Re: Microsoft Security Bulletin (MS99-014)

[rotaiv () USA NET (rotaiv)]

-----BEGIN PGP SIGNED MESSAGE-----

This is in response to the Microsoft Security Bulletin (MS99-014).

On 3/29/99 I posted a message to BugTraq titled, "Bypassing Excel
Macro Virus Protection".  The message explained two ways to bypass the
"Macro Virus Protection" option in Excel 97.  One is to password
protect an infected spreadsheet (Q176640) and the second is to copy an
infected spreadsheet into the XLSTART directory (Q180614).  Both
methods will open an infected spreadsheet without the macro warning
appearing.

I would love to think Microsoft Security Bulletin (MS99-014) was in
response to my email but I'll be humble and chalk it up to
coincidence.  I downloaded the patch to see if addressed the two
scenarios I described above.  I found that you will now receive the
macro warning on a password protected file but not on a file copied to
the XLSTART directory.  Also, you can still enable or disable the
macro virus protected with a simple reg hack.  I guess that is not so
important because if you can perform a reg hack, you can do a lot more
than execute an Excel macro.

I am not sure what really prompted Microsoft to release a patch for
Excel but I find it surprising that they did not address the XLSTART
option either.  They should at least give us the option of deciding if
this directory is trusted, thereby by-passing the macro virus warning.

'nuff said.

rotaiv -£-

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.0.2

iQEVAwUBNzsxdQuGSvRTfa2rAQHe+Af+NXzCRMZ6ALIsiezLQ5XhOuBgmRZALeoO
k2LMkGfVea8jO7olA/wtwnrS2E0eCUVSMW23ZSxkd8Q9hbYBxbc8GvPOzOTGL4EP
tmZkyvxcB2QyyDmJjIQuJQKcGCggr0ahPNr9pvv9DsBHJeRifcS6niXZrm5uQJb7
qhY4QJzAWQ9cXEiqoNuTofgR1eg276MUSuh2Om29FIjkfcMocdGghrkQLBGvN9MB
Hlm9Z7D0I3/zT88c+A6IeyZHbe9/6PaAODgn3QuhKla8PbetyGj/Qbclua5kNR/X
tVoLWIIrcA2ZKsgQn1SLtcKTqDV5KPTGrz3yB1ZH9BJ37qmXLOegfw==
=qJ15
-----END PGP SIGNATURE-----