Security Flaw Found In Outlook Plug-In
Network Associates' PGP Desktop Security 7.0.4, PGP Personal Security 7.0.3, and PGP Freeware 7.0.3 contain a flaw that could let attackers take control of systems, according to eEye Digital Security.
Users of Network Associates' PGP Desktop Security 7.0.4, Users of Network Associates' PGP Desktop Security 7.0.4, PGP Personal Security 7.0.3, and PGP Freeware 7.0.3 are being warned that the popular encryption software contains a serious security vulnerability that could let attackers take control of their systems, and even compromise secure communications if the attacker installs keystroke-logging software as part of the attack.
The flaw doesn't affect the PGP, Pretty Good Privacy, encryption software itself but rather the PGP plug-in for Microsoft Outlook E-mail used to encrypt sensitive E-mail messages, according to eEye Digital Security.
PGP is widely available for download on the Web as freeware and is used by law-enforcement and U.S. intelligence agencies.
Outlook users who merely select a malicious E-mail containing carefully crafted code could find their systems hacked, eEye says. "This can lead to the compromise of the target's machine, as well as their PGP-encrypted communications," according to eEye's advisory.
Network Associates has made a patch available for download at http://www.nai.com/naicommon/download/upgrade/patches/patch-pgphotfix.asp.
According to the advisory, PGP Corporate Desktop users aren't affected.
About the Author
You May Also Like
2024 InformationWeek US IT Salary Report
Aug 15, 20242024 InformationWeek US IT Salary Report
May 29, 20242022 State of ITOps and SecOps
Jun 21, 2022