Windows Mail存在安全漏洞，导致Vista可能被攻击

　　Windows Vista再报安全漏洞，2007年3月23日，美国一个安全电子邮件列表服务披露，微软Vista中的邮件客户端软件“Windows Mail”（即Outlook Express的升级版）存在一个漏洞，用户点击恶意链接之后可能使系统遭受攻击。
 
　　微软公司表示正在调查这一漏洞。

　　据安全电子邮件列表服务“Full Disclosure”披露，用户只要点击了恶意链接，黑客可能运行非法程序，给用户电脑带来极大的安全风险。

　　美国杀毒软件厂商迈克菲公司的专家表示，针对Vista系统的危险取决于黑客放置了什么一个链接，理论上来说，黑客可以执行任意程序。

　　微软公司表示，他们已经获得相关报告，目前已经对存在的漏洞展开调查。微软同时也建议Vista用户，如果受到不明来源的电子邮件，点击邮件中的链接时一定要谨慎。

　　Windows Mail只存在于Vista操作系统，因此安全专家表示这一漏洞带给电脑用户的危险还是有限的，原因是购买安装Vista操作系统的用户数量不是很多。

　　和Outlook Express相比，Windows Mail在用户界面上作了很大改动，增强了邮件搜索功能，此外更加紧密地集成了微软的免费电子邮件服务Hotmail（全名Windows Live Hotmail）。

Vista之家（www.vista123.com）团队在此提供原文英文，里面说了原理，想“利用”这个漏洞的，请看下面的原文：

Vista users threatened by Windows Mail exploit       

After months of touting Vista as the answer to the prayers of users seeking a secure Windows operating system, a new critical vulnerability has arisen as a retort to  Microsoft's claims. The vulnerability in Vista's email client Windows Mail would qualify for critical status, allowing a remote code execution exploit, if addressed by Microsoft under its monthly patching cycle.

The vulnerability in Windows Mail, the successor to Outlook Express, which was exposed on the Full Disclosure security mailing list by a hacker called Kingcope, has been acknowledged by Microsoft which is reported to be investigating further.

According to the Kingcope: "Remote Code Execution is possible if a user clicks on a malicious prepared link. Vistas Mail Client will execute any executable file if a folder exists with the same name. For example the victim has a folder in C:\ named blah and a batch script named blah.bat also in C:\. Now if the victim clicks on a link in the email message with the URL target set to C:\blah the batch script is executed without even asking. There is for example a CMD script by default in C:\Windows\System32\ named winrm.cmd (and also a folder named winrm inside System32)."

Needless to say, the description provides a perfect example as to why email recipients should not click on links from unknown sources.

Kingcope had previously on March 10 posted a message to the Full Disclosure list advertising zero day exploits for sale.