Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Microsoft Investigating Vulnerability In Vista's Windows Mail

Microsoft Corp. is investigating reports of a vulnerability in Vista's Windows Mail.

Reports have begun circulating online that the flaw could give a remote attacker access to the user's computer. Windows Mail is an e-mail and newsgroup client that Microsoft built and dropped into its Windows Vista operating system.

"Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time," said a Microsoft spokesman in an e-mailed response to an InformationWeek inquiry. "Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary. Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include issuing a security advisory or providing a security update through our monthly release process, depending on customer needs."

The spokesman then warned users to always use "extreme caution" when clicking on links in unsolicited e-mail from known and unknown sources.

A hacker known as "Kingcope" published proof-of-concept code to show that remote code execution is possible if a user clicks on a malicious prepared link.

  • 1