Microsoft released patches for vulnerabilities affecting Outlook.

None of the flaws have been disclosed and none of them have been exploited in attacks, said Microsoft officials. The security holes end up related to Click-to-Run (C2R), a streaming and virtualization technology used to install Office products.

Microsoft Yanks Outlook Fixes
Patch Tuesday: Microsoft Fixes 54 Holes
Two Busted in Microsoft Hack
Skype Crashes, Hackers Take Credit
Microsoft Clears Flaws Used in Attacks

One of the vulnerabilities, discovered by the Microsoft Office Security Team is a memory corruption that can end up leveraged for remote code execution. The weakness can end up exploited by getting an Outlook user to open a specially crafted file sent to them via email.

An attacker who successfully exploited the vulnerability could take control of an affected system, Microsoft said in its advisory.

Schneider Bold

Another vulnerability is a security feature bypass issue that exists due to the way Outlook handles input. An attacker can exploit the flaw by tricking the targeted user into opening and interacting with a specially crafted document.

A third hole is an information disclosure issue that exists because Office improperly discloses memory content. An attacker who knows the memory address of the targeted object needs to trick the target into opening a specially crafted file to obtain information that can be useful for accessing the victim’s computer and data.

In mid-July, while not the same as the issues above, Microsoft pulled back three patches it sent out for Outlook vulnerabilities.

Pin It on Pinterest

Share This