SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (E-mail Client)  >   Microsoft Outlook Express Vendors:   Microsoft
Microsoft Outlook Express May Be Affected by W32.Fizzer.A@mm Mass-Mailing Worm
SecurityTracker Alert ID:  1006748
SecurityTracker URL:  http://securitytracker.com/id/1006748
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 13 2003
Impact:   Execution of arbitrary code via network, Modification of system information, Modification of user information
Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   Microsoft's PSS Security Response Team issued an alert regarding a new worm referred to as 'W32.Fizzer.A@mm'. According to the report, the worm is a mass-mailing worm that affects Microsoft Outlook Express [Outlook is also affected].

[Editor's note: This is not a vulnerability alert. However, we are issuing an alert because Microsoft has chosen to warn their customers of this.]

The malicious software is distributed via e-mail as an attachment with the .exe, .com, .pif, or .scr file extension. The subject line of the e-mail message may vary significantly. If the target user opens the attachment, the malicious code will execute with the privileges of the target (recipient) user.

The worm can reportedly perform the following actions on the target user's computer:

Copies itself in %windir%
Creates files in %windir%: backdoors and keylogger
Makes additions and modifies the registry
Ends AV services and applications
Goes into wait state for connections from remote systems
Captures keystrokes
Performs mass mailings

Users of Outlook Express versions prior to version 6 are particularly affected, as those versions do not contain features to block malicious attachments.

According to the vendor, the worm is spreading "in the wild."

Impact:   If a target user executes a malicious attachment, the worm's malicious code may be executed. See the Description Section for a list of potential impacts.
Solution:   Microsoft reports that Outlook Express 6 can be configured to block access to potentially malicious attachments. See the following URL for more information:

http://support.microsoft.com?kbid=291387

If you are using a previous version of Outlook Express, you are out-of-luck, as they do not contain features to block potentially malicious attachments.

Microsoft plans to issue the following Knowledge Base article regarding the worm, to be available shortly at:

http://support.microsoft.com/?kbid=821159

For the Microsoft advisory, see:

http://www.microsoft.com/technet/security/virus/alerts/fizzer.asp

Vendor URL:  www.microsoft.com/technet/security/virus/alerts/fizzer.asp (Links to External Site)
Cause:   Not specified
Underlying OS:   Windows (Any)

Message History:   None.


 Source Message Contents

Date:  Tue, 13 May 2003 16:18:37 -0400
Subject:  Microsoft PSS Team Warning about W32.Fizzer.A@mm worm


http://www.microsoft.com/technet/security/virus/alerts/fizzer.asp

[Editor's note:  This is not a vulnerability alert.  However, we are issuing an alert 
because Microsoft has chosen to warn their customers of this.]

Microsoft's PSS Security Response Team issued an alert regarding a new worm referred to as 
W32.Fizzer.A@mm.  According to the report, the worm is a mass-mailing worm that affects 
Microsoft Outlook, Microsoft Outlook Express, and related web-based e-mail software.  The 
worm is apparently spreading "in the wild".

The report lists some of the actions that the worm can take, including:

Copies itself in %windir%
Creates files in %windir%: backdoors and keylogger
Makes additions and modifies the registry
Ends AV services and applications
Goes into wait state for connections from remote systems
Captures keystrokes
Performs mass mailings

The subject line reportedly may vary significantly, but the worm itself is delivered as an 
attachment with the .exe, .com, .pif, or .scr file extension.

Microsoft reports that Outlook 2000 post SP2 and Outlook XP SP1 include features to block 
potentially harmful attachment types. These versions will reportedly block the attachment 
by default.  You can check to see if you are running the latest version by loading the 
following URL:

http://office.microsoft.com/ProductUpdates/default.aspx

Microsoft also reports that Outlook 2000 pre-SR1 and Outlook 98 do not block potentially 
malicious attachments by default, but you can get the Outlook E-mail Security Update to 
add this feature.  See the following URL for more information:

http://office.microsoft.com/Downloads/2000/Out2ksec.aspx

A list of attachment types that can be blocked by Outlook are available at:

http://support.microsoft.com?kbid=290497

Microsoft also reports that Outlook Express 6 can be configured to block access to 
potentially malicious attachments.   See the following URL for more information:

http://support.microsoft.com?kbid=291387

If you are using a previous version of Outlook Express, you are out-of-luck, as they do 
not contain features to block potentially malicious attachments.

Microsoft plans to issue the following Knowledge Base article regarding the worm, to be 
available shortly at:

http://support.microsoft.com/?kbid=821159


-----

SEVERITY: MODERATE

DATE: May 12, 2003

PRODUCTS AFFECTED: Microsoft Outlook, Microsoft Outlook Express, and Web-based e-mail



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC