Microsoft is warning customers about a flaw in an ActiveX control within its Outlook email software that could let an intruder access their computers.
The vulnerability affects Outlook 98, 2000 and 2002, the email application included in Microsoft's Office desktop software. It involves an ActiveX feature called Microsoft Outlook View Control, which is designed to let people view mail or calendar information through Web pages.
Because of the glitch, the control could allow an attacker to delete mail or change calendar information, running code on the target machine via a Web page or HTML-based email, the software company said in a security bulletin posted on its Web site Thursday.
ActiveX is a set of technologies that provides tools for linking desktop applications to the Web.
Microsoft is developing a patch for the security flaw. While the fix is being prepared, the company recommends that Outlook users disable ActiveX controls in the Internet Zone of Internet Explorer to protect their machines from a Web-based attack.
To protect against an email assault, the Redmond, Washingon, company recommends that Outlook 98 and 2000 users install the Outlook Email Security Update. An email security update automatically installed with Outlook 2002 also defends against this line of attack.
Play video
There are currently no comments for this post.