genew@telus.net
Date: Wed, 11 Apr 2018 09:40:28 -0700
Liam Tung, ZDNet, 11 Apr 2018
Attackers can make Outlook leak password hashes just by previewing an
RTF-formatted email.
http://www.zdnet.com/article/windows-security-microsoft-patch-for-outlook-password-leak-bug-not-a-full-fix/
selected text:
Microsoft has fixed an important Outlook bug it's known about for over a
year, capable of leaking password hashes when users preview a Rich Text
Format (RTF) email with remotely hosted OLE objects.
However, Dormann notes that Microsoft's fix for the vulnerability
CVE-2018-0950 doesn't prevent all remote SMB attacks.
Microsoft is of the view that this bug is "more likely" to be exploited now that it's known.
[Really? (Did the Microsoft spokesperson think about the matter before
stating this last bit?)]