<Prev | [Index] | Next>


genew@telus.net
Date: Wed, 11 Apr 2018 09:40:28 -0700

Liam Tung, ZDNet, 11 Apr 2018
Attackers can make Outlook leak password hashes just by previewing an
RTF-formatted email. http://www.zdnet.com/article/windows-security-microsoft-patch-for-outlook-password-leak-bug-not-a-full-fix/

selected text:

Microsoft has fixed an important Outlook bug it's known about for over a year, capable of leaking password hashes when users preview a Rich Text
Format (RTF) email with remotely hosted OLE objects.

However, Dormann notes that Microsoft's fix for the vulnerability
CVE-2018-0950 doesn't prevent all remote SMB attacks.

Microsoft is of the view that this bug is "more likely" to be exploited now that it's known.

[Really? (Did the Microsoft spokesperson think about the matter before
stating this last bit?)]


<Prev | [Index] | Next>