RE: FW: Microsoft Security Update

["Ferris, Robin" <R.Ferris () napier ac uk>]

V

its too easy block macro viruses now though, what with mail gateways and
heuristic scanning etc etc you need to find a way of automating the attack,
keeping the human double click element to a minimum. What I should have
probably done was "propagate anything effectively on a large scale" so some
kiddies and gunna work out how to exploit the macro ones but I havent seen
one of them for ages that was any good.

The little kiddies arent the problem, the problem for admins is the person
ro group that code things like slammer, sobig etc with about 5 to 6 days to
go before the potential release of the nxt sobig Im looking to see what
people think of this specific problem and to see if people think its gunna
be exploited, and I mean exploited big.

but I get your point though on the macro's issue

RF

-----Original Message-----
From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu]
Sent: 04 September 2003 17:56
To: Ferris, Robin
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] FW: Microsoft Security Update 


On Thu, 04 Sep 2003 09:55:22 BST, "Ferris, Robin" <R.Ferris () napier ac uk>
said:
> There appears to be only one that will get the coderz and the admins
> slightly worried and that is the:
>
> Title:        Flaw in Visual Basic for Applications Could Allow 
>               Arbitrary Code Execution (822715)
>
> its the only one that could be imho used to propagate anything. 

Umm.. Robin?  How long you been at this?

Word macro viruses used to be all the rage.  They were even so bad a problem
that the Microsoft of many years ago finally admitted there needed to be a
way
to turn off macros....

"Ah'll be bach...." - Ahnold Schwartzemacro....

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html