Home › News › Industry News
Outlook TNEF flaw could be much worse than WMF flaw
"An attacker may leverage these issues to carry out a denial-of-service attack or execute arbitrary code on an affected computer with the privileges of the user viewing a malicious image," Symantec said. "An attacker may gain system privileges if an administrator views the malicious file. Local code execution may also facilitate a complete compromise."
This could end up being a much worse case than the WMF flaw, which resulted in a lot of headaches and many infected machines. Apparently, this has been known about for close to 3 months. Hopefully, Microsoft will wise up in the future and not wait extreme long amounts of time before fixing things like this, as Outlook and Exchange make up a huge amount of clients in the office environment.
User Comments (9)
Post a comment|
sngx1275
on January 13, 2006 11:44 AM |
Well if IT gets on it quick, there won't be a problem. There is already a fix avaiable.This could be a chance to see which companies might be hiring new IT guys, after they fire their current onces. |
|
asphix
on January 13, 2006 12:20 PM |
I agree that this is a big problem. A lot of corporate environments use outlook every day and many use exchange server as well. The means of executing the flaw is extremely easy too.Thanks for the important info! |
|
PanicX
on January 13, 2006 1:48 PM |
[b]Quoted from Justin Mann:[/b][quote]"An attacker may leverage these issues to carry out a denial-of-service attack or execute arbitrary code on an affected computer with the privileges of the user viewing a malicious image," Symantec said. "An attacker may gain system privileges if an administrator views the malicious file. Local code execution may also facilitate a complete compromise."[/quote]This quote looks like it was taken out of context as in the article it actually applies to the WMF vulnerabilities discovered after the WMF patch that was recently released. |
|
Race
on January 13, 2006 2:57 PM |
The disturbing thing about this flaw is that it involves the server and client side, so an infected email, for instance, can exploit every server it passes through along the way to the target.As quoted from Mike Murray (nCircle Network Security):"if the attackers were motivated to exploit the flaw in spectacular fashion, they could concoct a worm that attacks the entire transit path of an infected e-mail, potentially making it the fastest-spreading worm on record". The good news is that the flaw is apparently restricted to the mentioned software, and does not effect those of us using Outlook Express.As sngx1275 alluded to......let's hope IT Admins are doing their jobs! |
|
MonkeyMan
on January 13, 2006 10:11 PM |
This is very unfortunate. I just couldn't imagine opening up a program, and then finding out later, that someone has been tampering with my files. Even worse, if the attacker gained adminstrator privileges, they have basically taken over your entire system. They could delete, and place files wherever they please, and possibly even uninstall windows from your system!!!!!!! scary thought, but I have faith that Microsoft will fix this problem. |
|
yoyomama
on January 14, 2006 2:46 AM |
TNEF, WMF,I'm sure one of these days we'll see a WTF flaw in the headlines. |
|
Cy6erpuke
on January 14, 2006 10:00 AM |
This IS upsetting. I do not care how easy it is to fix, MS should be ashamed. This kind of flaw can really cost a lot of companies a lot of money. As sngx1275 says, some will fix it quickly, but others will get fired, how does MS respond to releasing their flawed software in the first place.... proud?I was upset enough to find out the Outlook2003 did not support calendar sharing anymore (through net folders), now this! I dont like monopoly, hell, since William, I don't even play it anymore. Makes me sick what happens to quality of product, once all competition gets squashed (or bought). |
|
ThomasNews
on January 15, 2006 4:32 PM |
Good old Microsoft security thinking - "we know what the problem is, but if it's not public yet, what's the rush?" I thought they said they'd gone beyond their old vision of how to handle security issues; not that Secunia makes for notably more comfortable reading;[url]http://secunia.com/product/22/[/url][url]http:/ secunia.com/product/11/[/url] |
|
mentaljedi
on January 17, 2006 1:15 PM |
Its a good thing i don't use Outlook much but i am pretty concerned with how many problems have popped up recently. Microsfot, we're watching you... |
Most Popular
| Trending | Featured |
-
iOS 5.1.1 untethered jailbreak tool released, supports 4S, iPad 3
-
After five days, Facebook ranks as worst IPO flop of the decade
-
Rumor: Windows 8 RC will launch June 1, will ship with Adobe Flash
-
Rumor: AMD "Piledriver" FX CPU production to begin Q3 2012
-
Diablo III becomes the fastest-selling PC game in history
Editors' Case Picks
Subscribe to TechSpot
Get free exclusive content, learn about new features and tech breaking news.
