Microsoft has raised the severity rating of an Outlook flaw to “critical,” the highest level, after its initial analysis was challenged by the researcher who found the security hole. The vulnerability in Outlook 2002, first publicized on Tuesday, when Microsoft released a patch, could allow an attacker to use a malicious Web site to cause an affected PC to download and execute a program. When Microsoft released its fix, it said it believed that the attack could only be accomplished if a PC user had the “Outlook Today” folder as the default home page in Outlook 2002. Now, after being alerted by Jouko Pynonnen, the Finnish security researcher who found the flaw, it says the potential for attack is greater. “After we released the bulletin, we were made aware that (the ‘Outlook Today’ restriction) could be gotten around by the attacker,” said Stephen Toulouse, the program manager for Microsoft’s Security Response Center. Toulouse stressed that the patch provided to customers on Tuesday prevents any attack, even though the hole is larger than first thought. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.