Microsoft email flaw targets Vista users

By
Follow google news

Researchers have reported a vulnerability in Microsoft Vista's email client, Windows Mail, which could allow remote attackers to execute code.

Microsoft email flaw targets Vista users
Cybercrooks have persuaded users to click on a malicious URL that attempts to exploit the flaw by sending a specially crafted email, according to an IBM Internet Security Systems X-Force advisory released over the weekend.

The advisory labelled the bug "medium risk" because it requires user interaction to be exploited.

According to a National Vulnerability Database summary, The vulnerability exists because Windows Mail might allow remote attackers to execute certain programs via a link to a local file or UNC (universal naming convention) share path name in which there is a directory with the same base name as an executable program at the same level.

UNC is a filename format used to indicate the location of directories or resources to be accessed.

A Microsoft spokesman said the software giant was investigating, but not aware of any attacks exploiting the flaw.

Vista deployment rates are still low within the enteprise, with most analysts expecting the roll-over to come in the next 18 to 24 months.

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
applicationemailflawmicrosoftsecuritytargetsusersvista

Sponsored Whitepapers

The future of resilience: AI-Driven dynamic storage
The future of resilience: AI-Driven dynamic storage
5 reasons to adopt a mobile first security strategy
5 reasons to adopt a mobile first security strategy
Uncomplicate IT Service Delivery with AI Agents
Uncomplicate IT Service Delivery with AI Agents
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Fintech compliance made fast and secure
Fintech compliance made fast and secure

Events

Most Read Articles

FBI remotely patched privately-owned routers to evict Russian GRU spies

FBI remotely patched privately-owned routers to evict Russian GRU spies
Dead cars tell tales by storing data that's never wiped

Dead cars tell tales by storing data that's never wiped
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
AI-boosted hacks with Anthropic’s Mythos could have dire consequences for banks

AI-boosted hacks with Anthropic’s Mythos could have dire consequences for banks
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?