You are here: silicon.com > Software > Malware

Malware

Hackers spread Microsoft attack flaw exploit

Outlook vulnerability goes underground...

Tags: outlook, flaw, hackers, microsoft

Printer Friendly Email Story RSS

By Alorie Gilbert

Published: 27 June 2005 08:30 GMT

The risk of an attack related to a flaw in Microsoft Outlook Express climbed this week, after underground hacking sites began circulating sample code for exploiting it.

The exploit, which the French Security Incident Response Team drew attention to last week, is designed to take complete control of PCs with certain versions of the Outlook Express email program installed on them when users visit newsgroups controlled by the hackers.

But security experts said the risk of a widespread attack is low, because people must visit the malicious newsgroups for an attack to work. In addition, the exploit code that's in circulation has some glitches, said Michael Sutton, a lab director at security company iDefense.

"It requires a reasonable amount of user intervention, which lowers the overall risk," Sutton said.

Nonetheless, iDefense urges people with vulnerable machines to install the patch Microsoft released last week to fix the flaw. The problem stems from a component of Outlook's newsreader program called Network News Transfer Protocol. The result of an attack could be serious.

Microsoft warned in a security bulletin for the patch last week: "An attacker could install programs; view, change or delete data; or create new accounts with full user rights." The company rated the vulnerability "important", which falls second to "critical" in its rating scale.

A Microsoft representative said the company is aware of the exploit code but is unaware of active attacks that have utilised it. Microsoft is monitoring the situation and is urging customers to apply its patch, the representative said. The company also directed people to report any attacks to Microsoft and the FBI.

The vulnerability has been found in several versions of Outlook Express, including releases 5.5 and 6.0 for Windows 2000, XP and Server 2003 machines, according to Microsoft. People don't have to launch the Outlook Express program, however, in order to fall victim to an attack.

Alorie Gilbert writes for CNET News.com

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Related Links

Worm outbreak feared after port scanning spike

Microsoft: No plans to patch IE spoof

Pop-up phishing flaw hits browser security

Microsoft gets smart about online security

Microsoft takes its hat off to hackers

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business

Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business

Second iPhone worm: A botnet risk

Phishers set their sights on corporate accounts

Tax-refund phishing scams hit an all-time high

First critical Windows 7 patches released

Online fraudsters enlist Trojans to run off with your money


  • Jobs
Senior Software Engineer

These next-generation threats attack on multiple levels of the network infrastructure. CompanyMcAfee creates best-of-breed computer security ...

1st line Technical Support, Telecommunications, High Wycombe

Make sure all problems of IT / Technical support are resolved promptly within 15 minutes for the following issues: o Microsoft Outlook / Express ...

Trade Floor Support Analyst

Install software applications to user, configuring software applications on user machines. Lotus Notes, Outlook. An excellent opportunity has arisen ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.

JD Edwards Spotlight Video

CEO Dashboard Management: Why Creating Visual Reports You Can't Hide From Will Help...

Virtual Private Servers (VPS)

Looking for a fast payback? 10 Minutes with Free Tool Can Save Thousands

Martin Brokers cashes in on back-up swap

VocaLink makes virtualisation pay

Sony Pictures sets sights on best IT Oscar

Co-op Group kicks "server sprawl" into touch

Arts Council gets tech troubleshooting boost

Torex tech treats Thorntons to quicker sales

Stories from the web...


eBay app lets users bid from a BlackBerry

ID card database: 500 names added in first month

Women in IT: Tech has an image problem

Tesco Mobile to get a taste of Apple's iPhone

Marketing chiefs: Are you spamming your customers?

IT skills shortage squashed by recession?




Quick Sitemap Links: