Security firm eEye Digital Security has been keeping Microsoft’s IE and Outlook developers on their toes. Twice in the past month alone eEye has reported security holes that could allow hackers to seriously compromise the applications, or much worse, the users computers.
A Microsoft spokesperson said the company was investigating eEye’s report and developers were making progress in producing a patch, expected to be ready in two months.
Although they provided no details of the flaws in their web postings, a spokesman for eEye said the flaws affect both the web browser and the email application. One such vulnerability makes it easy for an attacker to access a user’s machine when the user clicks on a Web link. An attacker might install backdoor Trojans and the user would not know about it until it’s too late.
eEye found the vulnerabilities in the default installations of most current versions of Windows NT 4.0, Windows 2000 and Windows XP, including the Service Pack 2 (SP2). eEye said they would not disclose details about the vulnerabilities until Microsoft is ready with a patch or a security alert.
The MS spokesman said that so far there were no attacks which had exploited the vulnerabilities. The company is likely to release either a special update if not a patch in their next monthly patching cycle.
