|
| New bug "critical," Microsoft says |
 |
Sat, 14 Jan 2006 14:18:59 +000 |
Now that we've got the WMF issue patched, there's another threat looming: the
TNEF (Transport Neutral Encapsulation Format) vulnerability. According to this
article by InformationWeek, the potentially huge vulnerability is a flaw in the
way the Outlook client and older versions of Exchange server decode MIME
attachments. TNEF is used when users send messages in RTF format. All that's
needed to take over an Exchange server is a "single, simple e-mail
message," according to the security expert quoted in the article.
Microsoft detailed the TNEF vulnerability in this security bulletin. In the
bulletin, you'll find update links for your version of Outlook and Exchange
Server.
|
| Post Reply
|
| Re: New bug "critical," Microsoft says |
 |
Sat, 14 Jan 2006 17:36:45 +000 |
Fortunately I use MailWasher, which not only flags spam and virii but also lets
me view the "raw" text of the email. This feature has come in handy in
the past...
Dana
|
| Post Reply
|
| Re: New bug "critical," Microsoft says |
 |
Sat, 14 Jan 2006 22:36:57 +000 |
Thanks for the heads up on this!
We posted it HERE and I gave credit to The Hive with a link.
|
| Post Reply
|
| Re: New bug "critical," Microsoft says |
 |
Sat, 14 Jan 2006 23:00:24 +000 |
Isn't this kind of patch something distributed through Windows Update, since it
now covers OS *and* Office applications?
|
| Post Reply
|
| Re: New bug "critical," Microsoft says |
 |
Sat, 14 Jan 2006 23:03:12 +000 |
Hmmm. Reading the file download page it says it's distributed through Windows
Update. Should be all good here then...
|
| Post Reply
|
|
|
|
|
|
|
|
|
|