According to Trend Micro researcher Karl Dominguez: The vulnerability was actively being exploited using emails that contained malicious scripts and was able to stole email without warning.
Successful attacks required only that a Hotmail user open the malicious email or view it in a preview window. The commands embedded in the emails uploaded users’ correspondences and user contacts to servers under the control of attackers without requiring the victim to click on links or otherwise take any action.
The scripts also also had the capability of enabling email forwarding on the targeted Hotmail account, allowing attackers to view emails sent to the victim in the future…
Microsoft has now patched this bug, but it illustrates how important IT rules can be since it allowed attackers to silently steal confidential correspondences and user contacts from unsuspecting victims.
UP4B offers a wide range of process and network analysis to make sure that your network is protected against what is really important for your business: information leak, network protection (penetration testing,…), network availability and more.
Feel free to contact us for more information on our IT Security services and get your company IT Sec ready.