Breach Brief – Microsoft Email and IE Browser

Published On April 17, 2019 | By Tom Huskerson | Breach Briefs

Microsoft, the world’s largest software maker, is having a bad week. The company’s Outlook email service was hit by a data breach that includes accounts, MSN and Hotmail addresses. The breach was ongoing for months and the hackers used a customer support agent’s credentials to gain access.

Microsoft issued an email confirming hackers may have accessed email addresses, subject lines of emails, folder labels, and the names of other email addresses that the user contacted. However, Microsoft believes the content of emails, including attachments and login passwords were not compromised.

Hackers conducted the attack from January 1st to March 28th. Microsoft quickly identified the credentials used by the hackers and disabled them.

It is not clear how many users are compromised or who the hackers are. According to Microsoft affected users can expect more spam emails and potentially phishing attempts. Microsoft urges users to stay on the alert for such attacks and to change their passwords. Hackers may be able to use the addresses for identity theft purposes.

As if that wasn’t enough bad news security researcher John Page discovered a new security flaw that allows hackers, using Microsoft’s obsolete Internet Explorer, to steal Windows user’s data. Windows users don’t even have to open the old browser for hackers to exploit the flaw. Just having it on your computer is enough!

According to Page, “Internet Explorer is vulnerable to XML External Entity attack if a user opens a specially crafted .MHT file locally. This can allow remote attackers to potentially exfiltrate local files and conduct remote reconnaissance on locally installed program version information.”

A lot of techno speak just to say that hackers can get into your computer if you have the browser on your computer. Launching the the exploit just requires the user to simply open an attachment received by email, messenger, or other file transfer service.

According to Page upon speaking with Microsoft the company told him it would just “consider” a fix in a future update. Page says he notified Microsoft in March before going public with the issue.

Breaking It Down

Internet Explorer is an outdated browser software. If you are still using it you need to stop. Microsoft offers the Edge browser, a much better product that is definitely safer. And it’s available for mobile devices.

If you are using Explorer then you have a serious problem. Using outdated software is fundamental safety issue and something hackers look for. There are literally hundreds of thousands of malware and viruses that are programmed to exploit outdated software. And you can easily find one just surfing the web. Or more precisely; it will find you. Remember, you are always one click from destruction!

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and Tom is not the chief editor for the OnTechStreet. com. A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Comments are closed.