Everhart, Glenn (FUSA) From: rotaiv [rotaiv@USA.NET] Sent: Thursday, May 13, 1999 4:13 PM To: BUGTRAQ@NETSPACE.ORG Subject: Re: Microsoft Security Bulletin (MS99-014) -----BEGIN PGP SIGNED MESSAGE----- This is in response to the Microsoft Security Bulletin (MS99-014). On 3/29/99 I posted a message to BugTraq titled, "Bypassing Excel Macro Virus Protection". The message explained two ways to bypass the "Macro Virus Protection" option in Excel 97. One is to password protect an infected spreadsheet (Q176640) and the second is to copy an infected spreadsheet into the XLSTART directory (Q180614). Both methods will open an infected spreadsheet without the macro warning appearing. I would love to think Microsoft Security Bulletin (MS99-014) was in response to my email but I'll be humble and chalk it up to coincidence. I downloaded the patch to see if addressed the two scenarios I described above. I found that you will now receive the macro warning on a password protected file but not on a file copied to the XLSTART directory. Also, you can still enable or disable the macro virus protected with a simple reg hack. I guess that is not so important because if you can perform a reg hack, you can do a lot more than execute an Excel macro. I am not sure what really prompted Microsoft to release a patch for Excel but I find it surprising that they did not address the XLSTART option either. They should at least give us the option of deciding if this directory is trusted, thereby by-passing the macro virus warning. 'nuff said. rotaiv -£- -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.0.2 iQEVAwUBNzsxdQuGSvRTfa2rAQHe+Af+NXzCRMZ6ALIsiezLQ5XhOuBgmRZALeoO k2LMkGfVea8jO7olA/wtwnrS2E0eCUVSMW23ZSxkd8Q9hbYBxbc8GvPOzOTGL4EP tmZkyvxcB2QyyDmJjIQuJQKcGCggr0ahPNr9pvv9DsBHJeRifcS6niXZrm5uQJb7 qhY4QJzAWQ9cXEiqoNuTofgR1eg276MUSuh2Om29FIjkfcMocdGghrkQLBGvN9MB Hlm9Z7D0I3/zT88c+A6IeyZHbe9/6PaAODgn3QuhKla8PbetyGj/Qbclua5kNR/X tVoLWIIrcA2ZKsgQn1SLtcKTqDV5KPTGrz3yB1ZH9BJ37qmXLOegfw== =qJ15 -----END PGP SIGNATURE-----