dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Techweb: Dangerous New Microsoft Vulnerability Revealed

Jul 18, 2000, 20:22 (5 Talkback[s])

"Users running Windows 95, 98, 2000, or NT 4.0 are vulnerable to a total compromise when they preview or read an infected e-mail, without having to open an attachment."

"The System Administration, Networking, and Security (SANS) Institute on Monday identified what it called "probably the most dangerous programming error" found in workstations running Windows 95, 98, 2000, and NT 4.0."

"A security alert issued by the cooperative research and education group states that users running any of the affected operating systems are vulnerable to a total compromise when they preview or read an infected e-mail -- without having to open an attachment. They're also vulnerable if they have Microsoft Access 97 or 2000, or if they run any mail reader, like Outlook or Eudora, that uses Internet Explorer (4.0 and higher) to render HTML documents."

"According to the SANS advisory, a hacker could get into Microsoft Access using ActiveX controls without the victim knowing that it's happening. "This is a very serious problem," said Forrester Research (stock: FORR) analyst Frank Prince. "Anyone with Visual Basic knowledge could potentially send an e-mail -- that doesn't have to be opened -- and give the hacker complete access to the user's system."

Complete Story

Related Stories: