January 11, 2006 Microsoft's Newest Bug Could Be Awful, Researcher Says By Gregg Keizer Courtesy of TechWeb News Page 1 of 2 The Outlook and Exchange vulnerability disclosed by Microsoft Tuesday has the potential to become a much more virulent problem than the long-hyped Windows Metafile bug patched last week, said one of the e-mail flaw's discoverers Wednesday. "What I find bizarre is that there's still all this focus on the WMF [Windows Metafile] bug," said Mark Litchfield, the director of NGS Software, a U.K.-based security company, and one of the two researchers credited by Microsoft with the discovery of the TNEF (Transport Neutral Encapsulation Format) vulnerability. "This one has massive financial implications if someone exploits it," Litchfield said. The TNEF vulnerability, which Microsoft spelled out in the MS06-003 security bulletin, is a flaw in how Microsoft's Outlook client and older versions of its Exchange server software decode the TNEF MIME attachment. TNEF is used by Exchange and Outlook when sending and processing messages formatted as Rich Text Format (RTF), one of the formatting choices available to Outlook users. "All that's required to exploit this is an e-mail message," said Litchfield. No user interaction is needed to compromise an Exchange 5.0, 5.5, or 2000 server; all that's necessary is to deliver a maliciously-crafted e-mail to the server. It's that characteristic, as well as the ease with which an attack could spread, that has Litchfield so worried. "You could take over an Exchange server with a single, simple e-mail," he said. "From there you could target all the clients accessing that server. You would 'own' any Outlook client that connects to that server. Then an attacker could grab the Outlook users' address books. "If you did it right, you could own every Outlook user in the world within a week," he said. Microsoft noted the severity of the bug by tagging it with its highest warning label, "Critical," and by providing a patch for Exchange 5.0 and 5.5, obsolete versions whose support technically ended Dec. 31, 2005. The newest server software, Exchange Server 2003, is immune to the bug, although current editions of Outlook, including Outlook 2003, are not. E-mail This Story Print This Story Reprint This Story Page 2: next page Page 1 | 2 Get the latest Developer news, product info, and trends every week.			New SocketShield Stops Zero-day Exploits Microsoft Snaps Up Asset-Tracking Vendor, Co-Founder Unhappy Firefox Bug Could Be Serious Microsoft Unveils Repatched Patch Microsoft Ships IE 7 Beta 2, Final XP Version To Beat Vista Yet Another Zero-day Smacks IE     Developer Pipeline's Main RSS Feed     Developer Pipeline's Blog RSS Feed VIEW ALL BRIEFING CENTERS Editorial and vendor perspectives Special Report: Are Computers Destroying The Earth? With Earth Day just around the corner, two reporters cross swords over the question of whether computers and technology are helping or hurting the environment. See what they have to say, then vote on who's got it right. Embedded Experts: Fix Code Bugs Or Cost Lives Apple's Boot Camp: Macs Do Windows Microsoft Platforms Chief Talks Co-opetition With Open Source Crash Course: Get a Handle on Web Services Specs and Standards How do recent stories highlighting the ability of Apple's new Intel-based Macs to run Windows as well as Mac OS X affect your view of Macs as development platforms? Macs that can run Windows and OS X? Gimme!     39% Yawn. No thanks.     22% It all comes down to price point. Count me as maybe.     17% Ha. If it doesn't run zOS or Solaris, forget it...     12% Apple? Never! TRS-80 RULEZ!     10% E-fficiency: Web App IDEs Want to give your e-business a competitive edge? Turbo-charge your development projects with one of these Web application development IDEs. Web Site Development Made Easy A "Class" Act: Software IDEs