- CNET NETWORKS UK BUSINESS SITES:
- atlarge.com
- BNET UK
- silicon.com
- SmartPlanet.com
- ZDNet.co.uk
Outlook vulnerability goes underground...
Published: 27 June 2005 08:30 BST
The risk of an attack related to a flaw in Microsoft Outlook Express climbed this week, after underground hacking sites began circulating sample code for exploiting it.
The exploit, which the French Security Incident Response Team drew attention to last week, is designed to take complete control of PCs with certain versions of the Outlook Express email program installed on them when users visit newsgroups controlled by the hackers.
But security experts said the risk of a widespread attack is low, because people must visit the malicious newsgroups for an attack to work. In addition, the exploit code that's in circulation has some glitches, said Michael Sutton, a lab director at security company iDefense.
"It requires a reasonable amount of user intervention, which lowers the overall risk," Sutton said.
Nonetheless, iDefense urges people with vulnerable machines to install the patch Microsoft released last week to fix the flaw. The problem stems from a component of Outlook's newsreader program called Network News Transfer Protocol. The result of an attack could be serious.
Microsoft warned in a security bulletin for the patch last week: "An attacker could install programs; view, change or delete data; or create new accounts with full user rights." The company rated the vulnerability "important", which falls second to "critical" in its rating scale.
A Microsoft representative said the company is aware of the exploit code but is unaware of active attacks that have utilised it. Microsoft is monitoring the situation and is urging customers to apply its patch, the representative said. The company also directed people to report any attacks to Microsoft and the FBI.
The vulnerability has been found in several versions of Outlook Express, including releases 5.5 and 6.0 for Windows 2000, XP and Server 2003 machines, according to Microsoft. People don't have to launch the Outlook Express program, however, in order to fall victim to an attack.
Alorie Gilbert writes for CNET News.com
American Express can attribute much of its well-earned reputation as a leading corporate card provider to the unrivalled success of its technology ...
Reference: 7PR-CMS-4635 Closing date: 4 July 2008 To apply online please visit http://jobs.ioe.ac.uk or tel 020 7612 6159 We positively encourage ...
Using our in-house automated deployment system to install new Linux PCs. Package For further information please visit: http://www.embl.org/ and ...
CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
RSS Feeds
Peter Cochrane Peter Cochrane's Blog: Is convergence a fiction? Or could it finally be happening…
Clive Longbottom Quocirca's Straight Talking: A game of two halves Microsoft Virtualisation scores while its SOA bores...