Security researchers have disclosed details of a critical vulnerability in Microsoft Outlook for which Microsoft released an incomplete patch this month; almost 18-months after receiving the disclosure report.
The Microsoft Outlook vulnerability (CVE-2018-0950) could allow attackers to seize sensitive information, including users' Windows login credentials, just by convincing victims to preview an email with Microsoft Outlook, without needing any further user interaction.
A hacker can exploit this vulnerability by sending a Rich Text Format (RTF) email to a victim, containing a remotely-hosted Object Linking & Embedded (OLE) image, loading from the attacker-controlled server.
Microsoft Outlook automatically renders OLE content, it will initiate an automatic authentication with the attacker's controlled remote server over SMB protocol, handing over the victim's username and NTLMv2 hashed version of the password, possibly allowing the intruder to gain access to the victim's computer.
Dormann reported the vulnerability to Microsoft in November 2016, and in an attempt to patch the issue, the company released an incomplete fix in its April 2018 patch Tuesday update.
The security patch only prevents Outlook from automatically initiating SMB connections when it previews RTF emails, but the researcher noted that the fix does not prevent all SMB attacks.
"It is important to realize that even with this patch, a user is still a single click away from falling victim to the types of attacks described above," Dormann said. "For example, if an email message has a UNC-style link that begins with "\\”, clicking the link initiates an SMB connection to the specified server.”
VMware ESXi is a hypervisor that enables the creation and management of virtual machines (VMs) on a physical server. ESXi 6.7 and 7.0 are two major releases with various improvements and new features. Here are some of the key differences between ESXi 6.7 and 7.0:
Once upon a time, there lived a talented but somewhat lackadaisical IT support specialist named Jack in a land not so far away. Jack was known for his quick wit and lightning-fast troubleshooting skills, yet he had an Achilles heel - he seldom prepared for his tasks.
ChatGPT is a language model developed by OpenAI that can generate human-like responses to a wide range of questions. By integrating ChatGPT with Microsoft Teams, you can provide your team members with instant access to this powerful AI tool.