12 Jan Microsoft e-mail software has 'critical' vulnerability
A flaw Microsoft disclosed on Tuesday in its Exchange and Outlook e-mail software could be worse than previously thought – and worse than the image-viewing bug of the last few weeks, a security researcher says.
Just by sending an e-mail, an attacker could take control of an older version of Microsoft’s Exchange mail server, according to Mark Litchfield, director of NGS Software in the U.K. Nobody would even have to open or read the e-mail message, which is what makes this such a potentially dangerous flaw. From there, the attacker could take over copies of Outlook that connected to that server.
Microsoft has called the bug “critical” and released patches for Exchange 5.0 and 5.5, which are affected and are technically no longer supported since the end of December. Exchange Server 2003 is said to be immune, but current versions of Outlook, including Outlook 2003, could be affected.
• TechWeb: Microsoft’s Newest Bug Could Be Awful, Researcher Says