Security holes found in Outlook

Microsoft has run into security problems with its software this summer, issuing no less than five security bulletins in July.

  • E-Mail
By  Peter Conmy Published  August 5, 2000

Microsoft has run into security problems with its software this summer, issuing no less than five security bulletins in July.

The bulletins relate to six different problems with it’s web server, browser, database and e-mail software.

The latest security flaw, in Outlook and Outlook Express, takes advantage of a buffer-overflow condition, a type of vulnerability that plagued Unix for years.

An unchecked buffer could allow a virus to be delivered to a client via an email that overruns the buffer.

The impact of this type of attack is magnified by the integration of e-mail and browser functions with the Windows operating system. This integration provides a path for malicious effects to be triggered simply by downloading e-mail — the user does not even have to open the message, let alone double-click on an attachment.

Malicious Actions

This vulnerability surpasses even the scripting vulnerabilities announced by Microsoft on 13 July 2000, which at least required the user to view a message in a preview pane before malicious actions could occur.

John Pescatore, security analyst with Gartner Group said that the flaws represented serious security holes, and that any IT manager who is evaluating and selecting a messaging product should heavily weight security protections between the email client and active software.

Users are advised to implement any recommended patches from Microsoft (see www.microsoft.com/technet/security/current.asp), to disable active scripting in Office products and block ActiveX at the enterprise firewall.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code