Security Holes Found In Microsoft Easter Eggs

Fake News written by James Baughn on Friday, May 19, 2000

from the cracking-easter-eggs dept.

REDMOND, WA -- It's damage control time for the Microsoft Marketing Machine. Not only have exploits been found in IE, Outlook, and even the Dancing Paper Clip, but now holes have been uncovered in Excel's Flight Simulator and Word's pinball game. Even Minesweeper's undocumented cheat mode is vulnerable to script kiddie attacks.

"If you enter Excel 97's flight simulator and then hit the F1, X, and SysRq keys while reading a file from Drive A:, you automatically gain Administrator rights on Windows NT," explained the security expert who first discovered the problem. "And that's just the tip of the iceberg."

Office 97 and 2000 both contain two hidden DLLs, billrulez.dll and eastereggs.dll (actually billru~1.dll and easter~1.dll), that are marked as "Safe for scripting" -- but, like everything else made by Microsoft, are not. Arbitrary Visual BASIC (Bill's Attempt to Seize Industry Control) code can be executed using these files. More disturbing, however, are the undocumented API calls "ChangeAllPasswordsToDefault", "OpenBackDoor", "InitiateBlueScreenNow", and "UploadRegistryToMicrosoft" within easter~1.dll.

Microsoft spokesdroids have already hailed the problem as "an insignificant byproduct of Microsoft innovation." Said one, "There's no need to worry. Trust us... this is not a big deal. For those really paranoid security freaks out there, we're preparing an Innovation Pack that fixes these known issues and adds several new innovative features."

Just as this story went to press, Bill Gates announced, "This is exactly why the DOJ needs to go back to Washington D.C. and leave us innovative software architects alone. If we didn't have to worry about Janet Reno and her vigilantes, we could spend more time testing and improving our software. The entire US economy will crash if Microsoft is ever broken up!"

Rate this story

No votes cast


Vaguely related stories