News

Outlook-Word Vulnerability Could Allow Code Execution

Organizations running Microsoft's Outlook e-mail client face a new security vulnerability if some users choose Word as their default e-mail editor.

Microsoft classifies the newly discovered vulnerability as a moderate risk to client systems, and the company has a patch available at www.microsoft.com/technet/security/bulletin/MS02-021.asp.

A feature of Outlook 2000 and Outlook 2002 allows users to select Microsoft Word as the e-mail editor when writing or editing e-mail in Rich Text or HTML. A vulnerability means that when Outlook is used that way, replying or forwarding to e-mail from a malicious user could execute scripts that run in the security context of the user.

Microsoft uses different security settings for displaying e-mail versus editing e-mail. Outlook displays HTML e-mail by applying Internet Explorer security zone settings that prevent scripts from running. But if the user replies or forwards the message, Outlook opens the e-mail and passes the message to the Word editor, which doesn't block scripts.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

comments powered by Disqus