Language Selection

English French German Italian Portuguese Spanish

Hackers probe Outlook Express flaw

Filed under
Microsoft

The risk of an attack related to a flaw in Microsoft Outlook Express climbed this week, after underground hacking sites began circulating sample code for exploiting it.

The exploit, which the French Security Incident Response Team drew attention to on Monday, is designed to take complete control of PCs with certain versions of the Outlook Express e-mail program installed on them, when users visit newsgroups controlled by the hackers.

But security experts said the risk of a widespread attack is low, because people must visit the malicious newsgroups for an attack to work. In addition, the exploit code that's in circulation has some glitches, said Michael Sutton, a lab director at security company iDefense.

It requires a reasonable amount of user intervention, which lowers the overall risk," Sutton said.

Nonetheless, iDefense urges people with vulnerable machines to install the patch Microsoft released last week to fix the flaw. The problem stems from a component of Outlook's newsreader program called Network News Transfer Protocol. The result of an attack could be serious.

"An attacker could install programs; view, change or delete data; or create new accounts with full user rights," Microsoft warned in a security bulletin for the patch last week. The company rated the vulnerability "important," which falls second to "critical" in its rating scale.

A Microsoft representative said the company is aware of the exploit code but is unaware of active attacks that have utilized it. Microsoft is monitoring the situation and is urging customers to apply its patch, the representative said. The company also directed people to report any attacks to Microsoft and the FBI.

The vulnerability has been found in several versions of Outlook Express, including releases 5.5 and 6.0 for Windows 2000, XP and Server 2003 machines, according to Microsoft. People don't have to launch the Outlook Express program, however, in order to fall victim to an attack.

Source.

More in Tux Machines

Open source licensing: What every technologist should know

If you’re a software developer today, you know how to use open source software, but do you know how and why open source licensing started? A little background will help you understand how and why the licenses work the way they do. Read more

Kali Linux 2017.2 Release

We are happy to announce the release of Kali Linux 2017.2, available now for your downloading pleasure. This release is a roll-up of all updates and fixes since our 2017.1 release in April. In tangible terms, if you were to install Kali from your 2017.1 ISO, after logging in to the desktop and running ‘apt update && apt full-upgrade’, you would be faced with something similiar to this daunting message: Read more Also: Kali Linux 2017.2 Released With New Hacking Tools — Download ISO And Torrent Files Here

Open source-based business lessons from a seasoned CEO

The default now is to build from open and in the open. So that's a positive. The downside is that by open source being the default, we may be getting a little lazy. If you remember back 5-10 years, open sourcing was a big deal, and it forced a level of rigor that may have led, in some cases, to founders and early investors taking better approaches to building their company—for example, shifting towards SaaS wherever possible, in part because of the ability to demonstrate clear value versus their own open source. Read more

Keeping up with advances in open source database administration

The world of open source databases is rapidly evolving. It seems like every day brings a new release of an open source technology that might make a database administrator's life easier, if only he or she knew about it. Fortunately, there are many ways to stay on top of what's going on with open source database technology. One such way is the Percona Live Open Source Database Conference, taking place next week in Dublin, Ireland. We've covered Percona Live before, and invite you to take a look back at some of our previous stories. From IoT to big data to working with the cloud, there's plenty to keep up with. Here are a look at a couple of the sessions you might enjoy, as described by the speakers. Read more