Sponsor for PC Pals Forum

Author Topic: Windows Mail flaw could expose Vista users  (Read 503 times)

Offline Clive

  • Administrator
  • *****
  • Posts: 75153
  • Won Quiz of the Year 2015,2016,2017, 2020, 2021
Windows Mail flaw could expose Vista users
« on: March 27, 2007, 22:42 »
A possible security vulnerability in Windows Mail could let attackers run applications on PCs running Vista.

An attacker could send an email with a malicious link that, when clicked on, would execute a program on the PC without warning, according to a description of the problem published on Friday on a widely read security mailing list called Full Disclosure. Windows Mail is the successor to Outlook Express, Microsoft's free email client, and ships with Vista.

Microsoft is investigating the issue, a company representative said in an emailed statement. "As a best practice, users should always exercise extreme caution when clicking on links in unsolicited email from both known and unknown sources," the representative said.

Depending on what the malicious link tells Windows Mail to do, the threat to Vista users could be significant, said Dave Marcus, security research and communications manager at software maker McAfee. "Theoretically, attackers can do a lot of things; they will be able to pass any command through it," Marcus said.

However, the risk is mitigated because Vista is not widely used, Marcus said. "I don't think they will see a lot of exploitation simply because there is so little Vista deployed," he said. "I think Microsoft would take this seriously and wrap this up in their next patch."

Vista has been available to consumers since late January. Since then, Microsoft has issued one security update for the operating system to repair a "critical" vulnerability in the scanning engine for Windows Defender, the built-in anti-spyware tool.

Microsoft is not aware of any attacks that actually attempted to use the newly reported Windows Mail vulnerability, it said. Upon completion of its investigation, the company could issue a security update or provide guidance in another way, the representative said.


Show unread posts since last visit.
Sponsor for PC Pals Forum