Zero-Day Excel Exploit In the Wild

snydeq writes "Microsoft Excel has a zero-day vulnerability that attackers are exploiting on the Internet, according to security vendor Symantec. The problem affects Excel 2007 both without and with Service Pack 1, according to an advisory on SecurityFocus, and other versions going back to Excel 2000. The program's vulnerability can be exploited if a user opens a maliciously crafted Excel file, allowing a hacker to leave a Trojan horse on the infected system."

An Exploit

An exploit? In my Microsoft product?

SAY IT AIN'T SO!!!

Re:An Exploit

It's more likely than you think.

Re:An Exploit

[ozmanjusri]

A -1 Troll moderation for mocking Microsoft's deservedly poor reputation for security exploits?

Oh poor Slashdot, how far have ye fallen?

Re:An Exploit

[Sinbios]

I think it's actually mocking the superfluity of this article.

Random E-mails

[0prime]

Well, let me just open this excel file detailing the financial agreement I will be making with Mr. Ugubu. Surely there is nothing wrong with opening attachments from untrusted sources.

Re:Random E-mails

[the_humeister]

What do you mean "untrusted." He just sent me an email detailing how he is the caretaker of the Nigerian's former king's fortune. It sounds official too.

Re:Random E-mails

[gEvil+(beta)]

What do you mean "untrusted." He just sent me an email detailing how he is the caretaker of the Nigerian's former king's fortune. It sounds official too.

No kidding. I got an email a few weeks ago from Kofi Annan that talked about how he and some "big wigs at the UN" (his words, not mine) were looking for ways to split up some money, and he was wondering if I would be interested in receiving a share. I've heard of Kofi Annan and know that he was associated with the UN at one point, so it doesn't get any more official sounding than that.

Re:Random E-mails

[Forbman]

...and I got one from a Barrister in Great Britain...

At least they're grammar and structure is get better. [sic]

Re:Random E-mails

Pfffft - a few losuy million - that Nigerian 419 scam is soooo last century.

Today's movers and shakedowners go with the Wall Street Bail-out Scam. You can make billions with that one.

Re:Random E-mails

[Lord+Ender]

Surely there is nothing wrong with opening attachments from untrusted sources.

The real danger is in opening attachments from trusted sources. If this is used with an email worm, it will look like it is coming from your friends, coworkers, or any of your eight bosses. As a high priority, due yesterday, mission-critical action-item.

Re:Random E-mails

FIY: it's shakers down, like attorneys general.

Re:Random E-mails

[j4s0n]

Weird. Every time I try to listen to my E-mails, I just hear music from Star Trek: TMP.

Re:Random E-mails

[aarroneous]

I was just thinking that - it's 2009. Who is still opening DOC or XLS attachments?

Umm... practically any company that does business with any municipal or state governmental agencies, law firms, accounting firms, etc etc. The question is who isn't opening DOC or XLS attachments from their clients, and how do they plan to stay in business?

Re:Random E-mails

You are correct member of genus: Nazis, species: Grammar.

Oh, and FYI: it's FYI, not FIY :)

Re:Random E-mails

I feel sorry for the Nigerian king who does someday actual need help...

Re:Random E-mails

[mapsjanhere]

I got one from a Lt. Col, USArmy, who snatched $25 Million from Saddam. Now that's a trustworthy source, so I couldn't understand why he needed my help as most of it was in $100 bills. Maybe he needed me to carry the suitcases?

Re:Random E-mails

[_avs_007]

That's why(among other things) we have to use cryptography on anything we send via email, so it's authenticity and integrity can be verified.

But IT really hates when people send large documents back and forth over email, so we also have secure online repositories that people are supposed to push/pull documents to/from for x-group collaboration.

Re:Random E-mails

[bootup]

When I started my business I knew that there would be challenges sticking with free software / open source principles and solutions. Having been in business for several months now I realize just how challenging it is not to do things like open word documents. For instance HP won't authorize me to be a reseller if I don't fill out document X. Document X may not be in MS Word format, however it requires me to have Y. Geting Y is only possible by gong through company D. Company D only supports MS Internet Explorer to get an account that would let me get Y.

I can't exactly avoid HP. HP is the only company that actually supports GNU/Linux well in the printer world at the low end of the market.

OK- Next thing I need are high quality custom labels for a particular product I've developing. I look into doing it myself. Turns out I can't make them myself since printers with white ink are too expensive. The product I'm developing is based on a third party case that can't be changed-since nobody else produces cases that will work for my particular product. The black case means the labels I need for my product must be black with white lettering. The only way to get black labels with white lettering of the size I need them is through one or two particular companies. So- I contact these companies. I spend months talking to them about what they can do for me. Each day I get a new email and respond. Each day I get a little further. Finally after a month or two I find out that they have to order custom dies for my labels since they are non-standard. Instead of taking several weeks to produce they now will be several weeks plus the time it takes to get the dies made. That adds months to the time. However, they will have to get back to me on the dies so in addition to the months it will take weeks or months just to find out how to get them made by the third company. Several more weeks go bye. No emails. I email them. They say they are working on it. Finally I give up and find a less desirable solution. The thing is the whole time I was interacting with them they were sending me MS Word documents. I couldn't afford not to open them if I wanted to get this project done. It just wasn't going to happen. Each question I had to ask took them a day to respond as it was. How on earth would I have gotten it done if I had to do this with every business I contacted? This is not to say I shouldn't be trying to correct bad habits of users and other businesses. I do that every day. It just isn't always realistic that I'll be able to correct every body.

Re:Random E-mails

In Soviet Russia For Infos You!!!

