Microsoft Office Attacks - Best Security Tips offers daily news, information, advices and tips about spyware, adware, viruses, trojans, web vulnerabilities, hackers, other threats    | Register now | Login
   
   
TIPS NEWS TOOLS DOWNLOADS MALWARE FORUM BOOKS FREE MAGAZINES SECURITY & PRIVACY
GFI WebMonitor, Internet content filtering tool for SMBs. Download free trial now!  		Bookmark and Share 
Best Tips
10 Security Tips For The...
Keep your money safe by ...
Windows Services Attacks
How to Reduce Spam Email
See How Livia Web Protec...
Common EXE Issues And So...
Microsoft ISA Firewall S...
5 Essential Tips for Onl...
OWASP PHP Top 5
Tips To Avoid Windows Vi...
Security Scanner
Security Categories
 1. Adware/Spyware
 2. Antivirus
 3. Firewall
 4. Phishing
 5. Linux Security
 6. Windows Security
 7. Security Incidents
 8. Web Security
 9. P2P Security
Reccomendations
Latest Viruses / Threats
Vuln: Symantec Encryption Desktop CVE-2012-4352 Local Buffer Overflow Privilege Escalation Vulnerability
2013/12/24 22:00:00
Vuln: Ruby on Rails CVE-2012-5664 Multiple SQL Injection Vulnerabilities
2013/12/20 22:00:00
IMPORTANT : NATWEST PAYMENT ON HOLD - Natwest
2013/6/19 6:00:08
ISC StormCast for Wednesday, June 19th 2013 http://isc.sans.edu/podcastdetail.html?id=3377, (Wed, Jun 19th)
2013/6/18 20:46:49
WinLink Check-In, (Wed, Jun 19th)
2013/6/18 20:16:05
Advertise With Us !
Downloads
 0.TarcisSansUT Heavy PC
 1.Batch Fax to PDF
 2.Quick Batch File Compiler
 3.ChargeMeter - money meter & dialer prot...
 4.Wondershare Flash to PSP Converter
 5.PhotoOne Print
 6.Savannah Safari - Animated Screensaver
 7.MailTrack
 8.Avex DVD to iPhone Converter
 9.PhotoPackager
VyprVPN
VyprVPN Personal VPN lets you browse securely
SANS Top-20 Internet Security Attack Targets: Microsoft Office Attacks (2/2)  
Author: Max : 2006/11/20 Printer Friendly Page Tell a Friend
Microsoft Office Attacks 

W3.2 Operating Systems Affected
Windows 9x, Windows 2000, Windows XP, Windows 2003 are all vulnerable depending on the version of Office software installed.

W3.3 CVE Entries
CVE-2006-5296,
CVE-2006-4694,
CVE-2006-4534,
CVE-2006-3649,
CVE-2006-3590,
CVE-2006-3059,
CVE-2006-2492,
CVE-2006-1540,
CVE-2006-1301,
CVE-2006-0002


W3.4 How to Determine If You Are at Risk

The MS Office installations running without the patches referenced in the Microsoft Bulletins listed from the NVD entries are vulnerable. Use any vulnerability scanner to check whether your systems are patched against these vulnerabilities. You can also consider using the Microsoft Windows Server Update Services (WSUS), Microsoft Baseline Security Analyzer (MBSA), Windows Live Scanner or Systems Management Server (SMS) to check the security patch status of your systems.

W3.5 How to Protect against the Microsoft Office Vulnerabilities

  • Keep the systems updated with all the latest patches and service packs. If possible enable Automatic Updates on all systems.

  • Disable Internet Explorer feature of automatically opening Office documents.

  • Configure Outlook and Outlook Express with enhanced security.

  • Use Intrusion Prevention/Detection Systems and Anti-virus and Malware Detection Software to prevent malicious server responses and documents from reaching the end users.

  • Use mail and web filtering systems at the network perimeter to prevent malicious Office documents from reaching end-user systems.



W3.6 References
Microsoft Office zero-day Discussions
http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx
http://blogs.securiteam.com/?p=508
http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-081616-2104-99
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FMDROPPER%2EBI&VSect=T
http://blogs.securiteam.com/?p=451
http://www.symantec.com/security_response/writeup.jsp?docid=2006-051911-0706-99
http://www.symantec.com/security_response/writeup.jsp?docid=2006-051914-5151-99

 Page: 1 2 
Return to Category | Return To Main Index
SANS Top-20 Internet Security Attack Targets: Microsoft Office Attacks (2/2)  



 

NEWS | SECURITY BLOG | TOOLS | DOWNLOADS | TIPS | SITEMAP | TERMS AND CONDITIONS | INTERNET SECURITY SEARCH ENGINE | ADVERTISE ON THIS SITE | CONTACT
Feb '09 | Mar '09 | Apr '09 | May '09 | Jun '09 | Jul '09 | Aug '09 | Sep '09 | Oct '09 | Nov '09 | Dec '09 | Jan '10 | Feb '10 
4000+ Security Software Downloads