We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

More holes in Microsoft software shock

MS warns of yet another flaw in Outlook Web Access

A flaw in the Outlook Web Access module in Microsoft's Exchange 5.5 email system could allow unauthorised access to users' mailboxes, the company warned late yesterday.

The problem lies in the way Outlook Web Access handles inline script in HTML email messages, Microsoft said in a security bulletin.

An attacker can get full control over a mailbox when an email with embedded malicious code is opened using Microsoft's Internet Explorer browser and Outlook Web Access, Microsoft said.

Although the attacker can delete mailbox contents, move and send messages as if they were the user, it isn't possible to send email to addresses in the user's address book, preventing a mass-mailing attack, Microsoft said.

Outlook Web Access allows users to access their email via the web, rather than using the Outlook client software on their PCs.

Microsoft is having a tough time securing Outlook Web Access. In June it took the company three patches to plug a similar hole. The first and second patches for the hole, which affected both Exchange 2000 Server and Exchange 5.5, left administrators with dysfunctional email systems.

Microsoft, which gives the vulnerability a 'moderate' severity rating, urges administrators who have deployed Outlook Web Access to immediately install a patch to fix the flaw. The patch is available from Microsoft's TechNet website.

IDG UK Sites

Acer Aspire R11 review: Hands-on with the 360 laptop and tablet convertible

IDG UK Sites

Apple Watch release day: Twitter reacts

IDG UK Sites

See how Framestore created a shape-shifting, oil and metal based creature for Shell

IDG UK Sites

Apple Watch buying guide, price list & where to buy today: Which Apple Watch model, size, material,?......