Article

Critical flaws in IE, Outlook

Bill Brenner

Attackers could exploit two serious security holes in Internet Explorer, Outlook and other Windows programs to unleash malicious code, eEye Digital Security has discovered.

The Aliso Viejo, Calif.-based company offered few details on its Web site Friday, saying it doesn't disclose information to third parties until the manufacturer releases an advisory or patch. It did say both vulnerabilities are in the initial reporting stage and appear to be of high severity because they can be exploited remotely.

The first vulnerability "allows malicious code to be executed, contingent upon minimal user interaction," eEye said, adding that the problem affects Internet Explorer, Outlook and "additional miscellaneous titles." Operating systems affected are all versions of Windows NT 4.0, Windows 2000 and Windows XP. It remains to be determined if Windows 2003 is affected, the firm said.

The second vulnerability has the same damage potential and also affects IE and Outlook, though it's still unclear which versions of the Windows operating system are vulnerable.

A Microsoft spokeswoman confirmed Friday that the software giant is investigating the flaws eEye brought to its attention.

"At this time, Microsoft is not aware of any malicious attacks attempting to exploit the reported vulnerabilities, and there is no customer impact based on this issue," she said in an e-mail. "Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a fix through a service pack, our monthly release process or an out-of-cycle security update, depending on customer needs."

This article originally appeared on SearchSecurity.com.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: