[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Special Alert - E-mail security issue

To: omega-list@xxxxxxxxxx
Subject: Special Alert - E-mail security issue
From: KIMBOLEGSA@xxxxxxx
Date: Wed, 5 Aug 1998 20:44:37 -0400 (EDT)

PureBytes Links

Trading Reference Links

To the list,

This is a mail from MS concerning a flaw in some e-mail products that
(potentially) could allow the guy with the pierced tongue to crash your box. 

The text below says that the problem occurs when the attached file is
downloaded, opened or launched. Just to let you know, I read a report
yesterday about this which states that this is incorrect. The attached file is
not the culprit but it is the tags referencing the attachment which are
malevolent. This means that it is possible for problems to occur by simply
deleting the e-mail - without opening it!

The article also goes on to say that Netscape is also vulnerable to this. They
should also have a fix by now on their web site. 

<< This is a special alert message to registered users of Microsoft Office,
Microsoft Outlook 98, Microsoft Internet Explorer version 4.0 or later, and
Microsoft Windows 98.  We want to inform you of a security issue that affects
e-mail packages including Microsoft Outlook 98 and Microsoft Outlook Express
versions 4.0 or later.  Microsoft has created a fix for this security issue,
which can be downloaded from
 http://www.microsoft.com/security/
 
 This security issue involves how e-mail software handles file attachments
with extremely long file names.  When users attempt to download, open or
launch a file attachment that has a name containing more than a certain number
of characters, their action can cause the program to shut down unexpectedly.
It is possible - although difficult - for a hacker to cause malicious code to
be executed on a computer as a result of this problem. However, this cannot be
caused accidentally, and to date we have received no reports of users being
affected.  More information on this issue can be found at
 http://www.microsoft.com/security/bulletins/ms98-008.htm
 
 Microsoft takes security very seriously, and we know you do as well.
Microsoft is committed to ensuring that all its customers enjoy a rich, safe
and secure computing experience and developers have been working around the
clock to isolate and deal with these issues.  Microsoft has provided software
patches for both Outlook Express and Outlook 98 at
 http://www.microsoft.com/security/
 We strongly recommend that you download the appropriate patch immediately.
 
 To ensure customer safety with regard to this and other security-related
issues, Microsoft is investigating further to uncover variants that the
current patch may not block. Microsoft will communicate additional information
about this research as it becomes available.  You can also visit
 http://www.microsoft.com/security/.
 for the latest information and updates, and to register for the Microsoft
Security Notification Service.
 
 Thank you. >>

Prev by Date: Ramblings on Re: REAL-ESTATE BUBBLE and more
Next by Date: Re: "why would anybody with half a brain sell with a loss?!?!"
Previous by thread: Ramblings on Re: REAL-ESTATE BUBBLE and more
Next by thread: Compression EL
Index(es):
- Date
- Thread