Critical flaws in IE, Outlook

Article

Critical flaws in IE, Outlook

Attackers could exploit two serious security holes in Internet Explorer, Outlook and other Windows programs to unleash malicious code, eEye Digital Security has discovered.

The Aliso Viejo, Calif.-based company offered few details on its Web site

    Requires Free Membership to View

    Login

    When you register, you’ll also receive targeted alerts from my team of editorial writers and independent industry experts with the latest news, tips, and advice to help you do your job more efficiently and effectively. Our goal is to keep you informed on the hottest topics and biggest challenges faced by IT professionals today working with desktop management and security technologies.

    Cathleen A. Gagne, Senior Editorial Director

    By submitting your registration information to SearchEnterpriseDesktop.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchEnterpriseDesktop.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Friday, saying it doesn't disclose information to third parties until the manufacturer releases an advisory or patch. It did say both vulnerabilities are in the initial reporting stage and appear to be of high severity because they can be exploited remotely.

The first vulnerability "allows malicious code to be executed, contingent upon minimal user interaction," eEye said, adding that the problem affects Internet Explorer, Outlook and "additional miscellaneous titles." Operating systems affected are all versions of Windows NT 4.0, Windows 2000 and Windows XP. It remains to be determined if Windows 2003 is affected, the firm said.

The second vulnerability has the same damage potential and also affects IE and Outlook, though it's still unclear which versions of the Windows operating system are vulnerable.

A Microsoft spokeswoman confirmed Friday that the software giant is investigating the flaws eEye brought to its attention.

"At this time, Microsoft is not aware of any malicious attacks attempting to exploit the reported vulnerabilities, and there is no customer impact based on this issue," she said in an e-mail. "Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a fix through a service pack, our monthly release process or an out-of-cycle security update, depending on customer needs."

This article originally appeared on SearchSecurity.com.