Results 1 to 5 of 5

Thread: Outlook & IE, New bugs!

  1. #1
    In And Above Man Black Cluster's Avatar
    Join Date
    Feb 2005
    Posts
    912

    Outlook & IE, New bugs!

    So new vulnerabilities have been added to the history MS, the new flaws are ranked as "High". And they are already available on the most current versions od windowz...

    Microsoft Corp. is investigating a new set of potentially serious security flaws in Internet Explorer and Outlook reported by security company eEye Digital Security, the software maker said today.

    The two flaws in the Web browser and e-mail client could let an attacker take control over a system with minimal action from the user, eEye said in two security alerts posted on its page of upcoming advisories. The company ranks the flaws as "high" risk.

    One of the vulnerabilities could let an attacker compromise a user's machine after the user clicks on a Web link, said Marc Maiffret, co-founder and chief hacking officer at eEye. "Nothing that would be normally suspicious to the user," he said.

    The flaws affect both Outlook and Outlook Express, Maiffret said.

    The vulnerabilities exist in the default installations of the applications on most current versions of Windows, according to Aliso Viejo, Calif.-based eEye. The company said on its Web site that it has informed Microsoft and won't provide further details until Microsoft has provided a patch or security alert.

    "We keep all the details private until Microsoft produces a patch. But that is not to say that nobody else has discovered the vulnerability and produced an exploit," Maiffret said. However, eEye hasn't yet seen any attacks that take advantage of the flaws, he said.

    Microsoft is investigating the privately reported potential vulnerabilities, a spokeswoman for the software maker said. The company isn't aware of any attempts to exploit the vulnerabilities, she said.

    Upon the completion of the investigation, Microsoft will take the appropriate action to protect users. That could be a fix as part of the company's monthly patching cycle, a fix in the next service pack or a special update, the spokeswoman said.

    EEye reported the flaws to Microsoft on March 16 and March 29, according to the eEye Web site.

    Maiffret said he hopes Microsoft will produce a patch within two months, the industry-standard time for delivering a fix.

    Source
    \"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
    Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    One of the vulnerabilities could let an attacker compromise a user's machine after the user clicks on a Web link, said Marc Maiffret, co-founder and chief hacking officer at eEye. "Nothing that would be normally suspicious to the user," he said.
    Oh joy. So we can expect a rash of worms to be released that will affect all those that don't patch (once this patch is released).

    EEye reported the flaws to Microsoft on March 16 and March 29, according to the eEye Web site.

    Maiffret said he hopes Microsoft will produce a patch within two months, the industry-standard time for delivering a fix.
    Which industry!? Why two months for something that is this critical?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    In And Above Man Black Cluster's Avatar
    Join Date
    Feb 2005
    Posts
    912
    Which industry!? Why two months for something that is this critical?
    Let me explain this part!

    Microsoft industry-standards {Has been used interchangeably in the article}:

    [1] Late vulnerability reporting.
    [2] Late vulnerability patching.
    [3] Late vulnerability exposing.
    [4] No patches for petential risks, only for proof-of-concept and exploited vulnerabilities.
    [5] Giving enough time for Spammers to fool people, since MS always helps people.

    As I said, MS always gives enough time for Spammers and black hats to exploite and earn some money before they patch, MS always thinks of other people.

    Hope I could explain, even a little...

    Cheers
    \"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
    Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster

  4. #4
    Senior Member
    Join Date
    Aug 2003
    Posts
    224
    What kind of statement is this?

    "The vulnerabilities exist in the default installations of the applications on most current versions of Windows"
    There are many rewarding oppurtunities awaiting composure from like minds and great ideas. It in my objective to interconnect great things.

  5. #5
    In And Above Man Black Cluster's Avatar
    Join Date
    Feb 2005
    Posts
    912
    Originally posted here by fraggin
    What kind of statement is this?

    "The vulnerabilities exist in the default installations of the applications on most current versions of Windows"
    Lets say that you are about istalling Outlook for the first time, the default installed files {Program} are subject to these flaws,. For instance, IE in the Win 5.0 SP3 or SP4.

    I hope I could help.

    Cheers
    \"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
    Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •