BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Security

Desktop platforms Toolkit

New security scares for Outlook and IE

Tags:
Security,
Outlook,
IE,
Internet Explorer

Dawn Kawamoto CNET News

Published: 04 Apr 2005 09:00 BST

A new set of highly critical flaws has been discovered in Microsoft's Internet Explorer and Outlook programs, according to research company eEye Digital Security.

The vulnerabilities allow for remote code execution with no actions from the computer user, eEye said. Although the flaws would not allow self-propagating worms to infiltrate a system, there is the potential of attackers installing backdoor Trojans without a person's knowledge, Ben Nagy, an eEye senior security engineer, said on Friday.

"If a user is tricked (into going) to a site carrying malicious code, they can become infected by just surfing across a banner ad," Nagy said.

eEye notified Microsoft several days ago of the flaws in the default installation of Outlook and IE and is giving the software giant time to develop a patch before releasing details on which versions of the software are affected, Nagy said.

For now, only a few details are included in eEye's page of upcoming advisories.

Nagy added that eEye is also still conducting its own testing of various platforms to evaluate which ones are affected and to what degree.

No exploits are known to have been developed yet, Nagy said.

"Microsoft has acknowledged a vulnerability does exist and is real, but I doubt they will release a patch out of [their monthly] cycle," Nagy said.

Microsoft, meanwhile, said it is investigating a number of possible vulnerabilities in Windows which were reported to it privately.

"At this time, Microsoft is not aware of any malicious attacks attempting to exploit the reported vulnerabilities, and there is no customer impact based on this issue," said a company spokeswoman. "Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a fix through a service pack, our monthly release process or an out-of-cycle security update, depending on customer needs."

Did you find this article useful?
37 out of 121 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

Company/Topic Alerts

Create a new alert from the list below:

Microsoft
Internet Explorer
Outlook

Flaw
IE
Security

Related Jobs

Support Technician (Telecoms), London, GBP26k

Quality Manager

e-Discovery / Litigation Support specialist - London

Video

Install Flash Player plugin

Find out more: From The Labs: A look at...

All videos
Most popular videos
Latest videos

Microsoft Windows 7 Special Report Special Report

How Microsoft can make Windows 7 a success

Comment Many businesses have given Vista a wide berth; Microsoft must focus on five areas to make sure Windows 7 doesn't suffer the same fate, argues TechRepublic's Jason Hiner