News

E-Mail-Borne Virus Danger Detected, Fixed

Microsoft has released a patch that eliminates a vulnerability that could allow a malicious user to embed an unsafe executable application within an e-mail message and disguise it as a safe type of attachment. The unsafe executable could then be made to execute if the user opened the attachment.

A particular ActiveX control allows cabinet files to be launched and executed. This could allow an HTML e-mail message to contain a malicious cabinet file, disguised as a file of an innocuous type -- such as .jpg, .gif, or .txt. If a user attempted to open this file, the operation would fail, but could leave a copy of the file in a known location. The ActiveX control could then be used via a script embedded in the mail to launch the copy, thereby executing the malicious code.

The affected AcitveX control ships as part of Microsoft Internet Explorer 4 and 5. The patch is available at http://windowsupdate.microsoft.com.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • HoloLens 2 Support Comes to Windows Autopilot Partner Program

    The Windows Autopilot program can now be used to self-provision HoloLens 2 mixed reality headsets, Microsoft announced recently.

  • White Cloud Graphic

    Microsoft Releases Windows 365, Its New Desktop-as-a-Service Solution

    Windows 365 is now available for use by organizations in production environments, Microsoft announced on Monday.

  • Microsoft Partner Nerdio Talks Windows 365 and Cloud PC

    Microsoft's upcoming desktop-as-a-service offering is "nothing but opportunity" for partners, according to Vadim Vladimirskiy, Nerdio's founder and CEO.