Expert: Microsoft TNEF flaw could lead to superworm

IT administrators won't have much chance to breathe after deploying the patch Microsoft rushed out last week for the Windows Meta File (WMF) glitch. Microsoft unloaded two more critical fixes Tuesday for security holes in Windows, Outlook and Exchange Server.

One security expert worries that the hole affecting Outlook and Exchange Server could be exploited to cause major damage. The flaw is in how those programs decode Transport Neutral Encapsulation Format (TNEF) MIME attachments.

"An attacker could exploit the vulnerability by constructing a specially crafted TNEF message that could potentially allow remote code execution when a user opens or previews a malicious e-mail message, or when the Microsoft Exchange Server Information Store processes the specially crafted message," Microsoft said. "An attacker who successfully exploited this vulnerability could take complete control of an affected system." Expert: Microsoft TNEF flaw could lead to superworm

Linked by shanmuga Wednesday, 11th January 2006 3:05AM