A message to the vulnerable: patch!
By Matt Whipp
Posted on 11 Oct 2002 at 12:28
Microsoft issues a critical warning for Outlook Express holes
A buffer over-run vulnerability has been discovered in Microsoft's Outlook Express versions 5.5 and 6. The vulnerability could allow an attacker to run any code on the victim's machine restricted only by the privileges of the victim.
Users with Outlook are not affected. Nor are those that have patched their systems through either Windows XP Service Pack 1 or SP1 for Internet Explorer 6. Microsoft doesn't support versions of Outlook Express earlier than 5.5, so make sure you are upgraded (Outlook Express is the free mail client included with Internet Explorer).
The vulnerability comes in the way Outlook Express checks for errors in digitally signed emails using the S/MIME standard. An attacker could create a digitally signed email and edit it to create the error condition necessary to use a buffer over-run attack.
Patches for Outlook 5.5 and 6.0 are available from the Microsoft Web site.
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Is Microsoft mismanaging Windows on ARM?
- Dealing with spam surrogates
- Why 3G broadband can be better and cheaper than ADSL
- Is Twitter bad for business?
- Publishing your email address isn't a security disaster
- Why you'll need a fax machine to develop iOS apps
- Learning to adapt to the mobile web
- Why you shouldn't use WPS on your Wi-Fi network
- Disabled users suffer when software breaks the rules
advertisement
