News

E-Mail-Borne Virus Danger Detected, Fixed

Microsoft has released a patch that eliminates a vulnerability that could allow a malicious user to embed an unsafe executable application within an e-mail message and disguise it as a safe type of attachment. The unsafe executable could then be made to execute if the user opened the attachment.

A particular ActiveX control allows cabinet files to be launched and executed. This could allow an HTML e-mail message to contain a malicious cabinet file, disguised as a file of an innocuous type -- such as .jpg, .gif, or .txt. If a user attempted to open this file, the operation would fail, but could leave a copy of the file in a known location. The ActiveX control could then be used via a script embedded in the mail to launch the copy, thereby executing the malicious code.

The affected AcitveX control ships as part of Microsoft Internet Explorer 4 and 5. The patch is available at http://windowsupdate.microsoft.com.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • RAMBleed Side-Channel Attack Method Disclosed by Researchers

    Academic researchers this week published information about another side-channel attack method, called "RAMBleed," that can expose information from memory chips, including encryption key information.

  • Penguin

    Windows 10 Preview Build 18917 Shows Off New Linux Integration

    Microsoft's latest Windows 10 "fast-ring" preview release is showcasing a coming Delivery Optimization enhancement, along with the ability to try the newly emerged Windows Subsystem for Linux version 2.

  • Customizing Microsoft Office 365

    While the overall look and feel of Office 365 is pretty standard across organizations, there are several ways to personalize it and make it fit better with your company's specific needs.

  • Microsoft 365 Business Tenants Getting Conditional Access and Trouble-Ticket Features

    Microsoft added its conditional access security service to Microsoft 365 Business subscriptions, according to a Wednesday announcement, and it also added new trouble-ticket features for Microsoft 365 administrators.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.