9/11/2023 0 Comments Download sandboxie 5.22![]() But anyone with installed versions of Outlook should seriously consider installing the patch for Outlook 2007 ( KB 4011200, four months beyond its end-of-support date), Outlook 2010 ( KB 4011711 ), Outlook 2013 ( KB 4011697 ), and/or Outlook 2016 ( KB 4011682 ). ![]() It just infects.įortunately, there aren’t any known exploits. To be really blunt: If you’re using Outlook 2007, 2010, 2013, or 2016 – the installed versions – you’ll be vulnerable to drive-by email attacks by previewing a bad email or just by downloading a rigged email. That means there’s a potential for an attacker to exploit this merely by sending an email. You read that right – not viewing, not previewing, but upon receipt. Outlook attempts to open the pre-configured message on receipt of the email. The email would need to be fashioned in a manner that forces Outlook to load a message store over SMB. This bug occurs when an attacker sends a maliciously crafted email to a victim. The end user targeted by such an attack doesn’t need to open or click on anything in the email – just view it in the Preview Pane. What’s truly frightening with this bug is that the Preview Pane is an attack vector, which means simply viewing an email in the Preview Pane could allow code execution. Describing the first security hole, Childs says: Dustin Childs, posting on Trend Micro’s Zero Day Initiative web site, explains why they’re so bothersome. Two of the security holes, CVE-2018-0852 and CVE-2018-0850, were both discovered by Microsoft employee Nicolas Joy, both described in full and publicly patched – as opposed to being buried in some nameless update. There are no known exploits in the wild for any of the security holes at this point.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |