The security flaw in Outlook Express revealed by Microsoft in their June Security Bulletin, and covered by Aunty here, has taken on a new urgency as certain websites have begun sharing samples of the code required to take advantage of the security flaw.
While the flaw is still considered to be low-risk in terms of the likelihood of exploitation, it is high-risk in terms of how serious the exploitation can be if it does occur, including allowing an attacker to take complete control of the user’s computer.
In order for an attacker to gain access to the user’s computer however, the user must use Outlook Express to read Usenet newsgroups, enabling the Network News Transfer Protocol (NNTP), and further, the user must then visit a Usenet group which contains the malicious code designed to take advantage of the flaw.
Still, because the flaw and associated exploit are potentially so serious, all users with affected systems are being urged by Microsoft to update their systems [Page no longer available – we have linked to the archive.org version instead].
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.