Re:Random E-mails

[BrokenHalo]

I got one from Colonel Gadaffi the other day, but I disregarded it because he spelt his own name wrong. ;-)

Re:Random E-mails

[D-Cypell]

Wow! Sounds like some professional scammer just looked up the word 'plausible' up in the dictionary!

Re:Random E-mails

[amias]

er , google and lots and lots and lots of others

something is wrong with the moderation round here where someone can get a score 5 insightful for denying the existance of google docs.

Re:Random E-mails

[hesaigo999ca]

Well people you trust can be infected too and not know it and send you a picture of themselves on holiday, and you just viewed a .jpg that contained a hidden virus....it has happened. The whole email attachment bit is what I don't get, why send me attachments at all....unless I ask for them , then I get them....if you tell me the joke I wont need to download a 3mb powerpoint of it!!!

Re:Random E-mails

[aarroneous]

If you truly believe that google, red hat, or "many other's" sales, marketing, and accounting departments don't find themselves using or opening word and excel attachments, you're either woefully misinformed, or simply delusional.

Re:Random E-mails

[meringuoid]

There's always AbiWord or OpenOffice.org. Determining to use only free software is admirable; refusing to use de-facto standard non-free document formats when they are very well understood by mature free applications, well, that's just masochism. Publish your own materials in free formats by all means, but if free software is capable of deciphering non-free formats sent to you by others then one shouldn't make too much of a fuss over the principle. Strict in what you send, tolerant in what you receive, that's the ticket.

Re:Random E-mails

[SCHecklerX]

Yeah, even signing up to take the CISSP exam, of all things, requires you upload your resume in .doc format. Nice, eh?

and you thought that math "error" was a mistake...

[Shakrai]

.... it was really protection to save you from trojans. Everybody knows that all trojans and exploits begin with the following code:

if (65535==65535) { install trojan; } else { don't install trojan; }

zero day?

Does it really count as zero-day if it's been a bug for 9 years?

Re:zero day?

[orzetto]

I think it is the count of how much time Microsoft has been working on the bug.

Re:zero day?

[PitaBred]

Zero-Day does not mean the day the bug was released. It means that it is a bug that is being exploited in the wild before a patch can be released. It doesn't matter when the bug was first coded. Compare that to a theoretical bug discovered by researchers that COULD be exploited, but isn't yet.

I normally wouldn't respond to an AC seemingly obvious misconception, but the fact that he was modded up means that people with mod points apparently don't have a clue, either...

Re:zero day?

[n1ckml007]

mod parent up, this is the correct definition.

Re:zero day?

[Lord+Ender]

the fact that he was modded up means that people with mod points apparently don't have a clue, either...

Welcome to slashdot!

Re:zero day?

[harry666t]

You're right, it's 3287-day.

Re:zero day?

[wastedlife]

The fact that this was modded informative is one of the funniest things I've seen all day.

Re:zero day?

[CannonballHead]

maybe that was an effort to make it funny. :)

Re:zero day?

What about using openoffice as an immediate workaround ;)

Re:zero day?

[wish+bot]

Back in the day it was common to give really funny comments an underrated/informative/interesting mod because the 'funny' mod didn't give you karma. There are still one or two guys from that era around...

Re:zero day?

[treeves]

Or 5...

Zero Day???

How is it a zero day two years after it was launched...

Re:Zero Day???

[jasmak]

Zero day attack, exploitation of unpatched software vulnerabilities

A work-around for it... apk

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Excel\Security\FileOpenBlock]
"BinaryFiles"=dword:00000001

APK

Re:A work-around for it... apk

[fuzzyfuzzyfungus]

That is only a workaround if you hate the guts of everybody who works the help desk...

Re:A work-around for it... apk

[Sir_Lewk]

Cripes! And people say unix is complicated!

Re:A work-around for it... apk

[spacefiddle]

Official Microsoft Workaround: Get up from your desk, step around it, and stop working.

Re:A work-around for it... apk

[ion.simon.c]

Thanks for not sourcing your information.

Re:A work-around for it... apk

[meringuoid]

The average end-user doesn't want to have to open registry editors and manually modify esoteric values in obscure text configuration files. No matter how much hobbyists and enthusiasts wish otherwise, until there's an idiot-proof GUI that makes all of this happen in a single click, Windows will never be ready for the mainstream desktop.

Re:and you thought that math "error" was a mistake

[Smidge207]

Nope; that just plays Flight Simulator. ;-)

=Smidge=

Simple Answer for Microsoft...

[BoRegardless]

License Apple's OSX and layoff 30,000 people and just color the startup screen Vista Blue with the appropriate logo.

Then Microsoft will have to get busy making actual applications that WORK, consistently, easily & productively, on the NIXs & OSX.

I am a dreamer.

Re:Simple Answer for Microsoft...

[the_humeister]

Yes, and then break all compatibility with all current applications that are currently running on Windows.

Besides, Darwin is open source. MS could just use Darwin as the base and write a Windows compatible GUI on top of that.

Re:Simple Answer for Microsoft...

I don't really know how stable it's really considered, but I've had more application crashes on the latest kubuntu updated with kde 4.2 in a week of idle tinkering (apps from the default install, network manager, all kinds of things) than I have on vista 64 in several months of constant work.

Re:Simple Answer for Microsoft...

[commodoresloat]

Yes, and then break all compatibility with all current applications that are currently running on Windows.

That's an added advantage of such an approach. Bonus!

Re:Simple Answer for Microsoft...

[harry666t]

Darwin is probably less portable and supports less hardware than, say, the BSDs or Linux. If I were MS I'd use FreeBSD (to avoid the GPL), and maybe take the old (BSD-licensed) version of Wine and patch it with bits of the original implementation of win32 to have some backward compatibility.

From what I've heard MS even has an open source (but non-free) implementation of .NET (AFAIR called Rotor) that works under FreeBSD. Hm...

Re:Simple Answer for Microsoft...

[RCL]

From what I've heard MS even has an open source (but non-free) implementation of .NET (AFAIR called Rotor) that works under FreeBSD. Hm...

That's here - it's unusual to see FreeBSD in requirements on Microsoft Downloads site :)

If I were MS I'd use FreeBSD (to avoid the GPL), and maybe take the old (BSD-licensed) version of Wine and patch it with bits of the original implementation of win32 to have some backward compatibility.

You don't know what you are talking about. Going to break binary compatibility for millions of applications (most of which are without sources)? That's a suicide for every company.

If you ever tried to change whatever API/ABI that has a lot of (external) client code - no matter, commercial or not, you'd understand how much woe it inflicts on your client developers. Even in opensource world, deprecated things (like libbonobo) hang around for long.

The main reason why Windows is so popular is because of its continuous binary compatibility spanning 10+ years.

Re:Simple Answer for Microsoft...

[icannotthinkofaname]

Agreed. It would be nice to see the day when Windows would no longer be able to run the viruses of yesteryear/yesterversion/[time period of your choosing].

Truly, breaking compatibility with current Windows stuff would be a plus.

Re:Simple Answer for Microsoft...

[BoRegardless]

If MS can't make, a dramatically better OS, the question ultimately becomes when to they get out of the OS business.

Is a proprietary OS going to be the revenue generator for the future? Maybe, maybe not.

It sure looks like the future is spelled "small", as in eeePC, netbook, tabook, smartphone, MacBook Air & Similar devices, where the smooth running total system is what users want, and they don't want to fiddle with or debug the OS. That drives the average user nuts. Dell is starting to sell Linux installed and many other companies are doing so.

I'll use whatever I have to use to get my work done (including OSX & XP Pro right now), but given a choice I want a minimum hassle machine. I don't know if Win7 is going to be it, but comments and experience tells me probably not.

With a troublesome Win7 (Sheepskin over Vista), is MS going to just push customers to other OSs?

not a trojan, an expansion for the secret games

[leetrout]

1. Open up a new document.
2. Press F5.
3. Type in x97:L97 in the reference box and press enter.
4. Press tab.
5. Hold down ctrl+shift.
6. While holding these two buttons click on the chart wizard button on the icon bar (the button looks like a bar graph).
7. Play the game while it secretly crafts a worm to take the extra money when transactions are rounded (only a few hundredths of a cent) and deposits them in an offshore account.
8. ...?
9. PROFIT!

Re:not a trojan, an expansion for the secret games

[Shakrai]

Play the game while it secretly crafts a worm to take the extra money when transactions are rounded (only a few hundredths of a cent) and deposits them in an offshore account.

Be careful. Such games have been known to take a few hundredths of a billion and upgrade the crime from white collar resort prison to pound-me-in-the-ass prison ;)

Any chance DEP stops this?

[anss123]

So that I can feel good about having it turned on for all apps.

did you not see

Superman 3?

Re:did you not see

[n0dna]

The exploit is made of Tar?

Re:did you not see

Well he isn't gonna smoke it :)

(posting anon because I modded)

-- Killjoy_NL

And what about SharePoint?

[Penguinisto]

While such a vector would be pretty useless on the public nets, just out of academic curiosity, I wonder: how fast would this critter would travel if it got loaded onto a SharePoint site (you know, one with the handy Excel-handling plugin turned on?)

Looking at it from the other end, how do you protect from such an eventuality without shutting off the plugin?

/P

Re:And what about SharePoint?

[Planesdragon]

Looking at it from the other end, how do you protect from such an eventuality without shutting off the plugin?

Same way you protect the client -- disable .xls binary files.

OTOH, Sharepoint's Excel Web Services is a bitch to get anything to run, even when you're trying to. If you're using SharePoint in lieu of client-side Excel, it should effectively immuninize you from this bug, same as if you used OpenOffice on the client.

Another reason I can't use OpenOffice .....

[whoever57]

With yet another incompatibility between OpenOffice and Excel, I really can't use OpenOffice.

Re:Any chance DEP stops this? - YES, SLIM.

DEP has a very slim chance of stopping this malicious excel file from installing the trojan - If it crashes your OS before you load Excel.

I use Lotus 123 and WordPerfect

You can't attack me... I use MSDOS v6.11, lynx and the Crynwr network stack

Dangit!!

How am I supposed to open my maliciously crafted Excel spreadsheets now???

According to MS? It IS a work-around for this

"That is only a workaround if you hate the guts of everybody who works the help desk." - by fuzzyfuzzyfungus (1223518) on Tuesday February 24, @03:33PM (#26974607)

I suggest you do a bit of reading here then from the URL below...

(Simply because, based on the data about this (straight from the horses' mouth @ MS)? There is a GOOD chance your networking folks will merge this on bootup logon scripts to protect you with it, @ this point so far @ least!)

Microsoft Security Advisory (968272)

Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution

http://www.microsoft.com/technet/security/advisory/968272.mspx

----

SALIENT EXCERPT/QUOTE:

"Suggested Actions

Microsoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section:

For Office 2003

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Excel\Security\FileOpenBlock]

"BinaryFiles"=dword:00000001

Note In order to use 'FileOpenBlock' with Office 2003, all of the latest Office 2003 security updates must be applied.

Impact of Workaround: Users who have configured the File Block policy and have not configured a special exempt directory as discussed in Microsoft Knowledge Base Article 922848 will be unable to open Office 2003 files or earlier versions in Office 2003 or 2007 Microsoft Office System.

