SECURITY: Another Week, Another Outlook Flaw

Green Balloon about to be burst by a needle held by a businessman's hand in a pinstripe sleeve.

Tech Company Layoffs: The COVID Tech Bubble Bursts Tech Company Layoffs: The COVID Tech Bubble Bursts

byBrandon Taylor, Jessica Davis

May 17, 2024

3h 3m Read

European map with virtual gavel and sound block and a CPU with AI

Cranium, Microsoft, KPMG Launch EU AI Hub Cranium, Microsoft, KPMG Launch EU AI Hub

byShane Snider

May 16, 2024

2 Min Read

Resilience

Recent in Resilience

Alicia Keys, smiling, arm raised in the air, sings to a crowd.

RSAC 2024: Lighting Dark Places, Ted Lasso Lessons, and Alicia Keys Closer RSAC 2024: Lighting Dark Places, Ted Lasso Lessons, and Alicia Keys Closer

byShane Snider

May 17, 2024

4 Min Read

Health care and medical services concept with world or global form and AR interface.

Repeat Offenders: Black Basta’s Latest Healthcare Cyberattack Repeat Offenders: Black Basta’s Latest Healthcare Cyberattack

byCarrie Pallardy

May 16, 2024

7 Min Read

ML & AI

Recent in ML & AI

autonomous car,self driving auto,flat vector illustration

Moravec’s Paradox: What Self-Driving and VR Can Teach Us Moravec’s Paradox: What Self-Driving and VR Can Teach Us

bySmita Rajmohan

May 17, 2024

4 Min Read

network cables image

Network Support for AI Network Support for AI

byMary E. Shacklett

May 17, 2024

1 Min Read

Data

Recent in Data

thumbnail

What You Need to Know about AI as a Service What You Need to Know about AI as a Service

byJohn Edwards

May 13, 2024

5 Min Read

DNA (deoxyribonucleic acid) strand, illustration.

Data Management

DNA is an Ancient Form of Data Storage. Is it Also a Radical New Alternative?DNA is an Ancient Form of Data Storage. Is it Also a Radical New Alternative?

byRichard Pallardy

May 7, 2024

15 Min Read

Sustainability

Recent in Sustainability

green earth with a plug attached

Sustainability

AI, Data Centers, and Energy Use: The Path to Sustainability AI, Data Centers, and Energy Use: The Path to Sustainability

byMark Gibson, Angie Gildea

May 15, 2024

4 Min Read

Happy and sad life balance, sunny happy emoticon and sad emoji on under a cloud on balance, mental health, wellness concept

Sustainability

Sustaining Future Workers and Consumers Moves Up in ESG Efforts Sustaining Future Workers and Consumers Moves Up in ESG Efforts

byPam Baker

May 14, 2024

5 Min Read

Infrastructure

Recent in Infrastructure

Cloud shape with up and down arrows

IT Infrastructure

What Happens When You Want to Leave the Cloud?What Happens When You Want to Leave the Cloud?

byMary E. Shacklett

May 20, 2024

5 Min Read

path of money bills leading to cloud

IT Infrastructure

Now’s the Time to Optimize Cloud Costs: Here’s How Now’s the Time to Optimize Cloud Costs: Here’s How

byNetwork Computing

May 20, 2024

1 Min Read

Software

Recent in Software

thumbnail

What You Need to Know about AI as a Service What You Need to Know about AI as a Service

byJohn Edwards

May 13, 2024

5 Min Read

business people at a table with word Agile in the center

Software & Services

Introducing Maintenance for Agile Applications Introducing Maintenance for Agile Applications

byMary E. Shacklett

May 3, 2024

5 Min Read

Newsletters
Reports/Research
Online Events
Live Events
Podcasts

White Papers
Advertise With Us
About Us
IT Sectors

InformationWeek Resource Library

Cyber Resilience
Cybersecurity

SECURITY: Another Week, Another Outlook Flaw

This flaw is in the way Outlook Web Access handles script messages. Microsoft rates the problem "medium."

InformationWeek Staff, Contributor

December 7, 2001

1 Min Read

Users of Microsoft's Exchange 5.5 E-mail server have been alerted to yet another serious vulnerability. Microsoft sent its 57th security bulletin of the year. This time, anyone can access and manipulate E-mail in someone's Exchange mailbox by using a Web browser, Microsoft says.

The vulnerability is caused by a flaw in the way Outlook Web Access handles online script messages with Internet Explorer. According to Microsoft, a carefully crafted HTML message with a certain script would enable someone to "take any action against the user's Exchange mailbox," such as sending, moving, and deleting messages. The attacker can use this flaw by sending an E-mail to someone. If the victim opens the message in Outlook Web Access, he or she is vulnerable to this exploit.

This flaw, discovered by Lex Arquette of consulting firm WhiteHat Security, is only the most recent security problem Microsoft has faced with Outlook Web Access. Earlier this year, the company had to publish three patches to fix a similar problem.

Microsoft has rated the risk of this vulnerability "medium" and is urging users to download a patch available on its Web site, www.microsoft.com/security.

About the Author(s)

InformationWeek Staff

Contributor

See more from InformationWeek Staff

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

SIGN-UP

Editor's Choice

thumbnail

‘They’re Coming After Us’: RSA Panel Explores CISO Legal Pressure ‘They’re Coming After Us’: RSA Panel Explores CISO Legal Pressure

byShane Snider

May 6, 2024

3 Min Read

Ambassador-at-Large Nathaniel Fick at the RSA Conference 2024 in San Francisco.

Questions for the Bureau for Cyberspace and Digital Policy Questions for the Bureau for Cyberspace and Digital Policy

byJoao-Pierre S. Ruth

May 16, 2024

5 Min Read

Business person draws a creative business project

Why CIOs Are Under Pressure to Innovate Why CIOs Are Under Pressure to Innovate

byLisa Morgan

May 15, 2024

8 Min Read

DNA (deoxyribonucleic acid) strand, illustration.

Data Management

DNA is an Ancient Form of Data Storage. Is it Also a Radical New Alternative?DNA is an Ancient Form of Data Storage. Is it Also a Radical New Alternative?

byRichard Pallardy

May 7, 2024

15 Min Read

Business innovative solution and creative concept as a paper boat tied to a light bulb