[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[humorix] Security Holes Found In Microsoft Easter Eggs

To: Humorix Mailing List <humorix@nl.linux.org>
Subject: [humorix] Security Holes Found In Microsoft Easter Eggs
From: James Baughn <jbaughn@ldd.net>
Date: Fri, 19 May 2000 16:10:09 -0500
Organization: http://i-want-a-website.com
Reply-To: humorix@nl.linux.org
Sender: owner-humorix@nl.linux.org

Security Holes Found In Microsoft Easter Eggs
May 19, 2000

REDMOND, WA -- It's damage control time for the Microsoft
Marketing Machine. Not only have exploits been found in IE,
Outlook, and even the Dancing Paper Clip, but now holes
have been uncovered in Excel's Flight Simulator and Word's
pinball game. Even Minesweeper's undocumented cheat mode is
vulnerable to script kiddie attacks.

"If you enter Excel 97's flight simulator and then hit the
F1, X, and SysRq keys while reading a file from Drive A:,
you automatically gain Administrator rights on Windows NT,"
explained the security expert who first discovered the
problem.  "And that's just the tip of the iceberg."

Office 97 and 2000 both contain two hidden DLLs,
billrulez.dll and eastereggs.dll (actually billru~1.dll and
easter~1.dll), that are marked as "Safe for scripting" --
but, like everything else made by Microsoft, are not. 
Arbitrary Visual BASIC (Bill's Attempt to Seize Industry
Control) code can be executed using these files. More
disturbing, however, are the undocumented API calls
"ChangeAllPasswordsToDefault", "OpenBackDoor",
"InitiateBlueScreenNow", and  "UploadRegistryToMicrosoft"
within easter~1.dll. 

Microsoft spokesdroids have already hailed the problem as
"an insignificant byproduct of Microsoft innovation."  Said
one, "There's no need to worry.  Trust us... this is not a
big deal. For those really paranoid security freaks out
there, we're preparing an Innovation Pack that fixes these
known issues and adds several new innovative features."

Just as this story went to press, Bill Gates announced,
"This is exactly why the DOJ needs to go back to Washington
D.C. and leave us innovative software architects alone. If
we didn't have to worry about Janet Reno and her
vigilantes, we could spend more time testing and improving
our software. The entire US economy will crash if Microsoft
is ever broken up!"

---

James Baughn

-
Humorix:      Linux and Open Source(nontm) on a lighter note
Archive:      http://humbolt.nl.linux.org/lists/
Web site:     http://www.i-want-a-website.com/about-linux/

Follow-Ups:
- Re: [humorix] Security Holes Found In Microsoft Easter Eggs
  - From: "Robert G. Werner" <rwerner@lx1.microbsys.com>

Prev by Date: RE: [humorix] Re:[Humorix] spy in the conspiracy?
Next by Date: Re: [humorix] Security Holes Found In Microsoft Easter Eggs
Prev by thread: [humorix] The Mother Of All Lawsuits Filed Against Network Solutions
Next by thread: Re: [humorix] Security Holes Found In Microsoft Easter Eggs
Index(es):
- Date
- Thread