Posted on 10/01/2005 6:49:31 AM PDT by Panerai
A new Trojan horse exploits an unpatched flaw in Microsoft Office and could let an attacker commandeer vulnerable computers, security experts have warned.
The malicious code takes advantage of a flaw in Microsoft's Jet Database Engine, a lightweight database used in the company's Office productivity software. The security hole was reported to Microsoft in April, but the company has yet to provide a fix for the problem.
"Microsoft is aware that a Trojan recently released into the wild may be exploiting a publicly reported vulnerability in Microsoft Office," a company representative said in a statement sent via e-mail on Friday. The software maker is investigating the issue and will take "appropriate action," the representative said.
The Trojan horse arrives in the guise of a Microsoft Access file, security software maker Symantec said in an advisory. When run on a vulnerable system, it would give a remote attacker full access to a compromised computer, Symantec said. The company calls the pest "Backdoor.Hesive" and notes that it is not widespread.
Although exploits had already been released in April when HexView publicly reported the flaw, the Trojan is believed to be the first actual threat to take advantage of the security hole. Security monitoring firm Secunia rates the issue "highly critical," one notch below its most serious rating.
(Excerpt) Read more at beta.news.com.com ...
It's GE's fault.
We should develop a means to track the generation of viruses, and then cut the balls of the people who write them.
Sure, Microsoft makes their job easier, but the hackers have the malicious intent...
I thought Trogans were raincoats for Democrats.
Problem there is if it could be traced back you will probably find the source is the Chinese government.
It's bad enough we got all these hackers, but now the EU wants us to share control of the Internet? Some asswipes want us to let the U.N control the Internet?
BWA HA HA HA HA HA
They must be joking. There would be even more risk than ever, especially for the U.S., civilians and military and businesses. We have so many enemies that could wreak havoc on our whole infrastructure and ruin us.
It's Bush's fault! Might as well blame him.
Protect yourself, buy a Mac!
--- Protect yourself, buy a Mac! ----
You are joking right?
Intel processors are no more susceptible to computer viruses than Motorola.
One could argue that Microsoft is more vulnerable, but that is only because it has a ton more users, and thus, potential victims.
The problem is not the processor or op-sys, its the evil hackers. They should be shot.
I don't use MS Access, and I doubt whether many non-corporate users do. So I shouldn't think this would be a problem for most people, would it?
Paging MS hack Golden Eagle to explain this one.
The old "more users thus more attacks" canard is easily demonstrated to be false, since the Apache web server (which runs on Unix systems) has much more market share and runs on many more machines; yet MSFT's IIS web server is far and away compromised more often.
It is an architectual problem - XP and Office are not well designed, while Unix and Mac OSX are. The better design makes it easier to verify where security holes might be, and then fix them.
Looks like some hackers named "Hexview" released a hack to the public instead of giving it to the vendor privately so they could patch it prior to working exploits being available. Hopefully a patch will be coming out soon, since it was first reported about 6 months ago, but the way it was disclosed was highly irresponsible.
After 6 months, you would think a patch could have been made by a mega-billion dollar company.
Would have been nice, but the hackers are obviously who put you at risk. Both by announcing the vulnerability publicly rather than privately and then by releasing an exploit which takes advantage of it.
It's obviously the fault of the hackers AND Microsoft.
And smith and wesson is responsible every time someone robs a store with one too, huh.
Better analogy: a shabby lock permits a burglary. Both the lockmaker and the burglar are blameworthy.
Not gonna argue with ya.. wouldn't be prudent!
I agree that MS has a bad habit of designing code with time to market being their prime objective.
This makes things more susceptible.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.