• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Microsoft Office Update Plugs Critical Outlook Hole

September 15, 2010 By The Editor

Summary:

  • These vulnerabilities affect: The versions of Outlook that ship with Microsoft Office 2002, 2003, and 2007
  • How an attacker exploits them: By enticing your users into opening or previewing a maliciously crafted email message
  • Impact: The attacker can execute code, potentially gaining complete control of your Windows computers
  • What to do: Install the appropriate Office patches immediately, or let Windows Automatic Update do it for you.

Exposure:

As part of today’s Patch Day, Microsoft released an Office security bulletin describing a critical buffer overflow vulnerability that affects the versions of Outlook that ship with Microsoft Office 2002, 2003, and 2007. Specifically, Outlook suffers from a heap buffer overflow vulnerability due to its inability to handle specially crafted email. If an attacker can get one of your Outlook users to open or preview a malicious email message, she can execute code on that user’s computer with that user’s privileges. If your users have local administrator privileges, as most Windows users do, the attacker can leverage this flaw to gain complete control of your users’ computers.

Luckily, one factor significantly mitigates the risk of this serious vulnerability for Outlook 2003 and 2007 clients. Specifically, this flaw only affects Outlook clients that connect to an Exchange server in Online Mode. It does not affect Outlook clients that connect to an Exchange server in Cached Exchange Mode. By default, Outlook 2003 and 2007 clients connect to Exchange servers with the unaffected Cached Exchange Mode. However, Outlook 2002 clients don’t support Cached Exchange Mode, and thus suffer the greatest risk from this flaw.

We recommend you upgrade all your Outlook clients as soon as possible to avoid this serious vulnerability. Furthermore, if you have Outlook 2002 clients, update them immediately.

Solution Path:

Microsoft has released patches that correct this serious Outlook flaw. You should download, test, and deploy the appropriate patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these for you.

Outlook Update for:

  • Office XP (2002)
  • Office 2003
  • 2007 Microsoft Office System

For All WatchGuard Users:

Attackers can exploit this flaw with seemingly normal email messages. The patches above are your best solution. Theoretically, WatchGuard’s incoming SMTP proxy might be able to help prevent emails that target this vulnerability. However, neither Microsoft, nor any third party researcher, have disclosed specifically how an attacker would have to craft an email in order to trigger this flaw. Without this information, we can’t say for sure whether or not our proxy might help. However, if we do learn such details, we will update this alert.

Status:

Microsoft has released patches correcting this issue.

References:

  • Microsoft Security Bulletin MS10-064

This alert was researched and written by Corey Nachreiner, CISSP.

Share This:

Related

Filed Under: Security Bytes

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • How Not to Update Software

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use