Security Flaws Found in Outlook, IE
Two major security flaws were discovered in Microsoft's Internet Explorer and Outlook software Thursday by research firm eEye Digital Securities. According to the firm's Web site, vulnerabilities exist in both programs that allow malicious code to be executed with minimal user interaction.
The company promised more detail to come in a future advisory.
eEye's chief hacking officer Marc Maiffret told eWeek that the issues were rated high risk after the firm discovered that a hacker could take advantage of the flaw from anywhere on the Internet.
"These are client-side vulnerabilities that could allow attacks via a Web browser or the Outlook client. The risk of a zero-day attack is quite high," Maiffret said.
To its defense, Microsoft told BetaNews that while it is investigating the reports it had received from eEye, the company had not received any notices from customers about the issue.
"Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers," a company spokesperson said. "[This] may include providing a fix through a service pack, our monthly release process or an out-of-cycle security update, depending on customer needs."
eEye's Maiffret said that he believes if Microsoft does indeed address the issue, a fix would be as part of a regular monthly security update.
In the meantime, Microsoft suggested that users ensure their firewall is activated and recommended that concerned users visit Microsoft's Web site for more tips on how to protect themselves.