Microsoft patches email security bug

Microsoft has posted a patch on its security Web page that addresses a filename bug in Outlook 98 and Outlook Express clients. The glitch affects other e-mail clients including Netscape's Communicator Web browser. The problem occurs when a user tries to download, launch or view a file attachment that has an overly long filename. A filename that runs past a certain number of characters can cause the e-mail application to shut down. Once the application has crashed, a hacker could embed in the long file name malicious code that can damage the recipient's hard drive or run arbitrary code in the computer's memory.

Microsoft has posted a patch on its security Web page that addresses a filename bug in Outlook 98 and Outlook Express clients.

The glitch affects several e-mail clients including Outlook, Outlook Express and Netscape Communications' Communicator Web browser. The problem occurs when a user tries to download, launch or view a file attachment that has an overly long filename.

A filename that runs past a certain number of characters can cause the e-mail application to shut down. Once the application has crashed, a hacker could embed in the long file name malicious code that can damage the recipient's hard drive or run arbitrary code in the computer's memory.

Microsoft officials said yesterday that they had received no complaints so far from Outlook users. Despite that, the company posted the patch for downloading; prominently displayed news about the glitch online; and posted a bulletin to an electronic mailing list that focuses on security issues, said Microsoft product manager George Meng. Microsoft's security Web page is at http://www.microsoft.com/ie/security/.

Meng said users with Windows 98 can launch an updating feature from the Start menu that will access the Microsoft's Web site, analyze the user's system, suggest updates and let the user download those updates.

Netscape is expected to post a patch soon on its Web site.

The bug was discovered in testing last month by Finland's Oulu University Secure Programming Group, which spread the word to other researchers who did their own tests.

Join the newsletter!

Error: Please check your email address.
Show Comments
[]