Microsoft Fixes Nasty Outlook, Exchange E-Mail Bug - InformationWeek
03:45 PM

Microsoft Fixes Nasty Outlook, Exchange E-Mail Bug

Microsoft serves up two more "Critical" bug fixes, including one for a bug that allows attackers to hack into any Exchange server or Outlook owner's PC just by sending a malformed E-mail message.

Microsoft's security problems didn't improve much Tuesday, when it followed last week's out-of-cycle fix of a major bug with two more "Critical" vulnerabilities, including one that allows attackers to hack into any Exchange server or Outlook owner's PC just by sending a malformed e-mail message.

The most dangerous of the two new vulnerabilities is the one spelled out in MS06-003, argued Mike Murray, director of research at vulnerability management vendor nCircle.

"This one isn't an MSBlast-style bug, but it's severe enough that if someone is clever, they'll come up with a quickly-propagating worm that will do some major damage," said Murray.

The problem, he added, is that it's a "dual opportunity vulnerability," since it impacts both Outlook, Microsoft's main e-mail client, and the Exchange mail server software.

"This one's going to be really interesting to watch," said Murray, "because it has two vectors, Exchange as well as Outlook. An attacker could e-mail one message to 100 people and compromise 15 servers and 100 people all at the same time."

Outlook and Exchange are vulnerable because of the way they decode the Transport Neutral Encapsulation Format (TNEF) MIME attachment. TNEF is used by Exchange and Outlook when sending and processing messages formatted as Rich Text Format (RTF), one of the formatting choices available to Outlook users (the others are Plain Text and HTML).

An attacker could gain full control of a Windows PC by sending a specially-formatted message to an Exchange Server and/or Outlook 2000, 2002, or 2003 user; unlike other attacks, ones based on this vulnerability wouldn't have to dupe users into opening e-mail attachments. Simply receiving such a message through an Exchange server is enough for a successful attack.

"If an attacker figures out how to craft two different payloads, one that affects the servers, the other that hits Outlook clients, you're going to see a really different worm, one with a unique propagation," warned Murray.

Microsoft's work-around for those who couldn't immediately apply the patch is to strip out all Rich Text-formatted messages at the gateway. But that, said Murray, might be impossible for enterprises. "I still get about 10 percent of my e-mail from people using Rich Text format. If a company starts stripping out 10 percent of its mail, it's going to have some serious e-mail issues."

The second bulletin of Tuesday, MS06-002, outlines a vulnerability in how Windows processes embedded Web fonts. An attacker could use malformed fonts in either a site or an HTML e-mail message to hack into a PC, said Microsoft's bulletin, which warned that "an attacker who successfully exploited this vulnerability could take complete control of an affected system."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
2017 State of IT Report
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends for 2018
As we enter a new year of technology planning, find out about the hot technologies organizations are using to advance their businesses and where the experts say IT is heading.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll