SUMware
Premium
join:2002-05-21
edit:
March 22nd, @03:52PM
| reply to daveinpoway
Re: Microsoft warns of new attack on Word
Thanks for the heads-up.
From »www.pcworld.com/article/id,14374···l_d:xnws
"At this time, we are aware only of targeted attacks that attempt to use this vulnerability," the company [Microsoft] said. "Current attacks require customers to take multiple steps in order to be successful; we believe the risk to be limited."
Following its usual policy, Microsoft didn't say when -- or if -- it planned to patch the bug. But in a statement sent to the press, the company did not rule out the possibility of an emergency patch, released ahead of its next set of security updates, which are expected on April 8.
Users of many versions of Word, including Word 2007, 2003, 2002 and 2000 are at risk, unless they are running Windows Vista or Windows Server 2003, Service Pack 2. Those two operating systems include a newer version of the Jet Database Engine that does not have the bug, Microsoft said.
For the technically savvy: this means that PCs with a version of the Msjet40.dll that is lower than 4.0.9505.0 are vulnerable.
[Above pic from »support.microsoft.com/kb/239114 ] |
|
jeno
@bellsouth.net
| Microsoft Jet DataBase Engine MDB File Parsing Remote Buffer Overflow Vulnerability
To exploit this issue, an attacker must entice a user into opening a malicious file.
*Workarounds
Microsoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.
Restrict the Microsoft Jet Database Engine from running.
To implement the workaround, enter the following command at a command prompt:
echo y| cacls "%SystemRoot%\system32\msjet40.dll" /E /P everyone:N
*To undo the workaround, enter the following command at a command prompt:
echo y| cacls "%SystemRoot%\system32\msjet40.dll" /E /R everyone
Impact of Workaround: Any application requiring the use of the Microsoft Jet Database Engine to make data access calls will not function.
Microsoft Security Advisory (950627)
Vulnerability in Microsoft Jet Database Engine (Jet) Could Allow Remote Code Execution
Published: March 21, 2008:
»www.microsoft.com/technet/securi···627.mspx
The following exploit caused my SAVCE(updated today) to quarantine "Trogen.Horse"...
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product.
The following exploit is available. Symantec has not verified this exploit.
* /data/vulnerabilities/exploits/26468.mdb
»www.securityfocus.com/bid/26468/exploit |
|
jeno
@bellsouth.net | Correction:
The following exploit caused my SAVCE(updated today) to quarantine"Trojan Horse" |
|
SilverSurfer
join:2007-08-19 | reply to SUMware
That's why I use OO "Writer." None of this kind of BS. |
|
caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
Spokane, WA
 ·WebBand
edit:
March 31st, @09:00PM
| I agree with you and jouno53  , but when I bought this used machine I did remove Office from this computer.
Yet those MSJet files are still there. Why? I have no idea.
Is something still needing them? If so, then why like most any Installer since 1998, did it not ask if I wanted them still as they may be in use?
Apparently, since it was used at 2am yesterday.
I was asleep so what app used it? WinDefender? MSupdate?
I have yet to find any way of removing Jet on it's own except just deleting the files, which obviously is a bad plan. Manual removal you say? Nope..check this: »support.microsoft.com/kb/q124902/
The computer came with no disks, no restore partition, nada. So, how?
More to my point, since I'd removed Office, naturally MS won't see fit to offer an update for the leftovers.
I don't see a real risk to me, as I don't even use a mail client on the PC, nor am I click-happy. Fact is, exe/doc/xls/etc. are blocked by my mailserver unless you Zip them.
BUT, I resent having this trail of acknowledged insecure crap left on this otherwise perfectly functional computer. You'd think the almighty Microsoft could create a un-installer that worked.
Since the workaround does nothing here, according to MS, I should just let it be...or upgrade to Vista. Ha!
With a P3-1Ghz/512Mb RAM Optiplex GX-150, that'd work really swell.
I swear, if I didn't need a windows PC for some things, I'd DBAN the ****** and install anything else.
Bleh. 
-CaFF
--
My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages |
|
SilverSurfer
join:2007-08-19
| said by caffeinator :Yet those MSJet files are still there. Why? I have no idea. you might want to get a processor identifier like the free kind from winternal or whatever it's name is, I can't recall at the moment. it may help you ID whatever MSJ is doing.
the only other thing I can see the MSJ file coming into play for is if you attempt to download from MS any kind of template. I did that the other day because I couldn't find any decent 28 line pleading paper templates for OO. MS had one, but it first had to check my system before it would even think about letting me look at it. When it couldn't find Word, it brought me to a manual download screen for the template and then I just modified it to writer. Works great now.  |
|
