• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Microsoft

New Bug Lets Attacker Takeover PC via Outlook Email

December 18th, 2015 Owais Sultan Microsoft, Security 0 comments
New Bug Lets Attacker Takeover PC via Outlook Email
Share on FacebookShare on Twitter

ShortRead: A suspicious email sent to Outlook users can control user’s system, though, Microsoft has introduced a patch for the issue but still several users remain vulnerable.

This bug was discovered by a security researcher “Haifei Li” and named it BadWinmail. His technical report suggested the vulnerability was very easy to exploit and doesn’t require much interaction with the outlook’s user.

The user is only required to view the mail that contains malicious Flash file, once viewed by the user, the attacker is through.

Flash- the main culprit!

The main problem is with Flash which already has several known issues and is supported via Object Linking and Embedding (OLE) which allows any type of embedding inside office documents so with Flash vulnerable and a flaw in outlook’s sandboxing system this had to happen.

Once a user opens the malicious email OLE mechanism loads up the Flash file inside the email for user’s preview, here security sandboxing system vulnerability is exploited and the user gets infected by the malicious Flash file attached in the mail; the is not required to download it.

It gets worse

What’s worse about this Badwinmail attack is that it allows attackers to install more malicious material on the user’s system. According to the researcher:

“It’s also a wormable issue rarely seen on Windows platform nowadays.”

 

This type of attack is popular in APT groups or cyber-espionage agencies that are focused on smaller, individual targets. So, for all the Outlook users it is important to install the security patch Microsoft sent out on 9th of December to keep their systems secure.

Below is a video demonstration of the attack:


[fullsquaread][/fullsquaread]

  • Tags
  • Bug
  • Flash
  • hacking
  • Microsoft
  • security
  • Vulnerability
  • Windows
Facebook Twitter LinkedIn Pinterest
Previous article Embarrassing Linux Vulnerability Lets You Login Any Computer Pressing Backspace 28 Times
Next article Instagram Hacked: Security Researcher Gets Admin Panel Access
Owais Sultan

Owais Sultan

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Related Posts
World's Most 'Resilient Malware' Botnet Emotet Taken Down

World's Most 'Resilient Malware' Botnet Emotet Taken Down

Top Cybersecurity Threats to Watch in 2021

Top Cybersecurity Threats to Watch in 2021

Database of 176 million Pakistani mobile phone users sold online

Database of 176 million Pakistani mobile phone users sold online

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
NetWalker ransomware disrupted - Cryptocurrency and domain seized
Cyber Crime

NetWalker ransomware disrupted - Cryptocurrency and domain seized

43
Transferring Whatsapp data from iPhone to Android with MobileTrans
How To

Transferring Whatsapp data from iPhone to Android with MobileTrans

29
World's Most 'Resilient Malware' Botnet Emotet Taken Down
Cyber Crime

World's Most 'Resilient Malware' Botnet Emotet Taken Down

80

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us