SEATTLE ? Flaws have been discovered in Microsoft?s Internet Explorer and Outlook programs that could let hackers install backdoor Trojans without a person?s knowledge, contends research company eEye Digital Security.
The vulnerabilities allow for remote code execution with no actions from the computer user, said Ben Nagy, an eEye senior security engineer.
“If a user is tricked (into going) to a site carrying malicious code, they can become infected by just surfing across a banner ad,” Nagy told CNET.Com.
eEye notified Microsoft several days ago of the flaws in the default installation of Outlook and IE and is giving the software giant time to develop a patch before releasing details on which versions of the software are affected.
Nagy added that eEye is also still conducting its own testing of various platforms to evaluate which ones are affected and to what degree. No exploits are known to have been developed yet, he said.
“Microsoft has acknowledged a vulnerability does exist and is real, but I doubt they will release a patch out of (their monthly) cycle,” Nagy said.
Microsoft, meanwhile, said it is investigating privately reported, possible vulnerabilities in Microsoft Windows.
“At this time, Microsoft is not aware of any malicious attacks attempting to exploit the reported vulnerabilities, and there is no customer impact based on this issue,” said a company spokeswoman. “Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a fix through a service pack, our monthly release process or an out-of-cycle security update, depending on customer needs.”




