Article

Microsoft investigates Windows Vista Mail flaw

Bill Brenner

Microsoft confirmed Friday afternoon that it's investigating reports of a Windows Vista flaw attackers could exploit to compromise PCs by tricking the user into opening a malicious email attachment. The problem reportedly affects Windows Mail on all versions of Vista.

Cupertino, Calif.-based antivirus giant Symantec Corp. warned customers of its DeepSight threat management service early Friday that Vista's native email client will execute any script or program file that has an associated folder by the same name.

"An attacker can deliver an email message containing a malicious link that references a local executable," Symantec said in an email advisory. "If the victim clicks on this link the native program is executed with no further action required."

The vendor said an attacker could potentially exploit the design flaw to delete files or shut down the victim's computer. Other attacks are also possible. However, Symantec noted that the flaw can only be used to execute programs or scripts that natively reside on a computer and also have a folder in place by the same name.

"There is the possibility that an attacker could execute custom malicious binaries, yet they would have to first ensure that a malicious file is placed on a target system by some means," the company said. "To exploit this issue, an attacker must entice an unsuspecting user to click a malicious link in an email."

    Requires Free Membership to View

More on Windows Vista security:
Measuring Vista's true security muscle will take time

Windows Vista vulnerable to long-time attack method

Windows Vista: Security issues to consider
A Microsoft spokeswoman confirmed that the software giant is investigating the flaw report, but said there is no indication of attacks at this time.

"Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary," she said in an email exchange. "Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include issuing a security advisory or providing a security update through our monthly release process, depending on customer needs."

She added that users should always be cautious when clicking on links in unsolicited emails. Symantec agreed. "Do not accept or execute files from untrusted or unknown sources," the company advised.

Symantec also recommended users modify their default configuration files to disable any unwanted behavior. "Disabling HTML email capabilities within mail client applications may reduce the likelihood of successful attacks," the company said.

Finally, to reduce the impact of latent vulnerabilities, IT administrators should limit user privileges to the least amount possible. "This can reduce the likelihood of privileged functions being executed," Symantec said.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: