1USA's Security & Privacy
Info Center
COM Object vulnerability for all Windows computers

1USA recommends that all 1USA Subscribers (with PC's, not Macintoshes) visit http://WindowsUpdate.Microsoft.Com every 3 months to download any "critical updates".
1USA also recommends that you make periodic backups of your files. (not necessarily the programs, just your files)

Here's a good reason why:

Another Security Flaw: README.TXT can harbor executable programs!

4/01: A new Windows vulnerability has been recently exposed that allows nasty programs or web pages to do what ever they like, such as mess with the system registry, delete files, give access to hackers, or even wipe out your hard drive.

The bug was originally demonstrated by security analyst Georgi Guninski ( http://www.guninski.com/clsidext.html )and later validated by Bug Net engineers. The bug originates in Microsoft's Component Object Model (COM) that is built into all Windows versions since Windows 95.
COM objects rely on CLSID to uniquely identify a COM object and instruct the operating system how to execute it.
Using the CLSID, dangerous executables and scripts can be disguised as innocent .TXT files.

Double-clicking on a purposely renamed file will execute, not as a text file, but in whatever way the original program was written. Ouch!

Tests were performed on several exploits to ascertain the seriousness of this vulnerability.
"We were able to create an Excel spreadsheet with a built-in startup macro that erases files off of the hard disk," said Eric Bowden, general manager of Bug Net, a bug testing facility. "We created a registry merge file that granted us admin rights on a Windows 2000 domain server. We even selectively destroyed the Windows registry.

"Despite the menacing nature of these files, they could hide innocently behind a harmless file name like README.TXT.
A test program has been posted which demos the vulnerability".

I went and tried this, and it's true. Until Microsoft creates a patch, the only protection is for the user to vigilantly check file icons to see if they match the FileType.
When browsing network files, *look at the file icon* to make sure that it matches the file type.
****Beware of any e-mail attachments that reveal the CLSID filename.
Don't double-click it until you double-check it. ****

IT Managers: You now have to teach everyone who sits in front of a computer what a FileType is, and know its associated Icon.
Microsoft has not released a Fix yet that I know of.

1USA's virus-protected email servers can protect you effectively from catching viruses, but it would be hard to isolate COM objects since these COM objects are legitimate programs. More info later on http://www.1usa.com/security/ as its received.

BarryZ
1USA