News
News
4/26/2002
10:29 AM
Connect Directly
RSS
E-Mail
50%
50%

Microsoft Patches Outlook Flaw

The vulnerability exists because of potential conflicting security settings in Word and Internet Explorer, Microsoft says.

Microsoft has issued a patch for a security flaw that affects users of Microsoft Outlook 2000 and 2002. If Microsoft Word is used as the E-mail editor, a condition could exist that would allow an attacker to run potentially malicious software on the user's system.

The vulnerability exists because of potentially conflicting security settings in Word and Internet Explorer, Microsoft says. When displaying an HTML E-mail in Outlook, the security settings of Explorer are applied, which won't allow scripts to run. However, when forwarding or replying to such documents and Word is the E-mail editor, scripts aren't blocked, the company says.

An attacker could exploit this vulnerability by sending a malformed HTML E-mail containing a script to an Outlook user who's using Word as the E-mail editor. If the user replies to or forwards the E-mail, the script would then run, according to the security bulletin.

More information and a patch that remedies the security hole can be found on Microsoft's Web site.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
The weekly wrap-up of the top stories from InformationWeek.com this week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.