According to Andrew Storms at the security company Ncircle Security, the security hole in Outlook is very serious.
– The update for Outlook gives me chills. The security hole makes it possible to open only a specially crafted email to infect the computer with malicious code, says Andrew Storms.
The security hole that affects Outlook 2007 and Outlook 2010 for Windows including Office 2008 and Office 2011 for Mac. By sending an e-mail message formatted with RTF (html), a hacker can insert code that takes control of the computer.
Microsoft confirms that the security hole in Outlook is the most serious bug in this month’s update and urges users to update as soon as possible.
– This is makes it possible to create an attack without the user having to do anything. RTF is a document format similar to pdf that is not blocked by corporate firewalls. When a malicious email is examined at a recipient, malicious code can be executed immediately. Users should update immediately, says Jason Miller of security firm Shavlik Technologies.
Yesterday’s update does not include a bug fix for the Internet Explorer security hole that was disclosed last week. According to several security experts, Microsoft is expected to release an update for that bug soon as well.