ComputerWorld: Microsoft scrambling to fix new Outlook security holeJul 19, 2000, 21:24 (6 Talkback[s])
"Microsoft Corp. is once again scrambling to fix a newly discovered vulnerability in its software that security experts warn is every bit as dangerous as an earlier one, for which a workaround was posted less than a week ago."
"According to a Microsoft advisory, a cracker could exploit the vulnerability to send e-mail that when downloaded from a server would either crash Outlook or cause malicious code to be run on the victim's computer. "Such code could take any action that the user was authorized to take on the machine, including reformatting the hard drive, communicating with an external Web site or changing data on the computer," the Microsoft advisory warned."
"Because the vulnerability occurs when the mail is being downloaded from the server, recipients don't need to open the mail -- or even preview it -- for the vulnerability to be exploited, said Jesper Johansson, an assistant professor at Boston University and editor of the SANS Windows Security Digest."
0 Talkback[s] (click to add your comment)