Microsoft has released yet another security alert, but this one includes a warning about some of the companyis Mac offerings. There is apparently a new exploit that can take advantage of the "Macro" capabilities in Microsoftis Office products. Macro viruses are often transmittable across both the Mac and Windows platforms, but Microsoft indicates that this latest exploit can actually harm a Mac useris system as opposed to a hapless Mac user simply being a carrier.
Macros are effectively mini-programs that can be executed from within an Office application (Word, Excel, PowerPoint). Macros have the power to take any action which a user could normally take, including actions that can effect oneis Mac outside of the application that is running the Macro. To translate that, an evil Macro maker could write a Macro that deletes files, wipes your hard drive, reads your address book and e-mails itself to everyone in it, etc. This first became a problem years ago, and Microsoft instituted a security system for Macros that makes it harder for them to be executed. The new exploit makes it possible for the bad guys to bypass that security. From Microsoftis security alert:
Who should read this bulletin: Customers using Microsoft¨ Excel or PowerPoint for Windows¨ or Macintosh¨
Impact of vulnerability: Run code of attackeris choice.
Recommendation: Customers using affected versions of Excel and/or PowerPoint should apply the patch immediately.
Affected Software:
- Microsoft Excel 2000 for Windows
- Microsoft Excel 2002 for Windows
- Microsoft Excel 98 for Macintosh
- Microsoft Excel 2001 for Macintosh
- Microsoft PowerPoint 2000 for Windows
- Microsoft PowerPoint 2002 for Windows
- Microsoft PowerPoint 98 for Macintosh
- Microsoft PowerPoint 2001 for Macintosh
Technical details
Technical description:Excel and PowerPoint have a macro security framework that controls the execution of macros and prevents macros from running automatically. Under this framework, any time a user opens a document the document is scanned for the presence of macros. If a document contains macros, the user is notified and asked if he wants to run the macros or the macros are disabled entirely, depending on the security setting. A flaw exists in the way macros are detected that can allow a malicious user to bypass macro checking.
A malicious attacker could attempt to exploit this vulnerability by crafting a specially formed Excel or PowerPoint document with macro code that would run automatically when the user opened it. The attacker could carry out this attack by hosting the malicious file on a web site, a file share, or by sending it through e-mail.
Mitigating factors:
- The macro code could not execute without the useris first opening the document.
Vulnerability identifier: CAN-2001-0718
Tested Versions:
Microsoft tested the following products to assess whether they are affected by these vulnerabilities. Previous versions are no longer supported, and may or may not be affected by these vulnerabilities.
- Office 98 for Macintosh
- Office 2001 for Macintosh
- Office 2000 for Windows
- Office 2002 for Windows
What does the patch do?
The patch eliminates the vulnerability by improving the code which detects the presence of macros in these document types.Who should apply the patch?
Anyone using or administering systems running the affected software versions should apply the patchAre other members of the Office Suite vulnerable?
No. All members of the Office Suites for Windows and Macintosh were tested. No other products in the Office Suite were found to be vulnerable.Download locations for this patch
- Microsoft Excel 98 for Macintosh:
http://www.microsoft.com/mac/download/office98/pptxlmacro.asp- Microsoft Excel 2001 for Macintosh:
http://www.microsoft.com/mac/download/office2001/pptxlmacro.asp- Microsoft PowerPoint 98 for Macintosh:
http://www.microsoft.com/mac/download/office98/pptxlmacro.asp- Microsoft PowerPoint 2001 for Macintosh:
http://www.microsoft.com/mac/download/office2001/pptxlmacro.aspAdditional information about this patch
Installation platforms:
These patches can be installed on systems running Excel or PowerPoint 2000 SR-1 or SP2 for Windows and systems running Excel or PowerPoint 98 or 2001 for Macintosh. Verifying patch installation:
- Microsoft Excel and PowerPoint 98 for Macintosh:
Select the file in the Finder, From the File menu, choose "Get Info", and verify that the version shown is 9.0.1 (3618).- Microsoft Excel and PowerPoint 2001 for Macintosh:
Select the file in the Finder, From the File menu, choose "Get Info", and verify that the description shown is "2001 Security Update".
You can find more information on the exploit, the patch, Macros, and links to the Windows patches at the security alertis Web page.