Malicious Code Exploit Discovered in Microsoft Office -- Redmond Channel Partner

Malicious Code Exploit Discovered in Microsoft Office

By Scott Bekker
October 29, 1999

Finjan Software (www.finjan.com) announced that they have discovered a new exploit involving Microsoft Windows scrap files that could be used to deliver Trojan attacks. Microsoft Office applications can be used to create "scrap" files (.SHS extension) to hide executable programs.

Because the file extension on .SHS files is always hidden, a file can be falsely named with a harmless-seeming file extension (.TXT, .JPG, .GIF), which a user will be more likely to open. Once opened, a scrap file will transmit the Trojan executable program to the user's machine.

Microsoft Windows scrap files are created when a file is copied into an open Microsoft Office document and then copied and pasted onto the Windows desktop. The new scrap file is created with the hidden file extension .SHS, but can easily be renamed by a malicious user. When distributed via e-mail messages or instant message file transfer or other Web-based media, a scrap file's extension becomes visible, but once saved to the hard drive, the .SHS extension will disappear again.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Free Webcast! Learn about Password Management Best Practices

Featured

Microsoft to Shut Down Skype Services

Microsoft will discontinue its Skype telecommunications and video calling services on May 5, 2025, marking the end of the platform's decades-long run.
Microsoft Confirms End of HoloLens Mixed Reality Hardware

Microsoft officially announced this week that it is discontinuing its HoloLens mixed reality hardware, marking the end of its efforts in the space.
Microsoft Rolls Out Final Cumulative Update for Exchange Server 2019

On Monday, Microsoft released the last major update for Exchange Server 2019. The aging Exchange Server is set to lose support on Oct. 14, 2025.
Windows 11 Installation Streamlined for New Devices

Microsoft is introducing new policy changes that will give IT administrators greater control over Windows 11 updates during the initial setup of new devices.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

Malicious Code Exploit Discovered in Microsoft Office

Featured

Microsoft to Shut Down Skype Services

Microsoft Confirms End of HoloLens Mixed Reality Hardware

Microsoft Rolls Out Final Cumulative Update for Exchange Server 2019

Windows 11 Installation Streamlined for New Devices

Microsoft to Shut Down Skype Services

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Unveils 2025 Roadmap for Dynamics 365, Copilot and Power Platform

Microsoft Confirms End of HoloLens Mixed Reality Hardware

Microsoft Rolls Out Final Cumulative Update for Exchange Server 2019

Microsoft to Shut Down Skype Services

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Unveils 2025 Roadmap for Dynamics 365, Copilot and Power Platform

Microsoft Confirms End of HoloLens Mixed Reality Hardware

Microsoft Rolls Out Final Cumulative Update for Exchange Server 2019

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to Office 365 Security Costs

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

FREE WEBCASTS FROM OUR SPONSORS

Tech Talk | What Keeps MSPs Up at Night? Addressing Key Risks and Building Resilience

Unlocking a New Era of Tax Automation within Microsoft Dynamics 365: Introducing Vertex's API-Based Tax Integration

Unlocking Revenue Growth with Vertex and Microsoft: A Winning Partnership

Microsoft Ignite 2024: Top Announcements and Takeaways

FREE WHITE PAPERS FROM OUR SPONSORS

How Retailers Can Overcome 7 Common Tax Compliance Challenges

Tax Challenges Affecting the Manufacturing Industry

Data Analytics Drive Supply Chain Optimization

Digital Transformation: The Case for Moving Tax to the Cloud