News

E-Mail-Borne Virus Danger Detected, Fixed

Microsoft has released a patch that eliminates a vulnerability that could allow a malicious user to embed an unsafe executable application within an e-mail message and disguise it as a safe type of attachment. The unsafe executable could then be made to execute if the user opened the attachment.

A particular ActiveX control allows cabinet files to be launched and executed. This could allow an HTML e-mail message to contain a malicious cabinet file, disguised as a file of an innocuous type -- such as .jpg, .gif, or .txt. If a user attempted to open this file, the operation would fail, but could leave a copy of the file in a known location. The ActiveX control could then be used via a script embedded in the mail to launch the copy, thereby executing the malicious code.

The affected AcitveX control ships as part of Microsoft Internet Explorer 4 and 5. The patch is available at http://windowsupdate.microsoft.com.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Starts Countdown to Dynamics GP End-of-Support

    Dynamics GP, Microsoft's venerable enterprise resource planning (ERP) solution for midsized businesses, is set to lose support in four years.

  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • Windows Recall Preview Starts Rolling Out with Windows 11 24H2

    Microsoft on Tuesday began rolling out Windows 11 version 24H2, describing the update as a "full OS swap that contains new foundational elements required to deliver transformational Al experiences and exceptional performance."

  • An image of planes flying around a globe

    2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.