Language Selection

English French German Italian Portuguese Spanish

Hackers probe Outlook Express flaw

Filed under
Microsoft

The risk of an attack related to a flaw in Microsoft Outlook Express climbed this week, after underground hacking sites began circulating sample code for exploiting it.

The exploit, which the French Security Incident Response Team drew attention to on Monday, is designed to take complete control of PCs with certain versions of the Outlook Express e-mail program installed on them, when users visit newsgroups controlled by the hackers.

But security experts said the risk of a widespread attack is low, because people must visit the malicious newsgroups for an attack to work. In addition, the exploit code that's in circulation has some glitches, said Michael Sutton, a lab director at security company iDefense.

It requires a reasonable amount of user intervention, which lowers the overall risk," Sutton said.

Nonetheless, iDefense urges people with vulnerable machines to install the patch Microsoft released last week to fix the flaw. The problem stems from a component of Outlook's newsreader program called Network News Transfer Protocol. The result of an attack could be serious.

"An attacker could install programs; view, change or delete data; or create new accounts with full user rights," Microsoft warned in a security bulletin for the patch last week. The company rated the vulnerability "important," which falls second to "critical" in its rating scale.

A Microsoft representative said the company is aware of the exploit code but is unaware of active attacks that have utilized it. Microsoft is monitoring the situation and is urging customers to apply its patch, the representative said. The company also directed people to report any attacks to Microsoft and the FBI.

The vulnerability has been found in several versions of Outlook Express, including releases 5.5 and 6.0 for Windows 2000, XP and Server 2003 machines, according to Microsoft. People don't have to launch the Outlook Express program, however, in order to fall victim to an attack.

Source.

More in Tux Machines

SUSE Leftovers

  • OBS got the power!
    Old build workers, rack mounted Old build workers, rack mounted One year after introducing a new kind of Open Build Service worker machines, the “lambkins”, the openSUSE Build Service got a big hardware refresh. The new machines, sponsored by SUSE, are equipped with: 2,8GHz AMD Opteron Processors (6348) 256 GB RAM one 120 GB SSD Four of them are located in a chassis with a height of 2 units and run 12-16 workers on them (virtual machines, that are building packages). That new build power allowed us to remove some of old machines from the pool. The unified hardware makes the management of the machines a lot easier now, even if there are still the most powerful old machines left.
  • openSUSE Heroes December meeting – final results
    While we had some fun and good food and drinks, we also managed to discuss a lot during the three days in the Nuremberg headquarter. This was needed because this was the first time that the Heroes came together in their current form. In the end, we managed to do no coding and even (nearly) no administration – but instead we started to discuss our (internal and external) policies and work flows – and did some decisions regarding the next steps and the future of the openSUSE infrastructure.
  • New and improved Inqlude web site
    During last year's Summer of Code I had the honor of mentoring Nanduni Indeewaree Nimalsiri. She worked on Inqlude, the comprehensive archive of third party Qt libraries, improving the tooling to create a better structured web site with additional features such as categorization by topic. She did an excellent job with it and all of her code ended up on the master branch. But we hadn't yet made the switch to change the default layout of the web site to fully take advantage of all her work. As part of SUSE's 15th Hack Week, which is taking place this week, I took some time to change that, put up some finishing touches, and switch the Inqlude web site to the new layout. So here we are. I proudly present the new improved home page of Inqlude.

Benchmarks Of Ubuntu 17.04 Beta vs. Antergos, Clear Linux, openSUSE Tumbleweed

For those curious how Ubuntu 17.04 is shaping up, considering this week was the "beta" release for participating flavors, I decided to take a fresh Ubuntu 17.04 x86_64 daily ISO and see how its performance compares to Ubuntu 17.10, Clear Linux 13600, Antergos 17.2, and openSUSE Tumbleweed. Read more

DebianDog Is a Useful Pocket Pup

The earlier versions of DebianDog work flawlessly, but the latest release seems to suffer from some work-in-progress flaws. I had very little trouble running the default software as-is. When I changed system settings or configured applications a certain way, those changes either did not work or were accompanied by a variety of glitches. I also had some trouble getting the persistent memory options to work. A related problem was setting up the personal save storage file. These issues cropped up or did not appear at all, depending on the hardware I was using. I used the same boot CD and bootable DVD drive on all of my test computers. DebianDog Linux is a good alternative for Linux users looking for something different. It is a very good OS choice if you work on multiple computers or travel around to various work locations and want all your work files on the same OS configuration that you carry in your pocket. DebianDog can be a very workable alternative to lugging a laptop around. Read more

Princeton University’

Missouri vs Ole Miss Live Streaming Minnesota vs Penn St. Live Streaming Villanova vs Creighton Live Streaming Miami (OH) vs Bowling Green Live Streaming Robert Morris vs Sacred Heart Live Streaming Cleveland St. vs Youngstown St. Live Streaming Louisiana Monroe vs Appalachian St Live Streaming