TechTarget

The outlook for email is patchy

Microsoft's Outlook and Outlook Express email clients have been hit by another security hole

Microsoft's Outlook and Outlook Express email clients have been hit by another security hole

John Sabine

The potential breach, revealed by security consultants @Stake, could allow malicious code to be executed on corporate PCs. It could also be used to delete files or transfer information, which essentially allows a hacker the same freedom as the machine's legitimate user.

Because of the integration between Internet Explorer and Outlook, this email vulnerability must be fixed using a browser patch. The Internet Explorer update is now available from Microsoft.

The flaw occurs only if a user opens a vCard electronic business card attachment containing malicious code. It relies on a buffer overflow occurring in the 'birthday' field on opening; @Stake advises that a temporary measure is to block all vCard attachments.

The security of Outlook was called into question last year by other revelations about buffer overflows and automatic execution of malicious code sent as an email attachment.

Microsoft's latest security bulletin can be found at:

www.microsoft.com/technet/security/bulletin/ms01-012.asp

The patch can be downloaded from:

www.microsoft.com/windows/ie/download/critical/q283908/default.asp

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close