“This past week’s news of yet another major security
vulnerability with Microsoft’s products, this time with the ODBC
database driver in Excel 97, has lead SecurityPortal.com to take a
look at the big picture, and attempt to understand how big of a
security problem Microsoft has.”
“This latest security vulnerability is one of the most
frightening to date, as it allows shell commands to be executed by
opening a spreadsheet, without any warning whatsoever. The ODBC
database driver, installed with Excel 97, supports a wide variety
of system calls as part of its middleware approach to integrating
applications. Among these APIs is an ability to invoke shell
commands. Because this is ODBC, and not a macro, there is no
warning imparted to the user. A user could download a spreadsheet,
only to find that it has deleted files, made registry entries, or a
number of other malicious acts, completely in stealth.”
“Do security problems plague Microsoft because of their size, or
are there other reasons? There are plenty of reasons to love or
hate Microsoft. If you have owned Microsoft stock for the past
several years, you probably love them. If you have tried to compete
with them on any front, you probably hate them. Their penchant for
consuming any technology or application space is well known, from
dominating the word processor market to eating away at Netscape’s
browser share to attempting to co-opt Java. Microsoft has shown no
fear of getting into new businesses and has experienced mixed
results, such as with WebTV, City Sidewalk and several others. No
doubt, Microsoft plays the role of the 800 pound gorilla to
perfection, and they are a magnet for publicity, both good and bad.
As Microsoft aggressively pursues new markets and continued
dominance in existing markets, are they adequately protecting the
backdoor?”