The outlook for email is patchy


The outlook for email is patchy

John Sabine
Microsoft's Outlook and Outlook Express email clients have been hit by another security hole

John Sabine

The potential breach, revealed by security consultants @Stake, could allow malicious code to be executed on corporate PCs. It could also be used to delete files or transfer information, which essentially allows a hacker the same freedom as the machine's legitimate user.

Because of the integration between Internet Explorer and Outlook, this email vulnerability must be fixed using a browser patch. The Internet Explorer update is now available from Microsoft.

The flaw occurs only if a user opens a vCard electronic business card attachment containing malicious code. It relies on a buffer overflow occurring in the 'birthday' field on opening; @Stake advises that a temporary measure is to block all vCard attachments.

The security of Outlook was called into question last year by other revelations about buffer overflows and automatic execution of malicious code sent as an email attachment.

Microsoft's latest security bulletin can be found at:

The patch can be downloaded from:

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy