lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <A4DAA3F070BBB34B882C16C67F923D994B96@sbserver.arms.local>
Date: Wed, 24 Sep 2003 13:09:28 -0400
From: "Guy Barnum" <GuyBarnum@...scole.com>
To: <bugtraq@...urityfocus.com>
Subject: Outlook security updates not stopping Swen


(posted to dshield also)
For all of you who have been flooded with Swen emails.  I've gone around a few times over the last few days with a combination of ISA server, outlook and Norton not being able to stop the latest Microsoft-hoax swen virus email.  Here is what I came up with:

I just tested a win 98 system and a win XP Pro system after installing the latest office service pack and security updates.  

On the win98 system Outlook would still trigger the swen .exe attachment from just the email preview and doesn't filter any dangerous file extension attachments as its supposed to.

Installing the same service packs and security patches on the xp pro machine, running the same version of office, fixed the problem.  The default dangerous file extension attachments are stripped out of the email.

On the win98 system I had to go in to the registry and add the Level1Add string value (along with a few preceding registry keys) and manually add all of the extensions I want to be filtered.  This looks like it took care of the problem as I've sent myself a few .exe and .com files that have been stripped out.

See article: http://support.microsoft.com/default.aspx?scid=kb;EN-US;312834

To see the recommended list of file extensions to block if you also need to add these by hand see article: http://support.microsoft.com/?kbid=290497

and scroll down to "Attachment Behavior".

It strikes me as surreal that Microsoft releases a security update to fix a bug, which security update itself has a bug and another update web page on how to manually fix it.  Couldn't they go back and re-release a working version of their original security update?!

Guy
gbarnum@...scole.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