eWEEK.com Messaging and Collaboration reports Microsoft Posts Excel 'Zero-Day' Flaw Workarounds. "Redmond's security response center is recommending that businesses block Excel spreadsheet attachments at the e-mail gateway to avoid targeted zero-day attacks."
FoxPro developers recall that Microsoft Outlook security patches block attached Visual FoxPro programs because "they could contain malicious code" -- provided the recipient downloads the code to disk, runs Visual FoxPro to compile the program file and then runs the resultant file. Outlook, however, will allow through Excel or Word documents containing malicious code with no objection.
People need to get over the binary view of "documents" versus "executables." Web "pages" contain executable Javascript, ActiveX controls, Java and more. PDF files can run code - they are made out of Postscript, a programming language. HTML Help files include executable features. Screensavers are programs, not pictures. Some people like to send around "slideshows" of pictures, oftentimes a PPS (PowerPointShow) file that could run VBA scripts.
1. Don't open attachments from untrusted sources.
2. There are no trusted sources.
10:48:13 PM 
|
