Microsoft Raises Threat Level of Outlook Hole

 
 
By Matthew Hicks  |  Posted 2004-03-10 Print this article Print
 
 
 
 
 
 
 

A day after issuing a fix for an Outlook 2002 vulnerability, Microsoft warns that another attack scenario makes the risk to users "critical."

Microsoft Corp. on Wednesday upped the severity of one of three security patches it issued a day earlier, warning that it discovered another attack scenario for a hole in Outlook 2002.

The Redmond, Wash., software maker increased the threat level of the Outlook security vulnerability to its highest level of four—"critical." The Outlook 2002 hole could let an attacker run malicious code on a users machine.

Microsoft originally had labeled the vulnerability as "important" and believed that attackers could only exploit the hole if users had set the Outlook Today folder as the default view for Outlook 2002, said Mike Reavey, a Microsoft security program manager.

After issuing a fix for the Outlook hole, as part of Microsofts March security bulletin releases, the company learned from the researcher who discovered the vulnerability that attackers could reach a wider number of users by forcing them into the view in order to run an exploit, Reavey said.
"It has the potential to affect users that are in any (Outlook 2002) view at all," he said. The change in the security holes severity does not affect the actual fix that Microsoft issued, Reavey said, but lets users know that the risk is greater than originally thought. Check out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:  
 
 
 
 
Matthew Hicks As an online reporter for eWEEK.com, Matt Hicks covers the fast-changing developments in Internet technologies. His coverage includes the growing field of Web conferencing software and services. With eight years as a business and technology journalist, Matt has gained insight into the market strategies of IT vendors as well as the needs of enterprise IT managers. He joined Ziff Davis in 1999 as a staff writer for the former Strategies section of eWEEK, where he wrote in-depth features about corporate strategies for e-business and enterprise software. In 2002, he moved to the News department at the magazine as a senior writer specializing in coverage of database software and enterprise networking. Later that year Matt started a yearlong fellowship in Washington, DC, after being awarded an American Political Science Association Congressional Fellowship for Journalist. As a fellow, he spent nine months working on policy issues, including technology policy, in for a Member of the U.S. House of Representatives. He rejoined Ziff Davis in August 2003 as a reporter dedicated to online coverage for eWEEK.com. Along with Web conferencing, he follows search engines, Web browsers, speech technology and the Internet domain-naming system.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel