Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Trojan rides in on unpatched Office flaw
Cnet News ^ | 09/30/2005 | Joris Evers

Posted on 10/01/2005 6:49:31 AM PDT by Panerai

A new Trojan horse exploits an unpatched flaw in Microsoft Office and could let an attacker commandeer vulnerable computers, security experts have warned.

The malicious code takes advantage of a flaw in Microsoft's Jet Database Engine, a lightweight database used in the company's Office productivity software. The security hole was reported to Microsoft in April, but the company has yet to provide a fix for the problem.

"Microsoft is aware that a Trojan recently released into the wild may be exploiting a publicly reported vulnerability in Microsoft Office," a company representative said in a statement sent via e-mail on Friday. The software maker is investigating the issue and will take "appropriate action," the representative said.

The Trojan horse arrives in the guise of a Microsoft Access file, security software maker Symantec said in an advisory. When run on a vulnerable system, it would give a remote attacker full access to a compromised computer, Symantec said. The company calls the pest "Backdoor.Hesive" and notes that it is not widespread.

Although exploits had already been released in April when HexView publicly reported the flaw, the Trojan is believed to be the first actual threat to take advantage of the security hole. Security monitoring firm Secunia rates the issue "highly critical," one notch below its most serious rating.

(Excerpt) Read more at beta.news.com.com ...


TOPICS: Technical
KEYWORDS: microsoft; ms; office; wasteoftime
Navigation: use the links below to view more comments.
first previous 1-2021-4041-42 next last
To: Petronski

Any lock can be picked, just like all software has holes. In fact, there are more holes in Unix/Linux products reported every single week.

http://www.us-cert.gov/cas/bulletins/SB05-271.html





21 posted on 10/01/2005 6:43:41 PM PDT by Golden Eagle
[ Post Reply | Private Reply | To 18 | View Replies]

To: Golden Eagle

I'm not going to bicker semantics with you because it's pointless.

Any lock can be picked, but a defective lock is easier to break than one that works as designed. I didn't mention Linux and I don't use it.


22 posted on 10/01/2005 6:50:26 PM PDT by Petronski (I love Cyborg!)
[ Post Reply | Private Reply | To 21 | View Replies]

To: Petronski
Any lock can be picked, but a defective lock is easier to break than one that works as designed.

Well according to that link from US-Cert, Unix/Linux products are about 10x more defective.

23 posted on 10/01/2005 7:47:18 PM PDT by Golden Eagle
[ Post Reply | Private Reply | To 22 | View Replies]

To: Golden Eagle
Well according to that link from US-Cert, Unix/Linux products are about 10x more defective.

Yawn. Irrelevant to my point.

Microsoft AND the hackers are to blame for any damage resulting from this flaw.

24 posted on 10/01/2005 7:52:32 PM PDT by Petronski (I love Cyborg!)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Petronski
I don't think lock companies are typically liable when they're picked by professional thieves. Trying to insist you'd just as quickly condemn the platforms with 10x as many holes is laughable too. Just what have you supposedly added to this discussion that had any actual merit?
25 posted on 10/01/2005 7:59:57 PM PDT by Golden Eagle
[ Post Reply | Private Reply | To 24 | View Replies]

To: Golden Eagle
Just what have you supposedly added to this discussion that had any actual merit?

If a professional thief can open a defective lock, you can be damn sure the maker of the defective lock will be liable.

Trying to insist you'd just as quickly condemn the platforms with 10x as many holes is laughable too.

Never did it.

26 posted on 10/01/2005 8:02:28 PM PDT by Petronski (I love Cyborg!)
[ Post Reply | Private Reply | To 25 | View Replies]

To: Petronski
you can be damn sure the maker of the defective lock will be liable."

Sure not taking your word on it. Proof? Precidence?

Never did it.

I know, everyone else always gets a pass with you guys, no matter how much more "defective" their software is.

27 posted on 10/01/2005 8:06:40 PM PDT by Golden Eagle
[ Post Reply | Private Reply | To 26 | View Replies]

To: Golden Eagle
Yea its not like they have had five months between then and now to fix it right?

reported to Microsoft in April, but the company has yet to provide a fix for the problem.

Oh wait its exactly like that..

