Microsoft has confirmed that it's investigating reports of a
Windows Vista flaw
attackers could exploit to compromise PCs by tricking the user
into opening a malicious email attachment.
The problem reportedly affects Windows Mail on all versions of
Vista and antivirus giant
Symantec warned customers of
its DeepSight threat management service early Friday that Vista's
native email client will execute any script or program file that
has an associated folder by the same name.
"An attacker can deliver an email message containing a malicious
link that references a local executable," Symantec said in an email
advisory. "If the victim clicks on this link the native program is
executed with no further action required."
The vendor said an attacker could potentially exploit the design
flaw to delete files or shut down the victim's computer. Other
attacks are also possible. However, Symantec noted that the flaw
can only be used to execute programs or scripts that natively
reside on a computer and also have a folder in place by the same
name.
"There is the possibility that an attacker could execute custom
malicious binaries, yet they would have to first ensure that a
malicious file is placed on a target system by some means," the
company said. "To exploit this issue, an attacker must entice an
unsuspecting user to click a malicious link in an email."
A Microsoft spokeswoman confirmed that the software giant is
investigating the flaw report, but said there is no indication of
attacks at this time.
"Microsoft will continue to investigate the public reports to
help provide additional guidance for customers as necessary," she
said in an email exchange. "Upon completion of this investigation,
Microsoft will take the appropriate action to protect our
customers, which may include issuing a security advisory or
providing a security update through our monthly release process,
depending on customer needs."
She added that users should always be cautious when clicking on
links in unsolicited emails. Symantec agreed. "Do not accept or
execute files from untrusted or unknown sources," the company
advised.
Symantec also recommended users modify their default
configuration files to disable any unwanted behavior. "Disabling
HTML email capabilities within mail client applications may reduce
the likelihood of successful attacks," the company said.
Finally, to reduce the impact of latent vulnerabilities, IT
administrators should limit user privileges to the least amount
possible. "This can reduce the likelihood of privileged functions
being executed," Symantec said.