Avoid WordMail to Lessen Impact of Outlook's Most Recent HTML Mail Vulnerability

Security consultant Georgi Guninski has highlighted a new Outlook security vulnerability that could make it possible for an HTML mail message to run a script or connect to a Web site with malicious content. The problem occurs when you configure Outlook to use Microsoft Word as its editor (a configuration known as WordMail). With the regular Outlook editor in operation instead of WordMail and with Outlook set to use the Restricted Sites zone for mail security, Outlook doesn't exhibit the vulnerability.

http://www.guninski.com/m$oxp-2.html

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish