Language Selection

English French German Italian Portuguese Spanish

Hackers probe Outlook Express flaw

Filed under
Microsoft

The risk of an attack related to a flaw in Microsoft Outlook Express climbed this week, after underground hacking sites began circulating sample code for exploiting it.

The exploit, which the French Security Incident Response Team drew attention to on Monday, is designed to take complete control of PCs with certain versions of the Outlook Express e-mail program installed on them, when users visit newsgroups controlled by the hackers.

But security experts said the risk of a widespread attack is low, because people must visit the malicious newsgroups for an attack to work. In addition, the exploit code that's in circulation has some glitches, said Michael Sutton, a lab director at security company iDefense.

It requires a reasonable amount of user intervention, which lowers the overall risk," Sutton said.

Nonetheless, iDefense urges people with vulnerable machines to install the patch Microsoft released last week to fix the flaw. The problem stems from a component of Outlook's newsreader program called Network News Transfer Protocol. The result of an attack could be serious.

"An attacker could install programs; view, change or delete data; or create new accounts with full user rights," Microsoft warned in a security bulletin for the patch last week. The company rated the vulnerability "important," which falls second to "critical" in its rating scale.

A Microsoft representative said the company is aware of the exploit code but is unaware of active attacks that have utilized it. Microsoft is monitoring the situation and is urging customers to apply its patch, the representative said. The company also directed people to report any attacks to Microsoft and the FBI.

The vulnerability has been found in several versions of Outlook Express, including releases 5.5 and 6.0 for Windows 2000, XP and Server 2003 machines, according to Microsoft. People don't have to launch the Outlook Express program, however, in order to fall victim to an attack.

Source.

More in Tux Machines

Is Open Source an Open Invitation to Hack Webmail Encryption?

While the open source approach to software development has proven its value over and over again, the idea of opening up the code for security features to anyone with eyeballs still creates anxiety in some circles. Such worries are ill-founded, though. One concern about opening up security code to anyone is that anyone will include the NSA, which has a habit of discovering vulnerabilities and sitting on them so it can exploit them at a later time. Such discoveries shouldn't be a cause of concern, argued Phil Zimmermann, creator of PGP, the encryption scheme Yahoo and Google will be using for their webmail. Read more

Changing times, busy times and why Google will save Usenet.

Linux however has succeeded by way of form factors diversifying. Be it Android phones or tablets there is a big shift with the mainstream consumer in terms of what devices they want and here Linux has excelled. In 2008 my decision remove my Microsoft dependency was for reasons of the control they had on the desktop, the practices alleged against them and the dubious tactics some of their advocates used to promote the products. I also wholeheartedly agree with the ethos of FOSS which was another contributory factor. Today, my feelings about FOSS have not changed, there are caveats to my opinions of FOSS (especially in gaming) but I’ve covered that before in other articles. Today I avoid Microsoft not because I feel the need to make a stand against its behaviour, its because I don’t need them. I support Microsoft being a “choice” in the market as I support user freedom, but as for what Microsoft can offer me (regardless of its past) there is nothing. Read more

Eltechs Debuts x86 Crossover Platform for ARM Tablets, Mini-PCs

The product, called ExaGear Desktop, runs x86 operating systems on top of hardware devices using ARMv7 CPUs. That's significant because x86 software, which is the kind that runs natively on most computing platforms today, does not generally work on ARM hardware unless software developers undertake the considerable effort of porting it. Since few are likely to do that, having a way to run x86 applications on ARM devices is likely to become increasingly important as more ARM-based tablets and portable computers come to market. That said, the ExaGear Desktop, which Eltechs plans to make available next month, currently has some steep limitations. First, it only supports Ubuntu Linux. And while Eltechs said support for additional Linux distributions is forthcoming, there's no indication the product will be able to run x86 builds of Windows on ARM hardware, a feat that is likely to be in much greater demand than Linux compatibility. Read more

It's Elementary, with Sparks, and Unity

In today's Linux news Jack Wallen review Elementary OS and says it's not just the poor man's Apple. Jack Germain reviewed SparkyLinux GameOver yesterday and said it's a win-win. Linux Tycoon Bryan Lunduke testdrives Ubuntu's Unity today in the latest entry in his desktop-a-week series. And finally tonight, just what the heck is this Docker thing everybody keeps talking about? Read more