The outlook for email is patchy

News

The outlook for email is patchy

John Sabine
Microsoft's Outlook and Outlook Express email clients have been hit by another security hole

John Sabine

The potential breach, revealed by security consultants @Stake, could allow malicious code to be executed on corporate PCs. It could also be used to delete files or transfer information, which essentially allows a hacker the same freedom as the machine's legitimate user.

Because of the integration between Internet Explorer and Outlook, this email vulnerability must be fixed using a browser patch. The Internet Explorer update is now available from Microsoft.

The flaw occurs only if a user opens a vCard electronic business card attachment containing malicious code. It relies on a buffer overflow occurring in the 'birthday' field on opening; @Stake advises that a temporary measure is to block all vCard attachments.

The security of Outlook was called into question last year by other revelations about buffer overflows and automatic execution of malicious code sent as an email attachment.

Microsoft's latest security bulletin can be found at:

www.microsoft.com/technet/security/bulletin/ms01-012.asp

The patch can be downloaded from:

www.microsoft.com/windows/ie/download/critical/q283908/default.asp


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy