Detail: Microsoft recognizes that there is a serious security vulnerability in Outlook
Http://www.sina.com.cn 2001/02/24 14:53
Sina Technology
New York Local Time February 23, US Software Giant Microsoft issued a news that the company's popular email service software Outlook and Outlook Express did "defect", it is possible to be subject to some malicious viruses and "Troy Trojan "intrusion. This is the first time that the company has recently recognized its email programs existing security vulnerabilities. Previously, the company had always a denial of attitude towards this issue.
Microsoft said in a statement that its email program handles the electronic business card (VCARD) "疵", this "疵" is likely to make the user's personal computer is "Trojan" and some viruses. Microsoft said that some malicious attackers may write a data or program, then place this data in the "birthday bar" of the electronic business card, thereby avoiding the viral security scanner of the email software, when these viruses are When e-business cards are sent to others in the form of an email, their computers may be infringed.
Microsoft said that when Outlook 2000 or 97 and Outlook Express 5.01 or 5.5 open an electronic business card (VCARD) containing malicious code, the malicious code contained in the electronic business card (VCARD) will cause the email software to crash. More serious is that these malicious code may make the user's personal computer seriously damage. Since the content of these malicious code is uncontrolled, it is entirely on the willingness of the writer, so it will be difficult to estimate. A security adviser of Microsoft Company said, "These malicious code can make any operation it want, as long as the user's computer has this permission."
It is reported that this security vulnerability is first discovered by network security company @stake, which makes people worry about the content of the email attachment. Scott Culp, Microsoft Company Safety Project Manager, said that the company has worked closely with @stake for more than two months, and strive to solve this problem as soon as possible. Although @stake believes that the security vulnerability is in the "birthday bar" of the electronic business card (VCARD, Microsoft has not confirmed this. Kapp said, "We publish this statement to tell users what problems have we have in our skills, and what happens under the circumstances, and what users may face. We don't want to help those malicious attackers to make these malicious Attack program. "
@Stake's headquarters in Massachusetts Cambridge City, the company's researcher Ollie Whitehouse first discovered this lack, but he refused to comment on this. Another security adviser of the company warned that this defect is easily utilized by viruses and "Troy" Trojans, becoming the basis of attacking user computers.
Fortunately, the electronic business card (vcard) file is always in the form of an attachment and itself does not automatically open, so as long as the user does not take the initiative to open it, the user's computer will not have The danger of being infringed. But once the user doubles the electronic business card (VCARD) attachment with the attack code, or the business card is dragged to the "Contact" folder of the mail program, the user's computer will face very serious dangers.
Kapp also said that Outlook email programs on Apple Macintosh computer did not have this defect. Microsoft recommends that users have installed the company as soon as possible. This defect has been resolved in the IE5.01, 5.5 and Windows 2000 Patch Service Pack 2 versions of Microsoft. (Wang Yuzhong)