IFRAME tag and embed commands in Web pages or
HTML-based e-mail messages. Then MDB files are created that contain
the actual VBA code, including the shell() command. Shell() can run
any executable file that already exists on the system. An object tag
in the HTML document viewed in the browser (Web page or e-mail) then
references the MDB files.
As contrived as it sounds, a knowledgeable user can easily exploit
this vulnerability. There are currently no vendor-supplied fixes or
patches for this problem. However, concerned users are urged to make
use of the following workaround: assign a password to the admin
account in Access. The user will then get a log-in dialog box when he
or she opens a database.
NT 4 REMOTE REGISTRY ACCESS AUTHENTICATION BUG
In Windows NT 4, the Remote Registry server must first authenticate
remote access to the Registry. If the request is specifically
malformed, it could cause the server to fail. A failure in
winlogon.exe, the process that contains the Remote Registry Server,
would cause the entire system to fail.
All versions of NT (Workstation, Server, and so on) are affected.
You can easily make a recovery by rebooting the system. However, this
solution is not entirely practical. Fortunately, Microsoft has
released a patch to fix the problem. For more information, or to
download the patch, browse to the Frequently Asked Questions page from
Microsoft at
http://www.microsoft.com/technet/security/bulletin/fq00-040.asp
WINDOWS 98 MAPPED NETWORK DRIVES
An "Access Denied" error may occur when trying to connect a
handheld to a Windows 95 or 98 desktop running Microsoft Client for
NetWare Networks and Microsoft Service for NetWare Directory Services
(MSNDS) network clients. This is usually caused by mapping a network
drive in a login script. The easiest workaround is to reboot and not
map network drives in a login script.
WINDOWS MEDIA PLAYER AND JAVASCRIPT URLS
It is possible to execute a JavaScript URL from within the Windows
Media Player ActiveX control embedded in HTML. This JavaScript can be
executed in arbitrary frames specified within the ActiveX control. An
attacker can take over the frame's document object model and bypass
security restrictions. An attacker exploiting this vulnerability can
read files on the user's file system and reportedly execute arbitrary
programs on the victim's computer. The WKIT Security Advisory Team has
provided the following workaround:
"Since this vulnerability depends on ActiveX and JavaScript it can
be disarmed by adjusting the security settings in MS IE. If ActiveX
and Active Scripting options are set to Disabled or Ask (and the user
chooses No when prompted) this vulnerability should be prevented."
VISUAL BASIC 5.0--VISUAL SOURCESAFE BUG
If you're using Microsoft's Visual Basic with Visual SourceSafe,
you may receive one of the following errors when trying to retrieve a
project from SourceSafe:
"Failed to reload project"
"Application error"
"The instruction at '0x0fa659de' referenced memory at '0x30303030'.
The memory could not be read."
Microsoft has confirmed this to be a bug and has fixed the problem in
Visual Studio 97 Service Pack 2. For more information on the Service
Pack, you can read the article "Visual Studio 97 Service Packs--What,
Where, and Why" in the Microsoft Knowledge Base at
http://support.microsoft.com/support/kb/articles/Q170/3/65.asp
For a list of the Visual Basic 5.0 bugs fixed in the Visual Studio
97 Service Pack 2, you can read the article "Visual Basic 5.0 Fixes in
Visual Studio 97 Service Pack 2" in the Microsoft Knowledge Base at
http://support.microsoft.com/support/kb/articles/Q171/5/54.asp
BUG/VIRUS ALERT FROM MICROSOFT
Microsoft recently discovered a bug/virus that allows an outsider
to gain access to your computer. The bug/virus, known as BackOrifice
2000 (BO2K), is a malicious program that, when installed on a Windows
computer, allows the computer to be remotely controlled by another
user. BO2K is intended to be used for malicious purposes and includes
stealth behavior that has no purpose other than to make it difficult
to detect. Like any computer program, BO2K must be installed on the
target machine; it cannot be injected onto your machine. There are
only two ways it can be installed:
* You allow the attacker physical access to your logged-on computer.
If the attacker learns your password or you leave your logged-on
workstation unattended, he or she can install BO2K on your machine.
* The attacker tricks you into installing the software. This is known
as a Trojan horse technique. The attacker might send you an e-mail
attachment that appears to be a game but that really installs
BackOrifice.
Microsoft is closely monitoring the situation. For additional
security-related information about Microsoft products, visit
http://www.microsoft.com/security/
MSIE 5 PROGRAMMING BUG
Microsoft recently identified a problem you may experience with
Internet Explorer (Programming) version 5. Internet Explorer reports
an "Invalid character" error when a Unicode .js file is included with
the SCRIPT tag--for example:
<SCRIPT LANGUAGE="JavaScript" SRC="Sample.JS">
If the script debugger is enabled, it reports that the first two
characters in the .js file (the Unicode Byte Order Mark, or BOM) are
the source of the problem.
Another closely associated problem occurs if the Byte Order Mark is
removed from a Unicode format .js file and the file contains Unicode
characters. When the .js file is included during Internet Explorer
page rendering, Unicode characters in the .js file are interpreted as
simple ASCII and cause either a script error, as above, or the display
of garbage characters. Similarly, removing the BOM from a UTF-8
encoded file containing non-ASCII Unicode characters results in
garbage characters displaying on the rendered Web page.
Note that in the Internet Explorer Advanced dialog box (from the Tools
menu, select Internet Options), you must clear the option Disable
Script Debugging or select the option Display A Notification About
Every Script Error in order to receive a detailed error message for
this problem. If these two options are not set correctly, the Internet
Explorer status bar indicates there are errors on the page. The page
loads, but the .js file does not.
Microsoft says it is possible to work around the problem in most cases
by embedding Unicode escape sequences in the .js file saved in ASCII.
For instance, the following JScript statement in an ASCII .js file can
specify the Hiragana character NO:
var s = String("Hiragana NO = \u306E")
When the ASCII .js file loads from the SCRIPT tag, there is no Unicode
Byte Order Mark, and the \uXXXX escapes convert to proper Unicode
characters that appear on a Web page.
PRINTING BUG IN WINDOWS 98 DEVICE MANAGER
In Windows 98's Device Manager, if you choose to print an All
Devices And System Summary, the device detection code may cause
problems for MS-DOS-based programs. Your computer manifests the
problem by reporting that it is out of memory when you try to run an
MS-DOS-based program. When this problem occurs, restart Windows 98 to
correct the problem.
Changes to this page are IN PROGRESS