New Microsoft Vulnerability Revealed and nearly everyone is vulnerable

Michael DeVicariis webtemp at
Wed Jul 19 10:11:04 CDT 2000

New Microsoft Vulnerability Revealed

The System Administration, Networking, and Security (SANS) Institute
on Monday identified what it called "probably the most dangerous 
programming error" found in any workstation running Windows 95, 
98, 2000, and NT 4.0. 
A security alert issued by the cooperative research and education 
group states that users running any of the affected operating systems
are vulnerable to a total compromise when they preview or read an 
infected e-mail -- without having to open any attachments. They're 
also vulnerable if they have Microsoft Access 97 or 2000, or if they 
run any mail reader, like Outlook or Eudora, that uses Internet 
Explorer (4.0 and higher) to render HTML documents.

According to the SANS advisory, a hacker could get into Microsoft 
Access using ActiveX controls without the victim knowing that it's 

"This is a very serious problem," said Forrester Research analyst 
Frank Prince. "Anyone with Visual Basic knowledge could potentially 
send an e-mail -- that doesn't have to be opened -- and give the 
hacker complete access to the user's system." --George V. Hulme, 

Find out if you're at risk:

Michael DeVicariis
Web Administrator/Developer
UCSD Auxiliary & Plant Services
(858) 534-0700


The posting address is: san-diego-pm-list at

List requests should be sent to: majordomo at

If you ever want to remove yourself from this mailing list,
you can send mail to <majordomo at> with the following
command in the body of your email message:

    unsubscribe san-diego-pm-list

If you ever need to get in contact with the owner of the list,
(if you have trouble unsubscribing, or have questions about the
list itself) send email to <owner-san-diego-pm-list at> .
This is the general rule for most mailing lists when you need
to contact a human.

More information about the San-Diego-pm mailing list