|
Hi Folks, The following comes from Information Week today. Chuck ** Security Flaw Found With Outlook VCards Security consulting and research firm @Stake Inc. has discovered a security flaw within Microsoft's Outlook and Outlook Express E-mail applications. The vulnerability concerns the use of Outlook's vCards, or virtual business cards, which can fall victim to a buffer overflow attack or contain code that can attack a user's system. VCards can be created with malicious code that can either cause Outlook to crash, or even allow the E-mail application to run damaging code on a victim's system. In Microsoft Security Bulletin MS01-012, posted Thursday, Microsoft admitted that the flaw is potentially devastating. "In the more serious case, the attacker could cause the mail client to run code of her choice on the user's machine. Such code could take any desired action, limited only by the permissions of the recipient on the machine," the bulletin states. This means that if a user opens the malicious vCard, virtually anything can happen, including reforming the disk drive or adding or deleting files. Ollie Whitehouse, security architect manager for @stake, says he discovered the flaw late last year and worked with Microsoft testing the patch. Whitehouse says users who install the patch will be protected, but warns that users should "always be intelligent about what they're downloading. Even seemingly benign attachments can be malicious." The flaw is serious enough that Microsoft recommends all Outlook users update their browser with the security patch. Since the flawed software component ships with Internet Explorer, users are recommended to download the Internet Explorer patch at http://update.informationweek.com/cgi-bin4/flo?y=eChQ0Bca2V0V20Dj1N - George V. Hulme +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.