Language Selection

English French German Italian Portuguese Spanish

Hackers probe Outlook Express flaw

Filed under
Microsoft

The risk of an attack related to a flaw in Microsoft Outlook Express climbed this week, after underground hacking sites began circulating sample code for exploiting it.

The exploit, which the French Security Incident Response Team drew attention to on Monday, is designed to take complete control of PCs with certain versions of the Outlook Express e-mail program installed on them, when users visit newsgroups controlled by the hackers.

But security experts said the risk of a widespread attack is low, because people must visit the malicious newsgroups for an attack to work. In addition, the exploit code that's in circulation has some glitches, said Michael Sutton, a lab director at security company iDefense.

It requires a reasonable amount of user intervention, which lowers the overall risk," Sutton said.

Nonetheless, iDefense urges people with vulnerable machines to install the patch Microsoft released last week to fix the flaw. The problem stems from a component of Outlook's newsreader program called Network News Transfer Protocol. The result of an attack could be serious.

"An attacker could install programs; view, change or delete data; or create new accounts with full user rights," Microsoft warned in a security bulletin for the patch last week. The company rated the vulnerability "important," which falls second to "critical" in its rating scale.

A Microsoft representative said the company is aware of the exploit code but is unaware of active attacks that have utilized it. Microsoft is monitoring the situation and is urging customers to apply its patch, the representative said. The company also directed people to report any attacks to Microsoft and the FBI.

The vulnerability has been found in several versions of Outlook Express, including releases 5.5 and 6.0 for Windows 2000, XP and Server 2003 machines, according to Microsoft. People don't have to launch the Outlook Express program, however, in order to fall victim to an attack.

Source.

More in Tux Machines

Getting started with Raspberry Pi

So you have a Raspberry Pi, or you’re thinking of getting one, and you want to know how to get started and how to become a master user of one. The Raspberry Pi is a single board computer, meaning that in many ways it's a regular PC, except that everything that makes up the computer is on a single board rather than a traditional PC, which has a motherboard and requires a number of additional daughterboards to make a whole unit. Read more

Games for GNU/Linux

  • Shadow Tactics: Blades of the Shogun Hardcore Tactical Stealth Game Out on Linux
    More and more AAA games are coming to our beloved Linux platform, and nothing makes us happier than to see Daedalic Entertainment's Shadow Tactics: Blades of the Shogun title launching today on Steam for Linux, Mac, and Windows. If you're not familiar with Daedalic Entertainment's work, they are the creators of the superb and fun Deponia series, but Shadow Tactics: Blades of the Shogun is something different, a tactical stealth-strategy game in the style of the Commandos stealth-oriented real-time tactics video game series.
  • Shadow Tactics: Blades of the Shogun, the top-down stealth game is now out
    Shadow Tactics: Blades of the Shogun [GOG, Steam, Official Site] is the rather good top-down stealth game from Mimimi Productions. It's now out way a day-1 Linux release and it has a demo. I played the demo and I was massively impressed, so impressed that I would very much like to cover the game properly. So I will be reaching out to the developer for a key.
  • The Keeper, a promising looking side-scrolling survival action game with plenty of action is coming to Linux
    The Keeper side-scrolling survival action game full of boss battles, a combo system for combat and a day and night cycle will come to Linux.
  • Editorial: A chat about asking developers for a Linux port
    It has come to my attention recently that some people have been taking a really hard stance against developers who want to gauge interest for a Linux port. I want to talk about it for a bit. [...] Be the Linux community I know and love, be helpful to developers, get in on beta testing when you can (I’ve seen plenty of developers give out free keys for this too!) and appreciate the good games we get. We are a smaller market in most people’s eyes, so let’s not turn away anything that could help us grow even a little. The fact is, I’ve seen multiple games only come to Linux because Linux fans showed actual interest in it. One such example is Nightside, which I discovered on Steam. After a quick chat with the developer, I was able to convince them to do a Linux build and after a short test they then decided to do support a Linux build. There’s many such examples like this, but due to the amount of games I cover that’s one I could quickly pull up (without having to sift through hundreds of articles).
  • Dawn of War II has a minor patch to fix a few issues
  • Khronos are working on an open standard for VR, Valve will use it
  • BOOR, a new puzzle platformer will arrive with Linux support next year
    BOOR [Official Site] is a new puzzle platformer from developer Dazlog Studio and publisher BadLand Games that will have Linux support. We have many puzzle platformers now, so I do hope BOOR has something to set itself apart from the rest of them. I haven't seen anything in the trailer or the feature list that really jumps out at me. I am hoping when they reveal more gameplay it will look more enticing.
  • The developers of 'EVERSPACE' are still working on the Linux version, seeking help from Epic Games
    EVERSPACE [Steam, Official Site] is the fantastic looking UE4 space shooter that's being ported to Linux, but the developers have encountered a problem with lighting bugs. I follow the topic on Steam, but a user also emailed this in to ask me to highlight it. I would have anyway since I'm interested in it.
  • Total War: WARHAMMER - Realm of The Wood Elves DLC will come to Linux soon
    Total War: WARHAMMER - Realm of The Wood Elves [Steam] is the next DLC that introduces an exciting race into this strategy game. Feral have confirmed it will be on Linux soon with the quick tweet they sent out.
  • DoomRL or 'DRL' as it's now called has gone open source
    After ZeniMax sent the lawyers knocking, the developer of what was called DoomRL (Doom Roguelike) has changed it's name to 'DRL' [Github, Official Site] and it's now open source. ZeniMax are well within their rights to "protect" the Doom brand, but I still think their lawyers are idiotic for doing this. It's not like small-time roguelike was actually competing with the real Doom.

High School's Help Desk Teaches Open Source IT Skills

The following is an adapted excerpt from chapter six of The Open Schoolhouse: Building a Technology Program to Transform Learning and Empower Students, a new book written by Charlie Reisinger, Technology Director for Penn Manor School District in Lancaster County, Pennsylvania. In the book, Reisinger recounts more than 16 years of Linux and open source education success stories. Penn Manor schools saved over a million dollars by trading proprietary software for open source counterparts with its student laptop program. The budget is only part of the story. As Linux moved out of the server room and onto thousands of student laptops, a new learning community emerged. Read more

What’s New with Xen Project Hypervisor 4.8?

I’m pleased to announce the release of the Xen Project Hypervisor 4.8. As always, we focused on improving code quality, security hardening as well as enabling new features. One area of interest and particular focus is new feature support for ARM servers. Over the last few months, we’ve seen a surge of patches from various ARM vendors that have collaborated on a wide range of updates from new drivers to architecture to security. Read more