FLASH: death sentence for Flash?

[Markki Piho]

Hi all,

 

Maybe I panic without any reason but:

 

Update - Foiling the Russian New Year Attack

SAN JOSE, CALIFORNIA, U.S.A., Newsbytes - Mobile code security firm Finjan has released details onhow to foil the Russian New Year security hole which uses standard World Wide Web page tags and legitimate Microsoft Corp. MS Office Excel functions to take over a visiting PC.

At a press conference Tuesday morning, Finjan president and chief executive officer, (CEO) Bill Lyons, said the attack has been confirmed only for MS Office 95 and 97 on Windows platforms, but advised Mac users to consider the MS Office ports to that platform as "suspicious" as well. He said Unix users are immune to the exploit "since MS Office doesn't run on Unix."

Lyons said he was aware of criticism levied at the high-profile handling of the recently announced Remote Explorer virus by Network Assoc. and the firm had brought in some big-gun security consultants to counter potential skepticism about the Russian New Year, or RNY, security hole.

One consultant was quoted as saying, "Once you learn how this works, if this vulnerability does not make you weak in the knees, then you do not understand the seriousness of this problem."

As for why Microsoft did not participate in the news conference, Lyons remarked, "You should ask Microsoft that question. My personal assessment is that Microsoft has the browsers, it has Excel, and they had 95 percent of the solution in December." He added that Microsoft's announcement regarding a patch used to disable the Excel CALL function critical to the security hole was not linked to Internet browsing and seemed like a problem for sophisticated hackers.

Finjan insists that any high school student capable of creating a home page using Hypertext Markup Language (HTML) tags can also use the RNY exploit.

To foil the exploit, Finjan has made the following recommendations:

First, install or upgrade to Microsoft's Office 97 and install Service Release 1 followed by Service Release 2. Then install the Excel patch to eliminate the 'CALL' function.

Second, if using Microsoft's Internet Explorer version 4.x, adjust the security setting on the browser to the highest level.

Third, if using Netscape Navigator, install or upgrade to Navigator 4.5.

For licensed Finjan SurfinGate users with Netscape Navigator set as their default browser, set the SurfinGate policy to "Block All Plug-ins." This will remove all <embed> tags from the HTML code.

For licensed customers using Microsoft's Internet Explorer or those Netscape Navigator users who do not want entire blocking of all plug-ins, download an updated version of SurfinGate at http://www.finjan.com/rny . This version includes a patch file with enhanced HTML scanning features that allow users to list a variety of file types that can be blocked.

Those who are not a licensed SurfinGate customer may download a fully functional 30-day evaluation copy of SurfinGate from the Finjan Software Products Web page at http://www.finjan.com/ryn . For desktop PCs connected to the Internet, Finjan urges users to consider purchasing licensed copies of SurfinGate for protection beyond the 30-day time period.

NewsBytes