Language Selection

English French German Italian Portuguese Spanish

Hackers probe Outlook Express flaw

Filed under
Microsoft

The risk of an attack related to a flaw in Microsoft Outlook Express climbed this week, after underground hacking sites began circulating sample code for exploiting it.

The exploit, which the French Security Incident Response Team drew attention to on Monday, is designed to take complete control of PCs with certain versions of the Outlook Express e-mail program installed on them, when users visit newsgroups controlled by the hackers.

But security experts said the risk of a widespread attack is low, because people must visit the malicious newsgroups for an attack to work. In addition, the exploit code that's in circulation has some glitches, said Michael Sutton, a lab director at security company iDefense.

It requires a reasonable amount of user intervention, which lowers the overall risk," Sutton said.

Nonetheless, iDefense urges people with vulnerable machines to install the patch Microsoft released last week to fix the flaw. The problem stems from a component of Outlook's newsreader program called Network News Transfer Protocol. The result of an attack could be serious.

"An attacker could install programs; view, change or delete data; or create new accounts with full user rights," Microsoft warned in a security bulletin for the patch last week. The company rated the vulnerability "important," which falls second to "critical" in its rating scale.

A Microsoft representative said the company is aware of the exploit code but is unaware of active attacks that have utilized it. Microsoft is monitoring the situation and is urging customers to apply its patch, the representative said. The company also directed people to report any attacks to Microsoft and the FBI.

The vulnerability has been found in several versions of Outlook Express, including releases 5.5 and 6.0 for Windows 2000, XP and Server 2003 machines, according to Microsoft. People don't have to launch the Outlook Express program, however, in order to fall victim to an attack.

Source.

More in Tux Machines

Getting OpenStack Ready for the Enterprise

OpenStack is gaining popularity as the cloud platform of choice for IT organizations. This was reflected in a 2013 IDG survey that found as much as 64 percent of IT managers including OpenStack in their technology roadmap. In the current fast-paced IT market, the massive scalability and flexible, modular architecture of OpenStack can help give organizations the agility they need. Read more

Open source projects that warrant data center managers' attention

When you're making the case to a data center manager about tech that is worthy of her consideration, make sure these three open source options are on your list. Read more

Open source and Made in Italy: Arduino are circuit boards with a sense of style

One of the more surprising applications has been the natural marriage between the Arduino board and Lego. Once seen only as a child's building block toy, Lego is finding startling utility as an instant mechanical prototype maker for Arduino ideas. Read more

11 Useful Utilities To Supercharge Your Ubuntu Experience

Whether you’re a relative novice or a seasoned pro, we all want to get the most from our operating system. Ubuntu, like most modern OSes, has more to offer than what is presented at first blush. From tweaking and refining the look, behaviour and performance of the Unity desktop to performing system maintenance, there are a huge array of useful utilities and apps that can help tune Ubuntu to meet your needs in no time. Read more