M$ vulnerability question

Craig White plug-discuss@lists.plug.phoenix.az.us
13 Mar 2002 15:57:51 -0700


On Wed, 2002-03-13 at 15:25, John (EBo) David wrote:
> 
> I'm not trying to start another flame war, so please do not start...
> 
> I was seriously wondering if everyone else is getting the following
> message including the attachment.  I've got 4 seperate copies in my
> inbox, and got to thinking that I wonder if the attachment might
> actually be a virus.  It would be trivial for someone to attach a virus
> and spoof the header and use that to ship/install a trojan/worm/virus.
> 
> As I NEVER run any attachments except those from REALLY trusted
> individuals, I thought I would ask what you all know of this one.  Do
> you really think this is lagit?
> 
>   EBo --
> 
> > Microsoft Customer,
> > 
> >      this is the latest version of security update, the 
> > known security vulnerabilities affecting Internet Explorer and 
> > MS Outlook/Express as well as six new vulnerabilities, and is 
> > discussed in Microsoft Security Bulletin MS02-005. Install now to 
> > protect your computer from these vulnerabilities, the most serious of which 
> > could allow an attacker to run code on your computer.
> > 
-----
It's not a question of whether you would cause the executable to run by
double clicking - it's a question of just merely 'previewing' the email
would cause it to run. Microsoft built 'auto executing' (VBA) into all
of their programs and that includes Outlook & Outlook Express which
makes them especially vulnerable to email borne executables. Thus you
don't have to be dumb enough to double click the file called Anna
Kournikova.jpg.exe to infect your computer - just touching the email and
clicking delete is enough to infect.

This is indeed a security bulletin where the fix has been available for
over a month and thus legit.

It should be noted that it's not just emails but there is some malicious
code embedded on web pages that can get you too...I believe that
everyone is supposed to be at Mozilla .97 or higher (a keen eye towards
Hans' earlier post).

Craig

PS - it's the people you know and trust who are the most likely to send
you an email borne virus - the first thing these MS targeted virus'
attack is the addressbook.