Microsoft has warned of a flaw in yet another of its programs, which could allow hackers to run a malicious code on a victim's computer.
The flaw affects an ActiveX control, found in Outlook View, which has been distributed with the 98, 2000 and 2002 versions of the company's email software. The function enables people to view Outlook data over a web page.
Microsoft's technical advisory staff said in normal circumstances the function should only allow users to view mail, but the flaw allows web pages to actually manipulate Outlook data.
The defect was identified by Guninski, a Bulgarian bug hunter, who has been responsible for detecting several flaws in other Microsoft software. His website reads; "The more money I give to Microsoft, the more vulnerable my Windows computers are."
Guninski alerted Microsoft on 9 July but no official statement was made by the software giant until 13 July.
"It is extremely easy to find the vulnerability," Guninski told our News Service, "and if Outlook 98 is affected, as Microsoft states in its advisory, this means it has been around for years."
But Microsoft was unhappy with Guninski, branding his actions irresponsible.
"As a direct result of Mr Guninski's actions, customers are exposed to far greater risk than they would have been had he given Microsoft a chance to respond, instead of pasting the warning on his website," said Scott Culp, program manger at Microsoft's security team.
Culp added customers would now have to update their machines twice thanks to Guninski - once to work around the problem and once to install the patch, which Microsoft is currently working on.
Until the patch is ready, however, the company's advisory paper suggests users work round the flaw by temporarily disabling ActiveX controls in Outlook's IE zone.
News of this latest flaw comes after more than a month of software security troubles for Microsoft, which released three patches for its Exchange Server versions 5.5 and 2000, as well as a warning about two other flaws in its Internet Information Services web server software that might also affect Windows XP's indexing service. See our news story, More holes than Swiss cheese.