Hirdetés
. Hirdetés

Microsoft patches two critical vulnerabilities

|

As part of its monthly security updates, Microsoft Corp. Tuesday released patches for two critical vulnerabilities in its products. The more serious of the two flaws is a remote code execution vulnerability affecting Microsoft Outlook and Microsoft Exchange Server products.

Hirdetés

The privately reported vulnerability involves the manner in which Exchange and Outlook decode a format called Transport Neutral Encapsulation Format (TNEF), which is used when sending e-mail messages in Rich Text Format.

An attacker who took advantage of the flaw would potentially be able to gain complete administrative control of a compromised system, according to Microsoft.

What makes the TNEF flaw particularly dangerous is the fact that it exists in Exchange and Outlook, both of which are widely used in corporate settings, said Alain Sergile, technical product manager for Atlanta-based Internet Security Systems Inc.'s X-Force team.

Adding to the threat is that the vulnerability does not need user participation in order to be exploited, said Michael Sutton, director of iDefense Labs in Reston, Va.

"All that needs to take place is for an e-mail to get sent to a server" for the flaw to be exploited, Sutton said. This raises the possibility of widespread infections if an exploit ever becomes available for the flaw, he added.

But exploiting the flaw won't be particularly easy, Sergile said. "We think that from a software engineering perspective, it will be fairly complicated to exploit, but it is feasible," he said.

The other flaw disclosed Tuesday is also a privately reported vulnerability that exists in the way Windows handles malformed embedded Web fonts.

According to Microsoft's description, "An attacker could exploit the vulnerability by constructing a malicious embedded Web font that could potentially allow remote code execution if a user visited a malicious Web site or viewed a specially crafted e-mail message."

Though the flaw is also serious, it requires active user interaction for it to be exploited, thereby making it less dangerous than the TNEF flaw, Sutton said.

Hirdetés
0 mp. múlva automatikusan bezár Tovább az oldalra »

Úgy tűnik, AdBlockert használsz, amivel megakadályozod a reklámok megjelenítését. Amennyiben szeretnéd támogatni a munkánkat, kérjük add hozzá az oldalt a kivételek listájához, vagy támogass minket közvetlenül! További információért kattints!

Engedélyezi, hogy a https://www.computertrends.hu értesítéseket küldjön Önnek a kiemelt hírekről? Az értesítések bármikor kikapcsolhatók a böngésző beállításaiban.