- Recommend:
- 0 Comments
Microsoft Patches ActiveX Flaw in Outlook
Downloadable fix prevents hackers from running destructive code through your PC.
Five weeks after first warning of a hole in its Outlook e-mail program, Microsoft this week released a patch to fix the flaw in an ActiveX control. Uncorrected, the defect could let attackers run destructive code on a user's computer.
The defect lies in the Microsoft Outlook View Control, an ActiveX control that comes with Outlook 98, 2000, and 2002. Microsoft designed the control to display information from Outlook, such as messages in the inbox, in a Web browser.
By exploiting the flaw, an attacker can get full control over Outlook and even run destructive code on a user's machine. To exploit the flaw an attacker would either need to lure a user to a particular Web site, or send a HyperText Markup Language (HTML) e-mail to the user, Microsoft says.
Bulgarian bug hunter Georgi Guninski discovered the bug and notified Microsoft on July 9. The company warned users about the vulnerability on July 12. The software maker advised users to disable ActiveX controls until it made the patch available.
Microsoft now urges all users of affected software to download and install the patch.
Long-Lived Vulnerability
When the flaw first made news in July, Guninski suggested it had likely been around for quite some time.
"It is extremely easy to find the vulnerability.... I found it very quickly after I installed Office XP," Guninski says. "And if Outlook 98 is affected, as Microsoft states in their advisory, this means it has been around for years."
At the time, Microsoft didn't take kindly to Guniski exposing the problem before the company had time to create a fix.
A Microsoft spokesperson expressed the company's displeasure, suggesting that Guninski's actions exposed users to "a far greater risk than they would have been" if he had let Microsoft respond first.
Not the First
The hole Guninski found in Outlook wasn't the first to crop up in Microsoft's popular e-mail client.
Earlier this year the company released a patch following the identification of a hole in the software that could allow hackers to use a vCard to disable Outlook, or run code through the program. The vCard attachment is a common way to share address book information.
Jennifer Disabatino and Jaikumar Vijayan of Computerworld Online contributed to this report.
Would you recommend this story? YES NO
- Recommend:
- 0 Comments
-
Outlook 15 Gets Ready for Touch Tablets
-
Help Solve the Outlook 'General Failure' E-Mail Error
-
Patch MS12-027 Now--Zero Day Flaw Being Actively Exploited
-
Patch Now: Microsoft RDP Exploit Code Is in the Wild
-
Add a Tabbed E-Mail View to Microsoft Outlook
-
Microsoft Outlook Social Connector Folds Facebook and LinkedIn Into Outlook
-
eM Client: Affordable Alternative to Microsoft Outlook
-
Endpoint Protection v.12.0 Small Business Edition (Full Product, 10 Users) See All Prices
-
Norton Antivirus 2012 (Full Product, 3 PCs) See All Prices
-
Total Protection 2012 (Full Product, 3 Users) See All Prices
-
Antivirus with Spy Sweeper See All Prices
- 12 Criteria for Selecting the Best ERP System Replacement An ERP system is your information backbone and reaches into all areas of your business and value chain. Replacing it can open unlimited business opportunities. This white paper explains the 12 criteria that allow you to identify and select the solution that will meet these expectations.
- Leveraging Social Computing Technologies for ERP Applications This white paper details how Web 2.0 technologies support business strategies by improving efficiency, productivity, and collaboration.
-
Facebook Reins In Spammy Auto-Sharing Apps with New Rule
-
Report: Obama Ordered Stuxnet Attacks on Iran
-
Anonymous Claims Attack on Facebook
-
Online Services Try Harder to Protect User Data, Watchdog Says
-
Hotspot Shield Comes To Android, Keeps Your Mobile Browsing Secure
-
Privacy Group Wants Google's Driverless Cars Kept off the Road
-
Mobile Payments Still Slow to Catch on in U.S.
-
Email Attackers Take a Weekend Breather
-
The Flame Virus: Your FAQs Answered
-
Netflix Agrees to Delete Former Users' Video History
-
The New DDoS: Silent, Organized, and Profitable
-
Attacks on Iranian Oil Industry Led to Flame Malware Find
Ad Choices