Attackers could exploit two serious security holes in Internet Explorer, Outlook and other Windows programs to unleash malicious code, eEye Digital Security has discovered.
The Aliso Viejo, Calif.-based company offered few details on its Web site Friday, saying it doesn't disclose information to third parties until the manufacturer releases an advisory or patch. It did say both vulnerabilities are in the initial reporting stage and appear to be of high severity because they can be exploited remotely.
The first vulnerability "allows malicious code to be executed, contingent upon minimal user interaction," eEye said, adding that the problem affects Internet Explorer, Outlook and "additional miscellaneous titles." Operating systems affected are all versions of Windows NT 4.0, Windows 2000 and Windows XP. It remains to be determined if Windows 2003 is affected, the firm said.
The second vulnerability has the same damage potential and also affects IE and Outlook, though it's still unclear which versions of the Windows operating system are vulnerable.
A Microsoft spokeswoman confirmed Friday that the software giant is investigating the flaws eEye brought to its attention.
"At this time, Microsoft is not aware of any malicious attacks attempting to exploit the reported vulnerabilities, and there is no customer impact based on this issue," she said in an e-mail. "Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a fix through a service pack, our monthly release process or an out-of-cycle security update, depending on customer needs."
This article originally appeared on SearchSecurity.com.
Dig deeper on Microsoft Windows desktop operating systems security management