July 19, 2000
SECURITY ALERT
System Administration, Networking, and Security (SANS) Institute

The System Administration, Networking, and Security (SANS) Institute on Monday identified what it called "probably the most dangerous programming error" found in any workstation running Windows 95, 98, 2000, and NT 4.0.

A security alert issued by the cooperative research and education group states that users are vulnerable to a total compromise when they preview or read an infected E-mail--without having to open any attachment--if they're running any of the affected operating systems and have Microsoft Access 97 or 2000, Internet Explorer 4.0 or higher, including version 5.5 that ships with Windows 2000.

According to the institute, the exploit was first discovered June 27, but Microsoft requested that SANS not release the details of the vulnerability until the company developed a fix. Microsoft posted a workaround on July 14 that is available at www.sans.org. Users running systems with Outlook, Outlook Express, Eudora, or any mail reader that uses Internet Explorer to render HTML documents are also vulnerable to this exploit through E-mail.

According to the SANS advisory, a hacker could get into Microsoft Access using ActiveX controls without the victim knowing that it's happening. "This is a very serious problem," says Forrester Research analyst Frank Prince. "Anyone with Visual Basic knowledge could potentially send an E-mail -- that doesn't have to be opened--and give the hacker complete access to the user's system."

Prince says he agrees with SANS's decision not to publicize the vulnerability until a patch was available. "The bar is so low for this exploit, and the potential for damage so high, a lot of people with Visual Basic knowledge would jump on the Internet to see what they could do. I'll bet a lot are doing just that right now," he says.
--George V. Hulme

Back To The Study