Why Microsoft just patched a patch that squashed an under-attack Outlook bug
Microsoft in March fixed an interesting security hole in Outlook that was exploited by miscreants to leak victims' Windows credentials. This week the IT giant fixed that fix as part of its monthly Patch Tuesday update.: it was possible to send someone an email that included a reminder with a custom notification sound. That custom sound could be specified as a URL path within the email.
It turned out this MapUrlToZone-based protection could be bypassed, prompting Microsoft to have to shore upfix in May. The original bug was being exploited in the wild, and so when the patch for it landed, it got everyone's attention. And that attention helped reveal that the fix was incomplete. "This vulnerability is yet another example of patch scrutinizing leading to new vulnerabilities and bypasses,""Specifically for this vulnerability, the addition of one character allows for a critical patch bypass."
According to Barnea, emails can contain a reminder that includes a custom notification sound specified as a path using an extended MAPI property using PidLidReminderFileParameter.
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Microsoft Windows users issued urgent update warning amid serious scam riskThe tech giant have quickly released a fix for several bugs, some of which are already being used by hackers.
Read more »
Cost of living pain still to come for millions despite Bank of England's rosier outlook'The economy is not doing as badly as previously thought and the Bank has dramatically changed its outlook. The problem is that it's hard to revel all that much in comparative good news when you look at the absolute numbers' EdConwaySky's analysis ⬇️
Read more »
Man released on bail after slew of 'abhorrent' attacks on adult store ClonezoneArrested man released on bail following alleged attacks on Gay Village adult store Clonezone
Read more »
Clapham Common station: How Tube panic set in over fire alertPassengers on a Northern line train smashed windows to escape after smelling burning in the carriage.
Read more »
Asus’ Steam Deck competitor gets a price and a June launch date | VGCAsus has confirmed the pricing and release date for its Steam Deck rival. The Asus ROG Ally launches in June for $699 / £699
Read more »
The next major Windows 11 update is coming soon – but could disappointIs Microsoft’s ‘Moment 3’ upgrade about to arrive?
Read more »