10:29 AM

Microsoft Patches Outlook Flaw

The vulnerability exists because of potential conflicting security settings in Word and Internet Explorer, Microsoft says.

Microsoft has issued a patch for a security flaw that affects users of Microsoft Outlook 2000 and 2002. If Microsoft Word is used as the E-mail editor, a condition could exist that would allow an attacker to run potentially malicious software on the user's system.

The vulnerability exists because of potentially conflicting security settings in Word and Internet Explorer, Microsoft says. When displaying an HTML E-mail in Outlook, the security settings of Explorer are applied, which won't allow scripts to run. However, when forwarding or replying to such documents and Word is the E-mail editor, scripts aren't blocked, the company says.

An attacker could exploit this vulnerability by sending a malformed HTML E-mail containing a script to an Outlook user who's using Word as the E-mail editor. If the user replies to or forwards the E-mail, the script would then run, according to the security bulletin.

More information and a patch that remedies the security hole can be found on Microsoft's Web site.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
Increasing IT Agility and Speed To Drive Business Growth
Learn about the steps you'll need to take to transform your IT operation and culture into an agile organization that supports business-driving initiatives.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.