For 2007 Office system

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Excel\Security\FileOpenBlock]

"BinaryFiles"=dword:00000001

Note In order to use 'FileOpenBlock' with the 2007 Microsoft Office system, all of the latest security updates for the 2007 Microsoft Office system must be applied.

Impact of Workaround: Users who have configured the File Block policy and have not configured a special exempt directory as discussed in Microsoft Knowledge Base Article 922848 will be unable to open Office 2003 files or earlier versions in Office 2003 or 2007 Microsoft Office System.

How to Undo the Workaround:

For Office 2003

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Excel\Security\FileOpenBlock]

"BinaryFiles"=dword:00000000

For 2007 Office system

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock]

"BinaryFiles"=dword:00000000"

----

Especially since currently there is apparently NO other way to @ least protect yourself from this attack...

APK

P.S.=> The "adverse impacts" of this temporary work-around fix, IF any, are listed on said page also... apk

Re:According to MS? It IS a work-around for this

[fuzzyfuzzyfungus]

"will be unable to open Office 2003 files or earlier versions in Office 2003 or 2007 Microsoft Office System"

That isn't going to go over well. At all.

Re:According to MS? It IS a work-around for this

"That isn't going to go over well. At all." - by fuzzyfuzzyfungus (1223518) on Tuesday February 24, @04:21PM (#26975215)

I'd be inclined to agree, & don't like it any more than you do, because of the "catch-22" involved here - &, you're right (based on what's on the URL page from MS I posted, as to any "side-effects" of this patch)!

I say that, simply because, @ least in the workplace, where folks use Excel spreadsheets for daily accounting purposes (& other uses too)? It's NOT going to "go over well" @ all- Especially since I am certain those people will probably NEED to access said spreadsheets to some degree (in the timeframe it takes MS to make up a binary patch for Excel)

E.G.-> I tested it myself, & it doesn't allow Excel to work on spreadsheets created in ANY version of Excel .xls sheets I have opened here, thusfar.

LOL, sure - "THAT would keep you safe"(r) vs. this exploit (&, it does, so the sarcasm on my part here isn't exactly unjustified), but it is like busting your nose w/ a sledgehammer, to get rid of a fly landing on it!

----

However:

Apparently, it will have do the job, according to MS, for now...

(OR, @ least until MS releases a patch next "Patch Tuesday" next month (2nd Tuesday of EVERY month)... After all - the alternative of being infested by this malware machination might be a lot worse).

This doesn't affect MYSELF so much, as I am NOT a "big Excel user", as it would others in say, a corporate Office environs where MS Office usage is usually rampant & where folks have to use it.

APK

P.S.=> I am surprised MS hasn't issued an "out-of-band" patch for it yet, because in these types of cases, they usually do & fast... so, based on that, I'd guess that SOMEONE @ MS is hard at work building such an "out of band" patch, hopefully, & we get it issued to us all, before the 3 weeks passes to the next Microsoft "Patch Tuesday" next month (approximately 3 weeks away from today's date roughly)... apk

Re:According to MS? It IS a work-around for this

[StuartHankins]

Special File Exempt directory... hmmm what about the people who have Excel files in potentially hundreds of folders spread across many network servers? Ugh.

But thanks for the workaround anyway, really it's better than nothing for those companies that must run Excel.

OpenOffice keeps looking better and better every time this stuff happens. I haven't launched Office except to accept meeting invitations (and once to convert some Ami pro files) in years.

Re:According to MS? It IS a work-around for this

[Planesdragon]

I say that, simply because, @ least in the workplace, where folks use Excel spreadsheets for daily accounting purposes (& other uses too)? It's NOT going to "go over well" @ all- Especially since I am certain those people will probably NEED to access said spreadsheets to some degree (in the timeframe it takes MS to make up a binary patch for Excel)

*ahem*

1: Excel 2007 has seperate file types for "yes macro XML", "no macro XML", and "old crappy binary" formats. .xlsx, .xlsm, and .xls, respectively. The first, .xlsx, is immune to trojan hacks the same way a .txt file in notepad is immune to them.

2: Excel 2003 has a COMPLETELY FREE UPDATE that lets it write and read .xlsx files.

3: Anyone who isn't using 2007 or 2003 can use OpenOffice, which, again, is highly resistant (immune?) to this bug. And can save to .xlsx.

Anyone using Excel probably needs it--but the few of us who use Excel and need macros, well, we should be smart enough to avoid viruses. Users who aren't can stick to .xlsx, and they'll be all set.

Re:According to MS? It IS a work-around for this

[fuzzyfuzzyfungus]

And what, pray tell, will the people who need to open .xls files sent to them by others, or previously created, do?

Re:According to MS? It IS a work-around for this

[EveLibertine]

And what, pray tell, will the people who need to open .xls files sent to them by others, or previously created, do?

Open Office?

Re:According to MS? It IS a work-around for this

[ion.simon.c]

Did you switch around the extensions for "yes" and "no macro XML" file formats, or is the "no macro" extension really ".xlsm"? If it is, that's kinda confusing.

Re:Any chance DEP stops this? - YES, SLIM.

[anss123]

If it crashes your OS before you load Excel.

Well, there's still UAC if DEP fails to crash the OS :)

Next up: Zero-day Notepad exploit found

[kkrajewski]

Reading plaintext unsafe. News at eleven.

Re:Next up: Zero-day Notepad exploit found

[overlordofmu]

Someone with mod points, please give this some funny street cred! Funny!

Re:Next up: Zero-day Notepad exploit found

[nan0meter]

Rofl, even when you print it? oh dear where's the world going!

Re:Next up: Zero-day Notepad exploit found

And yet, on Vista, apparently it will pop up a UAC warning when you try to view the source of a webpage in Notepad.

Re:Trusted

[TaoPhoenix]

"It's worse than that Jim".

If used with the email worm on your less savvy coworker, it will infect HIM (her, or it) ... and really BE coming from your coworker.

MS Vista becoming more secure?

[wealthychef]

FTFA: "Hackers have increasingly sought to find vulnerabilities in applications as Microsoft has spent much effort into making its Vista OS more secure."

Is this true? Any corroborating info from anyone?

Re:MS Vista becoming more secure?

[justinlee37]

I never have issues with Vista. Of course, I'm also smart & knowledgeable enough not to open suspicious files or file attachments, run Avast! Antivirus, Spybot S&D, and Spybot's add-on program Teatimer (a handy thing that allows you to approve or deny any registry changes that occur at any time, during either installations or accidental visits to malicious websites that do things like change your registry entries to modify your "home page" to direct you to their site).

I also usually have at least 2 computers on hand, so if a virus makes the thing totally FUBAR, I can recover the files by using the non-FUBAR'ed computer to access the other's hard drive, then format the drive and reinstall windows/drivers/etc. from scratch. You KNOW the virus is gone then. This is also a good way to diagnose a computer and see if a malfunction is related to software or hardware.

Needless to say, I don't have problems with any operating system regarding it's security. And with 8gb's of RAM, Vista works great! So does Crysis, incidentally.

I guess it would run Linux too. Never bothered with it honestly. Though those boot-from-disk copies of Ubuntu are pretty rad. Like a petty hacker's wet dream.

Re:MS Vista becoming more secure?

[StikyPad]

Saying you've never had a virus without ever scanning your PCs is like saying you've never had an STD without ever getting tested. In both cases, you can have infections without symptoms, and the infections can be transmitted. Yes, there are false negatives, but that's no excuse to abstain from testing.

Granted, you said "never had a problem," not "never had a virus," but what you really meant was that you've never seen a problem. Considering that most malware these days is designed to run unnoticed rather than to cause harm to the desktop, that's not really surprising. There ARE worms that affect Vista, and for all you know, your servers have rootkits on them. Or not. One thing's for sure: it's irresponsible, borderline incompetent to admin a Windows network without any AV, especially a corporate network (i.e., those that probably store private AND valuable information, as opposed to simply private information that's probably on your desktops at home).

Re:MS Vista becoming more secure?

[commodoresloat]

Just edit the article and add a [citation needed] tag; I'm sure someone will add the evidence.

What? Oh. Nevermind.

Re:MS Vista becoming more secure?

[nulldaemon]

Saying you've never had a virus without ever scanning your PCs is like saying you've never had an STD without ever getting tested.

I'm sure most slashdot users can say this and be 100% correct.

Re:MS Vista becoming more secure?

[awpoopy]

Do a little research. Vista admins are so - well, I wouldn't want my karma to go down.
First: You are an idiot for:
A. Running Vista in a business already. Repeat after me: Service Pack 2 Plus 6 months for anything Microsoft makes.
B. No AV on a windows domain? Are you fucking nuts?
Here's what you could have found had you looked. Vista IS affected. This issue is on all versions of windows and all versions of excel.
Discovered: February 23, 2009
Updated: February 24, 2009 2:05:20 PM
Type: Trojan
Infection Length: 57,306 bytes
Systems Affected: Windows Vista, Windows XP, Windows 2000, Windows NT
Trojan.Mdropper.AC is a Trojan horse that may exploit the Microsoft Excel Unspecified Remote Code Execution Vulnerability (BID 33870). It may also attempt to download files on to the compromised computer.

Re:MS Vista becoming more secure?

[AliasMarlowe]

Saying you've never had a virus without ever scanning your PCs is like saying you've never had an STD without ever getting tested.

I'm sure most slashdot users can say this and be 100% correct.

Depends how you classify their need for thick eyeglasses...

Vista

Anyone see, Vista is not affected by this?

Yes

Look, Vista is not affected by this bug... read that report!

Personally, we have just under 200 machines here and I do not have anti virus on a single one (our gateway does virus scanning on everything first)... I use group policy and set UAC toblock pretty much everything and we have not had a single problem since we deployed vista when it first came out.

People can laugh, People can say what they like, but I am a very happy system admin, and Vista has made my job so much easier.

Re:Vista

[Skater]

Not according to the article: "The program's vulnerability can be exploited if a user opens a maliciously crafted Excel file. Then, a hacker could run unauthorized code. Symantec has detected that the exploit can leave a Trojan horse on the infected system, which it calls "Trojan.Mdropper.AC."

That Trojan, which works on PCs running the Vista and XP operating systems, is capable of downloading other malware to the computer."

The report says: "Systems Affected: Windows Vista, Windows XP"

Re:and you thought that math "error" was a mistake

[Peaceful_Patriot]

Ha! Without a doubt, the very best easter egg ever. I know they are considered bloat nowadays, but I always enjoyed them.

I like this part in TFA

where it says this and there is nothing below it:

Not Vulnerable:

Coincidence?

[chill]

Once, long ago, Excel had a full flight simulator hidden in the code. Then Microsoft created the Flight Simulator team and it was one of their landmark "games".

Fast forward many years. Microsoft closed down Flight Simulator and a few days later there is a "several year old zero-day" exploit in, of all places, Excel.

Coincidence? I THINK NOT! Paybacks are a bitch, aren't they Mr. Ballmer?

Re:Coincidence?

[jonaskoelker]

Once, long ago, Excel had a full flight simulator hidden in the code. Then Microsoft created the Flight Simulator team and it was one of their landmark "games".

Taking a trip in the time machine, this would disprove the assertion that there are no games for the Mac! ;-)

what's the big deal?

[commodoresloat]

We already can't open Office 2007 documents in Office 2003 so this just equalizes things.

Re:what's the big deal?

[EveLibertine]

Maybe I'm missing the humor here, but there is a compatibility pack for opening Office 2007 files in Office 2003.

FileFormatConverters

Funny, but that won't help solve the problem.

[jbn-o]

Some people have jobs which require opening email attachments from unknown people. Secretaries are often the first point of contact for files sent by the general public. The secretary is often charged with opening the attached file(s) to make sure they're conformant in some organizational sense, then placing a copy of the file somewhere appropriate (such as a file server where other people can further vet the files).

I can easily see a situation where people are asked to upload files via a website to be opened by a committee later. Then everyone on the committee could be running on their machine with an administrative account (common for people who just bought a computer, sometimes having an admin account is viewed as a position of power and privilege).

I'm not saying that any of these problems can't be solved. I'm saying that to frame the issue as strange malcontents trying to take advantage of someone isn't addressing the complexity of the issue at hand.

It seems that this is just another area where overly-capable file formats, proprietary software, and programs that attempt to do too much are all coming together in an unpleasant way...again.

With all due respect...

[Benfea]

isn't there malware out there that can make it look like you are receiving an email from someone you know?

If so, this is not just a matter of being smart enough to not open attachments from strangers.

Ion.SIMIAN.c? I did source my information... apk

"Thanks for not sourcing your information." - by ion.simon.c (1183967) on Wednesday February 25, @01:47AM (#26979291)

First of all, in response to your rather obvious sarcasm? See here:

http://it.slashdot.org/comments.pl?sid=1139485&cid=26975021

So - You're welcome: Because, in fact, I did list my source of information (Microsoft, "the horses' mouth", in this case)...

(AND, as anyone can see/verify? My detailed post PREDATES yours by nearly a FULL DAY, so NO EXCUSE EXISTS FOR YOUR BLATANT SKIMMING, period!)

SO, there you go - proof is in the pudding, that I did in fact source what I put out!

(Read a bit more, before shooting your mouth off again so quickly, ion.SIMIAN.c - Because, after all, this isn't the 1st time I've "made a monkey out of you", because of your skimming posts here... &, yes, I remember you (how could I forget "SIMIAN?")).

APK

P.S.=> Now, returned sarcasm aside: IF you take a peek @ that? The ONLY way to make this somewhat "bearable" will be to have that "exempt directory", & moving ALL of their users' EXCEL spreadsheets etc. to said exempted folder/directory (or, using MOICE) - but, @ least there IS a way imo, until MS issues a patch for Excel 2003 &/or 2007...

STILL - I hope that MS does an "out-of-band" patch for it instead of waiting until next "Patch Tuesday" next month, 3++ weeks away... apk

HOW TO CREATE EXEMPTION FOLDER

"Special File Exempt directory... hmmm what about the people who have Excel files in potentially hundreds of folders spread across many network servers? Ugh." -

Agreed, it's a pain somewhat, but... it's fairly EASY to implement once you gather all the files you use in Excel & place them into said folder + keep safe(r), vs. this exploit!

Here is an example of HOW to do it easily enough using regedit.exe (that works & I tested it), w/ this prebuilt template you can use (but, you WILL have to modify the "ExemptDirectory" string value's path to suit YOUR unique setup):

----

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\OICEExemptions]
"ExemptDirectory"="C:\\Documents and Settings\\APK\\My Documents"

----

Copy & paste THAT to notepad.exe (what's between the dashed lines above),save it to disk, & THEN?

Open it in regedit.exe, to merge it...

E.G.-> My having done so here, yesterday?

Well - I'm once again able to open Excel sheets I created back in 1997 even... as well as current Office 2003 ones I use occasionally here (not a BIG Excel user usually anymore, though, on MY part).

IMPORTANT NOTE: Do please note, that I am using a LOCAL disk pathway, & that IF you have to use a UNC network path? I am NOT sure it will work here (that YOU have to test if you do this)...

HOWEVER - Simply keeping the SERVER service PATCHED (vs. other recently + past executed & exploiting machinations out there today that take advantage of holes in it, such as the recent server service RPC/Port 445 vulnerability) & active here, you can simply map network drives to use & assign them a driveletter & voila - SHOULD work, just as mine does here on LOCAL disks, just fine (for those that will have to use UNC paths OR mapped network drives as letters).

APK

P.S.=> OH, also? The Folder you edit into "ExemptDirectory" may be diff. than mine, but, it HAS to exist first, before you apply & try this...

(Common-sense, yes I know, but worth noting just in case)... apk

Re:Ion.SIMIAN.c? I did source my information... ap

[ion.simon.c]

... I did list my source of information

Lemmy quote your initial post:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Excel\Security\FileOpenBlock]
"BinaryFiles"=dword:00000001

APK

I'm done here. You can have the last word.

Lot of work

[blahbooboo]

More and more the amount of work to run Windows is becoming less and less appealing.

OSx86, OS X, and Linux are getting very tempting

Re:Lot of work

[justinlee37]

I don't find it to be that much work. I don't have to reinstall my OS more than once a year, and my anti-virus software passively prevents most infections.

Isn't this an issue with all operating systems? Keeping security software running, browsing the internet safely, and knowing how to recover a computer that is totally lost to a malware infection?

I can't imagine Linux being that much more or less work (besides the installation, which is assuredly more complicated).

Procrastination FTW

[jemminger]

I'm safe - I'm still on Office 97

Re:Ion.SIMIAN.c? I did source my information... ap

"I'm done here" - by ion.simon.c (1183967) on Wednesday February 25, @12:16PM (#26983505)

Damn right you are &, what proves it is you SKIMMED OVER where I did post a source in MS themselves no less & it predates where you stated I did not:

http://it.slashdot.org/comments.pl?sid=1139485&cid=26982097

THAT POST FROM ABOVE'S DATE-TIME STAMP? That IS the PROOF, from the URL above (WHERE I DO EXPLAIN THE DETAILS & SOURCES I USED, where you clearly stated I did not use a source)?

Well, once more?

It EASILY PREDATES YOUR SARCASTIC ATTACK OF MYSELF IN YOUR POST where you stated I did NOT post a source, &, BY A FULL DAY PRIOR TO YOUR PUNY ATTACK, IN THE URL ABOVE!

Do yourself a favor next time, & read ALL of the posts in an exchange, prior to firing your mouth off due to skimming over where I did indeed post a VALID source, in this very exchange...

So much for your usual sarcastic contributing nothing CRAP... vs., my post also being "modded up" +5 points, as informative (from this very exchange & topic, no less)...

APK

Slashdotters do NOT = avg. users, usually... apk

"The average end-user doesn't want to have to open registry editors and manually modify esoteric values in obscure text configuration files" - by meringuoid (568297) on Wednesday February 25, @09:24AM (#26981379)

YOUR "NITPICK" also goes for *NIX variants (& editing their config files in say, etc , usr/home, OR other folders/directories - subfolders/subdirectories) like Linux, Solaris, BSD variants like MacOS X & FreeBSD etc. et al... period.

Not all files are provided GUI front to their settings by native OS features &/or tools... especially GUI ones 'wizardy' 1 point click ones, in ALL cases, in ANY OS. Sometimes, you actually have to even use a std. text editor or tools like regedit.exe to get things done is all.

APK

P.S.=> ALSO DO NOTE - I made it the EASIEST I possibly could (& later even moreso), by explaining the details of HOW to save these into a .reg file, & using regedit.exe to "MERGE" them, as I did here for the REST of this fix:

http://it.slashdot.org/comments.pl?sid=1139485&cid=26983333

This being /., I'd figured YOU "/. techno jocks" was who I was addressing (& most of you imo? You're mostly NOT just 'wannabes' in this art & science is all) would appreciate that & understand HOW this is done is all... because I don't consider MOST of you 'noobz', I posted what I felt you could all EASILY digest, & use... apk

Re:Slashdotters do NOT = avg. users, usually... ap

[meringuoid]

YOUR "NITPICK" also goes for *NIX variants (& editing their config files in say, etc , usr/home, OR other folders/directories - subfolders/subdirectories) like Linux, Solaris, BSD variants like MacOS X & FreeBSD etc. et al... period.

Yes. I thought that was obvious; certainly it was the entire point of my post. Perhaps I overestimated my audience... The idea was that every time anybody posts any kind of howto for modifying a Linux system which involves the issuing of terminal commands or editing values in /etc/somethingorother, some troll posts something along those lines explaining that such command-line shenanigans mean that Linux is not ready for the desktop, that it is necessary to design a system such that 'Grandma', whoever she may be, can set it up with a single click and needs never concern herself with such esoterica, and implies that some other system such as Windows meets these criteria. Hence I thought it amusing to echo those familiar posts now that it seems it is necessary to do the very same in Windows that we commonly do in Unix-like systems.

It seems I aimed too high. Irony's maybe a bit much for some people, I can see that, OK. Not to worry, I can dumb it down if you like. Knock Knock jokes, maybe?

Re:Slashdotters do NOT = avg. users, usually... ap

"Perhaps I overestimated my audience.. Not to worry, I can dumb it down if you like." -

Well, ok... more sarcasm being directed my way: FINE!

Let's use some facts then, so you know you are not 'overestimating' your audience here, in myself!

Now, I get the feeling you're trying to "get my goat" here with this line of double-talk b.s. & trying to say "you were just being sarcastic".

Well - To that, I can only say this ->

The day your work has appeared in this many publications (respected ones in this field too in many a case here) over the last 13++ yrs now in this field:

----

Windows NT Magazine (now Windows IT Pro) April 1997 "BACK OFFICE PERFORMANCE" issue

http://journals2.iranscience.net:800/www.win2000mag.com/www.win2000mag.com/Windows/Article/ArticleID/37/37.html

(&, for work done for EEC Systems/SuperSpeed.com on PAID CONTRACT (writing portions of their SuperCache program increasing its performance by up to 40% via my work) albeit, for their SuperDisk & HOW TO APPLY IT, took them to a finalist position @ MS Tech Ed, two years in a row).

WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)

PC-WELT FEB 1998 - page 84, again, my work is featured there

PC-WELT FEB 1999 - page 83, again, my work is featured there

CHIP Magazine 7/99 - page 100, my work is there

WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there

GERMAN PC BOOK, Data Becker publisher "PC Aufrusten und Repairen" my work is contained in it

HOT SHAREWARE Numero 46 issue, pg. 54 (PC ware mag from Spain), my work is there, first one featured, yet again!

----

Well, that'd be the day you can try to "lord it over me", like you are "my superior" in this art & science... deal?

APK

Re:Slashdotters do NOT = avg. users, usually... ap

[meringuoid]

Impressive list. So what have you been up to in the last ten years?

Enjoying life last 5++ yrs. now, finally is what

"Impressive list." - by meringuoid (568297) on Wednesday February 25, @08:46PM (#26991655)

WELL...

As "far as my list being impressive" as you said (&, that's only a PARTIAL list, there are others later from 2002-2004, some British PC mags iirc)?

I figure, that it is PRETTY "OK" - but, no more than that (however, NO less, as well!)

(Just more than MOST folks I encounter online who try to give me guff is all, & thus, I employ it that way, when necessary!)

Sure, & there are guys here (like one of your HIGHLY esteemed members in John Carmack for example) that BLOW MY DOORS OFF, as far as accomplishments & know-how in this field... &, he does, bigtime.

I can concede that... freely!

(As Mr. C. is someone I admire for his talents & works, of course, but MORE for things he has come up with in a UNIQUE way, such as "Carmack's Reverse", because to me, that is demonstrative of being able to THINK, more than anything!)

----

"So what have you been up to in the last ten years?" - by meringuoid (568297) on Wednesday February 25, @08:46PM (#26991655)

Making a couple more publications in shareware around 2002-2003 (some British PC mag I saw with my work in it @ BORDERS books), & then, I pretty much "dropped out" of that scene (shareware/freeware), once my apps were finalized + "bulletproof & bugfree" circa 2003 & afterwards?

Enjoying life, a LOT more! Some of those apps in that PARTIAL list I gave you paid off very well, w/ 2 becoming parts of commercially sold wares.

I say that, because I feel that shareware/freeware development's really the province of younger folks, with more time, energy, AND more to prove really.

(1 thing folks don't realize is, yes, shareware/freeware apps generally are like 10,000 (or less) lines of handwritten code in length via RAD tools @ least... & sure, MIS/IS/IT apps (especially 'enterprise class' ones, of which I have 25 to my credit @ this point after 16++ yrs. or so as a pro in this field)?

THOSE weigh in @ the MILLIONS of lines of code mark many times & many "moving parts" external to the .exe's codebase (such as stored procedures, DB side, for example).

HOWEVER - shareware/freeware has a FAR larger userbase, with a FAR larger mix of permutations of possible software + HARDWARE mixes to contend with, where in "KORPORATE AMERIKA", you USUALLY have a UNIFORM hardware + software mix, established by CIO & crew (which DOES create "less b.s." to deal with vs. shareware/freeware & its nearly UNLIMITED mixture of the permutations of both, thereof).

SO - in any event? I've just generally been working in this field, as per usual the last 16++ yrs. now as a pro in it, &, apparently?

One HELL of a LOT more than yourself in this field that was recognized by the trade rags that report on this field!

APK

P.S.=> So - how do YOU like MY closing bit of "sarcasm & irony" as YOU called it, albeit, directed YOUR way now, in return?

(It's not very nice is it??)

Sorry to use a dirty little trick like "reverse psychology" on you, but, it appears it made you cut off some of your sarcasm @ this point, hopefully... you don't need to waste time on that, nor do I! apk

Microsoft Windows is secure

[SL+Baur]

I also usually have at least 2 computers on hand, so if a virus makes the thing totally FUBAR, I can recover the files by using the non-FUBAR'ed computer to access the other's hard drive, then format the drive and reinstall windows/drivers/etc. from scratch.

Think about what you just wrote. /golfclap

Personally, I think friends should not let friends do Microsoft Windows. But that's just me.

Re:Microsoft Windows is secure

[justinlee37]

Well, I basically described how you can recover from any virus on any computer, regardless of your OS. The computer used to repair the infected one does not have to be very expensive, either; $40 at Goodwill ought to get you such a tower if you don't have these sort of things lying around from past upgrades. It can also run on a different OS than the computer you're recovering; you could recover your Windows box with a free install of Ubuntu.

That's a much better deal, financially, than hauling the thing to a mom-and-pop PC repair shop and getting them to install the stuff for you. If everyone had that kind of DIY ethic those places would go out of business -- but we'd all be a little richer for it.

I do agree that this is a digression, since we were discussing the security of Windows specifically and I've bypassed that issue entirely, but it is an accurate testimonial regarding why Windows' security is generally irrelevant and why it's never been a problem for me. There's just so much good, free, antivirus

Re:Microsoft Windows is secure

[justinlee37]

... software made by third parties out there that the sporadic vulnerabilities in Windows/Internet Explorer/etc. have never been an issue for me.

You can keep working, here is how... apk

http://www.microsoft.com/technet/security/advisory/968272.mspx

Create the "BinaryFiles" entry, using this template (copy the contents of what's between these dashed lines into notepad.exe, save it to disk w/ a .reg extension, to open it in regedit.exe later for "merging")

----

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Excel\Security\FileOpenBlock]
"BinaryFiles"=dword:00000001

----

This will stop EXCEL from working though, so you need to do just a wee bit more, like so (creating an exempt folder, from w/in which you CAN run .xls files again):

-----

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Common\OICEExemptions]
"ExemptDirectory"="C:\\Documents and Settings\\APK\\My Documents"

----

Again - Copy & paste THAT to notepad.exe (what's between the dashed lines above),save it to disk, & THEN?

Open it in regedit.exe, to merge it...

E.G.-> My having done so here, yesterday?

Well - I'm once again able to open Excel sheets I created back in 1997 even... as well as current Office 2003 ones I use occasionally here (not a BIG Excel user usually anymore, though, on MY part).

IMPORTANT NOTE: Do please note, that I am using a LOCAL disk pathway, & that IF you have to use a UNC network path? I am NOT sure it will work here (that YOU have to test if you do this)...

HOWEVER - Simply keeping the SERVER service PATCHED (vs. other recently + past executed & exploiting machinations out there today that take advantage of holes in it, such as the recent server service RPC/Port 445 vulnerability) & active, you can simply map network drives to use & assign them a driveletter & voila - SHOULD work, just as mine does here on LOCAL disks, just fine (for those that will have to use UNC paths OR mapped network drives as letters).

APK

P.S.=> OH, also? The Folder you edit into "ExemptDirectory" may be diff. than mine, but, it HAS to exist first, before you apply & try this...

(Common-sense, yes I know, but worth noting just in case)... apk