Critical flaws in IE, Outlook

Two high-severity flaws in IE and Outlook could allow attackers to launch malicious code.

Attackers could exploit two serious security holes in Internet Explorer, Outlook and other Windows programs to unleash malicious code, eEye Digital Security has discovered.

The Aliso Viejo, Calif.-based company offered few details on its Web site Friday, saying it doesn't disclose information to third parties until the manufacturer releases an advisory or patch. It did say both vulnerabilities are in the initial reporting stage and appear to be of high severity because they can be exploited remotely.

The first vulnerability "allows malicious code to be executed, contingent upon minimal user interaction," eEye said, adding that the problem affects Internet Explorer, Outlook and "additional miscellaneous titles." Operating systems affected are all versions of Windows NT 4.0, Windows 2000 and Windows XP. It remains to be determined if Windows 2003 is affected, the firm said.

The second vulnerability has the same damage potential and also affects IE and Outlook, though it's still unclear which versions of the Windows operating system are vulnerable.

A Microsoft spokeswoman confirmed Friday that the software giant is investigating the flaws eEye brought to its attention.

"At this time, Microsoft is not aware of any malicious attacks attempting to exploit the reported vulnerabilities, and there is no customer impact based on this issue," she said in an e-mail. "Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a fix through a service pack, our monthly release process or an out-of-cycle security update, depending on customer needs."

This article originally appeared on SearchSecurity.com.

Dig deeper on Microsoft Windows desktop operating systems security management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close