Symantec: Exploit Appears For Outlook Express Vulnerability
Symantec warns that a working exploit has appeared for one of the vulnerabilities Microsoft revealed last week.
Symantec on Friday warned that a working exploit has appeared for one of the vulnerabilities Microsoft revealed last week, making it even more imperative that the patch be deployed.
The vulnerability, dubbed MS05-030 by Microsoft on June 14, relates specifically to Outlook Express, the bare-bones e-mail client packaged with Windows. According to Microsoft, Outlook Express has a bug in its NNTP parsing function that hackers can exploit by creating a news server loaded with malicious code.
Although Microsoft said in its bulletin that users who rely on Outlook Express (OE) as their newsgroup reader are primarily at risk, Symantec noted that because of OE's tight integration with Internet Explorer, past exploits have been able to compromise systems even when OE wasn't actually used on the vulnerable PCs.
Windows 2000, XP, and Server 2003 are affected by this, although Windows XP SP2 is not.
Exploit code for this vulnerability has gone public, Symantec said, and pointed to a French firm, FrSIRT, that had posted the code on its Web site.
If Microsoft's patch cannot be deployed, Symantec recommended that users disable Outlook Express as the news:// URL handler by removing the Windows registry key "HKEY_CLASSES_ROOT\news\shell\open\command" and blocking access to untrusted NNTP servers at the perimeter.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.