ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Online business Toolkit

Microsoft rushes to fix Outlook flaw

Dennis Fisher, eWeek ZDNet US

Published: 18 Jul 2001 15:59 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A vulnerability exists in Microsoft's Outlook software that could enable an attacker to easily gain control of a user's mailbox and run code or delete files.

The flaw, discovered by noted bug hunter Georgi Guninski, involves the Outlook View Control, an ActiveX component that enables users to view their mailboxes via the Web. It affects Outlook 98, 2000 and 2002, which ships with the new Office XP suite.

The View Control is only supposed to allow users to view messages or calendar entries, but an attacker need only entice a user into visiting a specially coded Web page in order to run the code to exploit the flaw, according to a bulletin released by Microsoft.

The hole could also be exploited if a user opened an HTML e-mail message containing the malicious code.

In a rare step, Microsoft issued its bulletin late last week even before it had a patch available for the problem. The patch is still under development.

In his bulletin disclosing the flaw, Guninski, who is renowned for uncovering numerous bugs in Microsoft software, listed a simple, if drastic, workaround until the patch is available: "Uninstall Office XP and Windows."

In May, Microsoft issued a bulletin warning that another ActiveX control in Outlook 2000, the office 2000 UA Control, could enable an attacker to carry out Office functions on the machine of a vulnerable user.

Microsoft is betting heavily on Office XP and the forthcoming Windows XP operating system and has stated that they will be the most secure software turned out by the company to date.

They are among the first products to hit the market since Microsoft began an in-house initiative to make security one of the centerpieces of its development process.

Is your PC safe? Find out in ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
57 out of 96 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Online business



Company/Topic Alerts

Create a new alert from the list below:





Related Jobs

IT Support/ Windows XP/ Server 2003/ Active Directory/ Backup

Desktop Support

WINDOWS SYSTEMS MANAGER (BRIGHTON) 48K + WINDOWS XP/2000

Sentry Posts Blog

Toshiba touts Quantum Key Distribution

Toshiba research scientists have developed a method of distributing quantum keys more efficiently, the company has claimed in a statement: "[Quantum Key Distribution -- ] QKD --... More

Post a comment

Virtual Teams: Small Business Innovati...

Virtual Teams: Small Business Innovation Author: Eric Everson, Founder – MyMobiSafe.com As the founder of MyMobiSafe.com, I’ve found that because of our presence in the industry... More

Post a comment

Mobile Security and Innovation: An Ope...

Mobile Security and Innovation: An Open Case Author: Eric Everson, Founder MyMobiSafe.com The times are changing in the mobile industry as “big wireless” in the US Markets are calling... More

Post a comment