
> Prince says he agrees with SANS's decision not to publicize the
> vulnerability until a patch was available. "The bar is so low for this
> exploit, and the potential for damage so high, a lot of people with
> Visual Basic knowledge would jump on the Internet to see what they
> could do. I'll bet a lot are doing just that right now," he says. For a
> complete workaround for the security flaw, visit
> http://http://www.sans.org/newlook/resources/win_flaw.htm --George V. Hulme
>
...
> ____________________________________________________
> Copyright 2000 CMP Media. A service of InformationWeek.