Microsoft Fixes Nasty Outlook, Exchange E-Mail Bug - InformationWeek
03:45 PM

Microsoft Fixes Nasty Outlook, Exchange E-Mail Bug

Microsoft serves up two more "Critical" bug fixes, including one for a bug that allows attackers to hack into any Exchange server or Outlook owner's PC just by sending a malformed E-mail message.

Microsoft's security problems didn't improve much Tuesday, when it followed last week's out-of-cycle fix of a major bug with two more "Critical" vulnerabilities, including one that allows attackers to hack into any Exchange server or Outlook owner's PC just by sending a malformed e-mail message.

The most dangerous of the two new vulnerabilities is the one spelled out in MS06-003, argued Mike Murray, director of research at vulnerability management vendor nCircle.

"This one isn't an MSBlast-style bug, but it's severe enough that if someone is clever, they'll come up with a quickly-propagating worm that will do some major damage," said Murray.

The problem, he added, is that it's a "dual opportunity vulnerability," since it impacts both Outlook, Microsoft's main e-mail client, and the Exchange mail server software.

"This one's going to be really interesting to watch," said Murray, "because it has two vectors, Exchange as well as Outlook. An attacker could e-mail one message to 100 people and compromise 15 servers and 100 people all at the same time."

Outlook and Exchange are vulnerable because of the way they decode the Transport Neutral Encapsulation Format (TNEF) MIME attachment. TNEF is used by Exchange and Outlook when sending and processing messages formatted as Rich Text Format (RTF), one of the formatting choices available to Outlook users (the others are Plain Text and HTML).

An attacker could gain full control of a Windows PC by sending a specially-formatted message to an Exchange Server and/or Outlook 2000, 2002, or 2003 user; unlike other attacks, ones based on this vulnerability wouldn't have to dupe users into opening e-mail attachments. Simply receiving such a message through an Exchange server is enough for a successful attack.

"If an attacker figures out how to craft two different payloads, one that affects the servers, the other that hits Outlook clients, you're going to see a really different worm, one with a unique propagation," warned Murray.

Microsoft's work-around for those who couldn't immediately apply the patch is to strip out all Rich Text-formatted messages at the gateway. But that, said Murray, might be impossible for enterprises. "I still get about 10 percent of my e-mail from people using Rich Text format. If a company starts stripping out 10 percent of its mail, it's going to have some serious e-mail issues."

The second bulletin of Tuesday, MS06-002, outlines a vulnerability in how Windows processes embedded Web fonts. An attacker could use malformed fonts in either a site or an HTML e-mail message to hack into a PC, said Microsoft's bulletin, which warned that "an attacker who successfully exploited this vulnerability could take complete control of an affected system."

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll