Language Selection

English French German Italian Portuguese Spanish

Hackers probe Outlook Express flaw

Filed under
Microsoft

The risk of an attack related to a flaw in Microsoft Outlook Express climbed this week, after underground hacking sites began circulating sample code for exploiting it.

The exploit, which the French Security Incident Response Team drew attention to on Monday, is designed to take complete control of PCs with certain versions of the Outlook Express e-mail program installed on them, when users visit newsgroups controlled by the hackers.

But security experts said the risk of a widespread attack is low, because people must visit the malicious newsgroups for an attack to work. In addition, the exploit code that's in circulation has some glitches, said Michael Sutton, a lab director at security company iDefense.

It requires a reasonable amount of user intervention, which lowers the overall risk," Sutton said.

Nonetheless, iDefense urges people with vulnerable machines to install the patch Microsoft released last week to fix the flaw. The problem stems from a component of Outlook's newsreader program called Network News Transfer Protocol. The result of an attack could be serious.

"An attacker could install programs; view, change or delete data; or create new accounts with full user rights," Microsoft warned in a security bulletin for the patch last week. The company rated the vulnerability "important," which falls second to "critical" in its rating scale.

A Microsoft representative said the company is aware of the exploit code but is unaware of active attacks that have utilized it. Microsoft is monitoring the situation and is urging customers to apply its patch, the representative said. The company also directed people to report any attacks to Microsoft and the FBI.

The vulnerability has been found in several versions of Outlook Express, including releases 5.5 and 6.0 for Windows 2000, XP and Server 2003 machines, according to Microsoft. People don't have to launch the Outlook Express program, however, in order to fall victim to an attack.

Source.

More in Tux Machines

KDevelop 5.0.0 release

Almost two years after the release of KDevelop 4.7, we are happy to announce the immediate availability of KDevelop 5.0. KDevelop is an integrated development environment focusing on support of the C++, Python, PHP and JavaScript/QML programming languages. Many important changes and refactorings were done for version 5.0, ensuring that KDevelop remains maintainable and easy to extend and improve over the next years. Highlights include much improved new C/C++ language support, as well as polishing for Python, PHP and QML/JS. Read more

CoreOS 1068.10.0 Released with Many systemd Fixes, Still Using Linux Kernel 4.6

Today, August 23, 2016, the development team behind the CoreOS security-oriented GNU/Linux operating system have released the CoreOS 1068.10.0 stable update, along with new ISO images for all supported platforms. Read more

SUSE Linux and openSUSE Leap to Offer Better Support for ARM Systems Using EFI

The YaST development team at openSUSE and SUSE is reporting on the latest improvements that should be available in the upcoming openSUSE Leap 42.2 and SUSE Linux Enterprise 12 Service Pack 2 operating systems. Read more

Create modular server-side Java apps direct from mvn modules with diet4j instead of an app server

In the latest release, the diet4j module framework for Java has learned to run modular Java apps using the Apache jsvc daemon (best known from running Tomcat on many Linux distros). If org.example.mydaemon is your top Maven project, all you do is specify it as the root module for your jsvc invocation, and diet4j figures out the dependencies when jsvc starts. An example systemd.service file is available.