Outlook TNEF flaw could be much worse than WMF flaw

By Justin Mann on January 13, 2006, 11:11 AM
Despite just having dealt with a very serious WMF flaw that ended up with users creating their own patches, it seems that IT Staffing won't get much of a reprieve. Critical flaws discovered in Outlook 2003, Outlook 2000, Exchange Server 2000, Exchange Server 5.5 and Exchange Server 5.0 could lead to a huge amount of compromised machines. The exploit lies in the way these programs handle TNEF Mime content. A particularly crafted e-mail is all it takes, and all an Outlook client has to do is open or preview the message. On the server side, when Exchange's “Information Store” processes the message, it can be compromised.

"An attacker may leverage these issues to carry out a denial-of-service attack or execute arbitrary code on an affected computer with the privileges of the user viewing a malicious image," Symantec said. "An attacker may gain system privileges if an administrator views the malicious file. Local code execution may also facilitate a complete compromise."
This could end up being a much worse case than the WMF flaw, which resulted in a lot of headaches and many infected machines. Apparently, this has been known about for close to 3 months. Hopefully, Microsoft will wise up in the future and not wait extreme long amounts of time before fixing things like this, as Outlook and Exchange make up a huge amount of clients in the office environment.




User Comments: 9

Got something to say? Post a comment
sngx1275 said:
Well if IT gets on it quick, there won't be a problem. There is already a fix avaiable.This could be a chance to see which companies might be hiring new IT guys, after they fire their current onces.
asphix said:
I agree that this is a big problem. A lot of corporate environments use outlook every day and many use exchange server as well. The means of executing the flaw is extremely easy too.Thanks for the important info!
PanicX said:
[b]Quoted from Justin Mann:[/b][quote]"An attacker may leverage these issues to carry out a denial-of-service attack or execute arbitrary code on an affected computer with the privileges of the user viewing a malicious image," Symantec said. "An attacker may gain system privileges if an administrator views the malicious file. Local code execution may also facilitate a complete compromise."[/quote]This quote looks like it was taken out of context as in the article it actually applies to the WMF vulnerabilities discovered after the WMF patch that was recently released.
Race said:
The disturbing thing about this flaw is that it involves the server and client side, so an infected email, for instance, can exploit every server it passes through along the way to the target.As quoted from Mike Murray (nCircle Network Security):"if the attackers were motivated to exploit the flaw in spectacular fashion, they could concoct a worm that attacks the entire transit path of an infected e-mail, potentially making it the fastest-spreading worm on record". The good news is that the flaw is apparently restricted to the mentioned software, and does not effect those of us using Outlook Express.As sngx1275 alluded to......let's hope IT Admins are doing their jobs!
MonkeyMan said:
This is very unfortunate. I just couldn't imagine opening up a program, and then finding out later, that someone has been tampering with my files. Even worse, if the attacker gained adminstrator privileges, they have basically taken over your entire system. They could delete, and place files wherever they please, and possibly even uninstall windows from your system!!!!!!! scary thought, but I have faith that Microsoft will fix this problem.
yoyomama said:
TNEF, WMF,I'm sure one of these days we'll see a WTF flaw in the headlines.
Cy6erpuke said:
This IS upsetting. I do not care how easy it is to fix, MS should be ashamed. This kind of flaw can really cost a lot of companies a lot of money. As sngx1275 says, some will fix it quickly, but others will get fired, how does MS respond to releasing their flawed software in the first place.... proud?I was upset enough to find out the Outlook2003 did not support calendar sharing anymore (through net folders), now this! I dont like monopoly, hell, since William, I don't even play it anymore. Makes me sick what happens to quality of product, once all competition gets squashed (or bought).
ThomasNews said:
Good old Microsoft security thinking - "we know what the problem is, but if it's not public yet, what's the rush?" I thought they said they'd gone beyond their old vision of how to handle security issues; not that Secunia makes for notably more comfortable reading;[url]http://secunia.com/product/22/[/url][url]http:/
secunia.com/product/11/[/url]
mentaljedi said:
Its a good thing i don't use Outlook much but i am pretty concerned with how many problems have popped up recently. Microsfot, we're watching you...
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.