28 posted on 10/01/2005 8:08:15 PM PDT by N3WBI3 (If SCO wants to go fishing they should buy a permit and find a lake like the rest of us..)
[ Post Reply | Private Reply | To 13 | View Replies]

To: Golden Eagle
It's a narrow fact set, and I don't have precedents. Of course, I don't care whether you believe it or not, and I don't believe I could bring you to understand the principles involved.

I know, everyone else always gets a pass with you guys, no matter how much more "defective" their software is.

"you guys?" Just the one of me here, a Windows user. Sorry to deprive you of the only thing you have to say.

29 posted on 10/01/2005 8:10:18 PM PDT by Petronski (I love Cyborg!)
[ Post Reply | Private Reply | To 27 | View Replies]

To: Golden Eagle
Looks like some hackers named "Hexview" released a hack to the public instead of giving it to the vendor privately so they could patch it prior to working exploits being available.

Does the security of Microsoft products REALLY rely on the charity of hackers to privately report the defects they find in Microsoft software?

Good Lord, it's worse than I thought. I'm glad I don't use the affected product.

30 posted on 10/01/2005 8:12:34 PM PDT by Petronski (I love Cyborg!)
[ Post Reply | Private Reply | To 13 | View Replies]

To: Petronski

Experts estimate the damage of viruses to be in the billions of dollars.

http://news.com.com/2100-1001_3-240112.html?part=msnbc-cnet

Why wasn't Microsoft responsible to pay for any of it? Not even a single penny? Could it be that most rational people rightfully blame the hackers for these attacks? I'd say yes, obviously.


31 posted on 10/01/2005 8:19:19 PM PDT by Golden Eagle
[ Post Reply | Private Reply | To 29 | View Replies]

To: Petronski

The whole, some hacker did not tell MS first argument might hold weight if this hole was not revealed nearly 6 months ago! Six months to fix a pretty serious bug, should be long enough..


32 posted on 10/01/2005 8:20:58 PM PDT by N3WBI3 (If SCO wants to go fishing they should buy a permit and find a lake like the rest of us..)
[ Post Reply | Private Reply | To 30 | View Replies]

To: N3WBI3

The hackers should have privately submitted it, so that users weren't exposed. You'd obviously rather lob rotten tomatoes at one of the victims - in this case Microsoft - instead.


33 posted on 10/01/2005 8:21:04 PM PDT by Golden Eagle
[ Post Reply | Private Reply | To 28 | View Replies]

To: Golden Eagle
. . . one of the victims - in this case Microsoft . . .

LOL

34 posted on 10/01/2005 8:27:08 PM PDT by Petronski (I love Cyborg!)
[ Post Reply | Private Reply | To 33 | View Replies]

To: Petronski

They are a victim, which is why they've never been held liable for any of these damages, your whines about it notwithstanding.


35 posted on 10/01/2005 8:37:13 PM PDT by Golden Eagle
[ Post Reply | Private Reply | To 34 | View Replies]

To: Golden Eagle
They are a victim...

The wahhhhhhmbulance will be by shortly.

36 posted on 10/01/2005 8:38:31 PM PDT by Petronski (I love Cyborg!)
[ Post Reply | Private Reply | To 35 | View Replies]

To: Petronski

You're the whiner, not me. I'm just pointing out the facts, which are, MS isn't liable, and neither are lock companies which was your supposed analogy. The crooks are, which for some reason you seem very interested in protecting.


37 posted on 10/01/2005 8:45:11 PM PDT by Golden Eagle
[ Post Reply | Private Reply | To 36 | View Replies]

To: Golden Eagle

Things must be getting rough in Redmond. You Microsoft lackeys are doing less strutting these days and more whining.

Too bad so sad.


38 posted on 10/01/2005 8:46:21 PM PDT by Petronski (I love Cyborg!)
[ Post Reply | Private Reply | To 37 | View Replies]

To: Petronski

Pointing out what's right and what's wrong isn't whining. Whining is what you do when it's demonstrated, which is all you've done.


39 posted on 10/01/2005 9:08:28 PM PDT by Golden Eagle
[ Post Reply | Private Reply | To 38 | View Replies]

To: Golden Eagle

LOL


40 posted on 10/01/2005 9:09:44 PM PDT by Petronski (I love Cyborg!)
[ Post Reply | Private Reply | To 39 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-42 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson