Microsoft patches a patch for an under-attack Outlook flaw

United Kingdom News News

Microsoft patches a patch for an under-attack Outlook flaw
United Kingdom Latest News,United Kingdom Headlines
  • 📰 TheRegister
  • ⏱ Reading Time:
  • 37 sec. here
  • 2 min. at publisher
  • 📊 Quality Score:
  • News: 18%
  • Publisher: 61%

Why Microsoft just patched a patch that squashed an under-attack Outlook bug

Microsoft in March fixed an interesting security hole in Outlook that was exploited by miscreants to leak victims' Windows credentials. This week the IT giant fixed that fix as part of its monthly Patch Tuesday update.: it was possible to send someone an email that included a reminder with a custom notification sound. That custom sound could be specified as a URL path within the email.

It turned out this MapUrlToZone-based protection could be bypassed, prompting Microsoft to have to shore upfix in May. The original bug was being exploited in the wild, and so when the patch for it landed, it got everyone's attention. And that attention helped reveal that the fix was incomplete. "This vulnerability is yet another example of patch scrutinizing leading to new vulnerabilities and bypasses,""Specifically for this vulnerability, the addition of one character allows for a critical patch bypass."

According to Barnea, emails can contain a reminder that includes a custom notification sound specified as a path using an extended MAPI property using PidLidReminderFileParameter.

We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

TheRegister /  🏆 67. in UK

United Kingdom Latest News, United Kingdom Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

Microsoft Windows users issued urgent update warning amid serious scam riskMicrosoft Windows users issued urgent update warning amid serious scam riskThe tech giant have quickly released a fix for several bugs, some of which are already being used by hackers.
Read more »

Cost of living pain still to come for millions despite Bank of England's rosier outlookCost of living pain still to come for millions despite Bank of England's rosier outlook'The economy is not doing as badly as previously thought and the Bank has dramatically changed its outlook. The problem is that it's hard to revel all that much in comparative good news when you look at the absolute numbers' EdConwaySky's analysis ⬇️
Read more »

Man released on bail after slew of 'abhorrent' attacks on adult store ClonezoneMan released on bail after slew of 'abhorrent' attacks on adult store ClonezoneArrested man released on bail following alleged attacks on Gay Village adult store Clonezone
Read more »

Clapham Common station: How Tube panic set in over fire alertClapham Common station: How Tube panic set in over fire alertPassengers on a Northern line train smashed windows to escape after smelling burning in the carriage.
Read more »

Asus’ Steam Deck competitor gets a price and a June launch date | VGCAsus’ Steam Deck competitor gets a price and a June launch date | VGCAsus has confirmed the pricing and release date for its Steam Deck rival. The Asus ROG Ally launches in June for $699 / £699
Read more »

The next major Windows 11 update is coming soon – but could disappointThe next major Windows 11 update is coming soon – but could disappointIs Microsoft’s ‘Moment 3’ upgrade about to arrive?
Read more »



Render Time: 2025-03-25 07:13:14