These days most of us won’t pay much attention to a collection of seemingly random letter and numbers with dashes, but when it comes to this one - CVE 2018-0950 - anyone using Microsoft Outlook email may want to pay a little more of it. CVE 2018-0950 is the name that’s been given to an information disclosure vulnerability of Outlook, and Microsoft released a vulnerability patch this month. Every quality Canadian web hosting provider takes the initiative to keep their customers informed in these scenarios, and we’re no different here at 4GoodHosting. This one in fact is particularly noteworthy with the fact that Outlook is one of the most popular and common email applications. Given the nature of this flaw and the reality that much personal information can be contained in email communications, this one isn’t one to be taken lightly The release of the patch mentioned above, however, came nearly more than 18 months after receiving the report that disclosed the bug, courtesy of one Will Dormann, a software vulnerability analyst with Carnegie Mellon Software Engineering Institute’s CERT Coordination Center. This vulnerability can make it so that sensitive information is then disclosed to a malicious site. Obviously, Microsoft Outlook users need to be aware of this vulnerability and what safeguards are best to neutralize the risk. Leak Bug Threat Analysis CVE2018-0950 affects Microsoft Outlook software, and specifically by rendering Rich Text Format (RTF) email messages that contain remotely hosted OLE objects hosted on SMB (Server Message Block) server (under the control of attackers). The situation is that when other Microsoft applications such as Word, Excel and PowerPoint encounter remotely hosted OLE objects, the user is notified as a security caution before thos messages are rendered. Here though, Outlook took no such action and allowed attackers to have an easy access to the user’s system when they opened or previewed such mails. The resultant vulnerability makes it possible for hackers to steal sensitive information. Windows login credentials or hashed passwords are at risk of being revealed, and done by sending an RTF-formatted email to a victim and convincing the recipient to preview or open that email with Microsoft Outlook. It’s...
