New bugs found in Outlook, Internet Explorer

There is unfortunate news about Internet Explorer and Outlook today. According to The Industry Standard, it seems that both have security bugs that there are currently no patches for. It is my hope that no one takes advantage of this and it is resolved quickly.

Microsoft Corp. is investigating a new set of potentially serious security flaws in Internet Explorer and Outlook reported by security company eEye Digital Security Inc., the software maker said Friday.

The two flaws in the Web browser and e-mail client could let an attacker take control over a system with minimal action from the user, eEye said in two security alerts posted on its page of upcoming advisories. The company ranks the flaws “high” risk.

One of the vulnerabilities could let an attacker compromise a user’s machine after the user clicks on a Web link, said Marc Maiffret, co-founder and chief hacking officer at eEye. “Nothing that would be normally suspicious to the user,” he said. The flaws affect both Outlook and Outlook Express, according to Maiffret.

The flaws exist in the default installations of the applications on most current versions of Windows, according to eEye of Aliso Viejo, California. The company has informed Microsoft and will not provide further details until Microsoft has provided a patch or security alert, it said on its Web site. [Read the rest]