Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
Patching Another Outlook Security Hole
Microsoft's download will prevent hackers from using a vCard attachment to access your PC.
Jennifer Disabatino, Computerworld Online
Microsoft has identified another security hole in its Outlook e-mail software and says a fix is available for the glitch.
The software maker last week released a patch for its Outlook and Outlook Express clients, following the identification of a hole in the software that could allow hackers to use a vCard to disable Outlook, or run code through the program.
The vCard attachment is a common way to share address book information.
This exploit, like many viruses, will work only if the user opens an infected attachment in an e-mail document. It was reported to Microsoft by Ollie Whitehouse, a British programmer.
The patch is available from Microsoft, and, as always, the company urges users to follow sound security measures, which include not opening unexpected attachments, especially from strangers.
As evidenced by the spread of the Kournikova virus earlier this month, however, users are still all too willing to open suspect attachments.
According to the Microsoft security advisory, "Outlook Express provides several components that are used both by it and, if installed on the machine, Outlook. One such component, used to process vCards, contains an unchecked buffer."
A buffer temporarily stores data in devices or software. Programmers can design buffers to check the size of data entered into them and reject entries that are too long. When they are "unchecked," it means there is no such safeguard, and users can enter any amount of data. In the case of Outlook, the unchecked buffer would allow a malicious user to create a vCard that contains what Microsoft called "specially malformed data." When a recipient opened such a vCard, the data overflow the available buffer size and crash the e-mail software.
"In a more serious case, a malicious user could exploit the unchecked buffer to run unauthorized code on the other user's computer," Microsoft warned.
Sara Radicati, president and chief executive of The Radicati Group in Palo Alto, California, says she hasn't heard of this hole being a problem yet.
"This is such a low-level issue . . . it just might not have bubbled up yet," she says.
For more enterprise computing news, visit Computerworld. Story copyright © 2007 Computerworld Inc. All rights reserved.
Save on Printing Costs
Laptop Showcase
Dell Fast Track
-
Free Next Day Business Shipping on Dell's Most Popular Systems Over 35% off Dell’s most popular systems. Delivered in 48 hours with free next business day shipping! Ends 12/22 at 3 PM CST
People who read this also read:
Best Prices on System Utilities
Dragon NaturallySpeaking 10 Standard (Full Product)Price: $64.99
Parallels Desktop 4.0 for Mac (Full Product)Price: $49.99
Norton Partition Magic 8.0 Rev1RetailPrice: $49.99
Dragon Naturally Speaking 10 Legal - UpgradePrice: $149.99
2009 ProfessionalPrice: $29.50
Dragon NaturallySpeaking Preferred 10 (Upgrade)Price: $135.90
- 15 Minutes to a Secure Business Get the Secure in 15 toolkit starting with the "15 Minutes Month-at-a-Glance" calendar. McAfee will send you additional tools and tricks to stay protected around the clock.
- A Buyer's Guide to Data Protection Implementing data protection products and processes can be daunting. Make the right decisions by exploring what is available and what makes sense for your organization. Use this simple guide to evaluate different vendor offerings.
