Language Selection

English French German Italian Portuguese Spanish

Hackers probe Outlook Express flaw

Filed under
Microsoft

The risk of an attack related to a flaw in Microsoft Outlook Express climbed this week, after underground hacking sites began circulating sample code for exploiting it.

The exploit, which the French Security Incident Response Team drew attention to on Monday, is designed to take complete control of PCs with certain versions of the Outlook Express e-mail program installed on them, when users visit newsgroups controlled by the hackers.

But security experts said the risk of a widespread attack is low, because people must visit the malicious newsgroups for an attack to work. In addition, the exploit code that's in circulation has some glitches, said Michael Sutton, a lab director at security company iDefense.

It requires a reasonable amount of user intervention, which lowers the overall risk," Sutton said.

Nonetheless, iDefense urges people with vulnerable machines to install the patch Microsoft released last week to fix the flaw. The problem stems from a component of Outlook's newsreader program called Network News Transfer Protocol. The result of an attack could be serious.

"An attacker could install programs; view, change or delete data; or create new accounts with full user rights," Microsoft warned in a security bulletin for the patch last week. The company rated the vulnerability "important," which falls second to "critical" in its rating scale.

A Microsoft representative said the company is aware of the exploit code but is unaware of active attacks that have utilized it. Microsoft is monitoring the situation and is urging customers to apply its patch, the representative said. The company also directed people to report any attacks to Microsoft and the FBI.

The vulnerability has been found in several versions of Outlook Express, including releases 5.5 and 6.0 for Windows 2000, XP and Server 2003 machines, according to Microsoft. People don't have to launch the Outlook Express program, however, in order to fall victim to an attack.

Source.

More in Tux Machines

Octa-core Cortex-A53 hacker SBC sells for $60

FriendlyARM’s $60, open spec “NanoPC-T3” SBC runs Android or Linux on an octa-core Cortex-A53 SoC packed with wireless and media interfaces, plus 8GB eMMC. The over-caffeinated board builders at Guangzhou, China-based FriendlyARM have shipped their highest-end hacker board yet. The NanoPC-T3 is almost identical to the NanoPC-T2 board, but swaps out the quad-core, Cortex-A9 Samsung S5P4418 SoC for a layout-compatible S5P6818 with eight Cortex-A53 cores that can be clocked dynamically from 400MHz to 1.4GHz. Last month, FriendlyARM’ unveiled an $11, quad-core NanoPi M1 single board computer with similarly open source hardware and Android and Linux software. Read more

today's leftovers

Linux and Graphics

Security Leftovers

  • Cockpit 0.104
    Cockpit is the modern Linux admin interface. There’s a new release every week. Here are the highlights from this weeks 0.104 release.
  • FFmpeg 3.0.2 "Einstein" Multimedia Framework Released with Updated Components
    Today, April 28, 2016, the development team behind the popular FFmpeg open-source and cross-platform multimedia framework has released the second maintenance release in the stable FFmpeg 3.0 "Einstein" series. FFmpeg 3.0 was a massive release announced in mid-February, which brought in numerous existing changes, including support for decoding and encoding Common Encryption (CENC) MP4 files, support for decoding DXV streams, as well as support for decoding Screenpresso SPV1 streams.
  • Using bubblewrap in xdg-app
    At the core of xdg-app is a small helper binary that uses Linux features like namespaces to set up sandbox for the application. The main difference between this helper and a full-blown container system is that it runs entirely as the user. It does not require root privileges, and can never allow you to get access to things you would not otherwise have.
  • Build System Fallbacks
    If you are using Builder from git (such as via jhbuild) or from the gnome-builder-3-20 branch (what will become 3.20.4) you can use Builder with the fallback build system. This is essentially our “NULL” build system and has been around forever. But today, these branches learned something so stupidly obvious I’m ashamed I didn’t do it 6 months ago when implementing Build Configurations.
  • Node.js version 6 is now available