Search
Search titles only
By:
Search titles only
By:
Forums
New posts
Search forums
What's new
New posts
Latest activity
Feedback
View Statistics
Members
Current visitors
Buy Sell Trade
WTB
Log in
Register
Search
Search titles only
By:
Search titles only
By:
New posts
Search forums
Menu
Install the app
Install
Reply to thread
Forums
Technology
Websites and Apps
New 'High Risk' Flaws Found in IE, Outlook
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Message
<blockquote data-quote="AlbertPacino" data-source="post: 7971" data-attributes="member: 160"><p>A pair of newly discovered security flaws in Microsoft's Internet Explorer and Outlook programs could put millions of users at risk of code execution attacks, a private research outfit warned Thursday.</p><p>The vulnerabilities were reported to Microsoft Corp. by private research outfit eEye Digital Security, and basic details on the risks and the affected products have been released on eEye's upcoming advisories Web page.</p><p></p><p>A spokeswoman for the software giant confirmed that engineers at the Microsoft Security Research Center were investigating the eEye discoveries.</p><p></p><p>"At this time, Microsoft is not aware of any malicious attacks attempting to exploit the reported vulnerabilities, and there is no customer impact based on this issue," she said.</p><p></p><p>Once the investigation is done, she said Microsoft would "take the appropriate action" to protect affected users.</p><p></p><p>Under normal circumstances, Microsoft patches are released on a monthly cycle, but in cases of emergency, the company could release an out-of-cycle update.</p><p></p><p>Since adopting the monthly patching cycle in October 2003, Microsoft has released three out-of-cycle patches, all for "critical" flaws in the Internet Explorer browser.</p><p>Marc Maiffret, chief hacking officer at eEye, said the flaws were rated "high-severity" because malicious hackers could run a successful exploit from anywhere on the Internet.</p><p></p><p>"These are client-side vulnerabilities that could allow attacks via a Web browser or the Outlook client. The risk of a zero-day attack is quite high," Maiffret said in an interview with eWEEK.com.</p><p></p><p>He said Microsoft was alerted to the first vulnerability March 16.</p><p></p><p>That bug was found in default installations of IE and Outlook and could allow malicious code to be executed, contingent upon minimal user interaction, he explained.</p><p></p><p>According to the eEye advisory, the vulnerabilities affect all versions of Windows NT 4.0, Windows 2000 and Windows XP, including Service Pack 2 (SP2).</p><p></p><p><a href="http://www.eweek.com/article2/0,1759,1781171,00.asp" target="_blank">Source</a></p></blockquote><p></p>
[QUOTE="AlbertPacino, post: 7971, member: 160"] A pair of newly discovered security flaws in Microsoft's Internet Explorer and Outlook programs could put millions of users at risk of code execution attacks, a private research outfit warned Thursday. The vulnerabilities were reported to Microsoft Corp. by private research outfit eEye Digital Security, and basic details on the risks and the affected products have been released on eEye's upcoming advisories Web page. A spokeswoman for the software giant confirmed that engineers at the Microsoft Security Research Center were investigating the eEye discoveries. "At this time, Microsoft is not aware of any malicious attacks attempting to exploit the reported vulnerabilities, and there is no customer impact based on this issue," she said. Once the investigation is done, she said Microsoft would "take the appropriate action" to protect affected users. Under normal circumstances, Microsoft patches are released on a monthly cycle, but in cases of emergency, the company could release an out-of-cycle update. Since adopting the monthly patching cycle in October 2003, Microsoft has released three out-of-cycle patches, all for "critical" flaws in the Internet Explorer browser. Marc Maiffret, chief hacking officer at eEye, said the flaws were rated "high-severity" because malicious hackers could run a successful exploit from anywhere on the Internet. "These are client-side vulnerabilities that could allow attacks via a Web browser or the Outlook client. The risk of a zero-day attack is quite high," Maiffret said in an interview with eWEEK.com. He said Microsoft was alerted to the first vulnerability March 16. That bug was found in default installations of IE and Outlook and could allow malicious code to be executed, contingent upon minimal user interaction, he explained. According to the eEye advisory, the vulnerabilities affect all versions of Windows NT 4.0, Windows 2000 and Windows XP, including Service Pack 2 (SP2). [URL=http://www.eweek.com/article2/0,1759,1781171,00.asp]Source[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Technology
Websites and Apps
New 'High Risk' Flaws Found in IE, Outlook
Top
Bottom