Summary:
- These vulnerabilities affect: The versions of Outlook that ship with Microsoft Office 2002, 2003, and 2007
- How an attacker exploits them: By enticing your users into opening or previewing a maliciously crafted email message
- Impact: The attacker can execute code, potentially gaining complete control of your Windows computers
- What to do: Install the appropriate Office patches immediately, or let Windows Automatic Update do it for you.
Exposure:
As part of today’s Patch Day, Microsoft released an Office security bulletin describing a critical buffer overflow vulnerability that affects the versions of Outlook that ship with Microsoft Office 2002, 2003, and 2007. Specifically, Outlook suffers from a heap buffer overflow vulnerability due to its inability to handle specially crafted email. If an attacker can get one of your Outlook users to open or preview a malicious email message, she can execute code on that user’s computer with that user’s privileges. If your users have local administrator privileges, as most Windows users do, the attacker can leverage this flaw to gain complete control of your users’ computers.
Luckily, one factor significantly mitigates the risk of this serious vulnerability for Outlook 2003 and 2007 clients. Specifically, this flaw only affects Outlook clients that connect to an Exchange server in Online Mode. It does not affect Outlook clients that connect to an Exchange server in Cached Exchange Mode. By default, Outlook 2003 and 2007 clients connect to Exchange servers with the unaffected Cached Exchange Mode. However, Outlook 2002 clients don’t support Cached Exchange Mode, and thus suffer the greatest risk from this flaw.
We recommend you upgrade all your Outlook clients as soon as possible to avoid this serious vulnerability. Furthermore, if you have Outlook 2002 clients, update them immediately.
Solution Path:
Microsoft has released patches that correct this serious Outlook flaw. You should download, test, and deploy the appropriate patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these for you.
Outlook Update for:
For All WatchGuard Users:
Attackers can exploit this flaw with seemingly normal email messages. The patches above are your best solution. Theoretically, WatchGuard’s incoming SMTP proxy might be able to help prevent emails that target this vulnerability. However, neither Microsoft, nor any third party researcher, have disclosed specifically how an attacker would have to craft an email in order to trigger this flaw. Without this information, we can’t say for sure whether or not our proxy might help. However, if we do learn such details, we will update this alert.
Status:
Microsoft has released patches correcting this issue.
References:
- Microsoft Security Bulletin MS10-064
This alert was researched and written by Corey Nachreiner, CISSP.
Leave a Reply