Just as we almost recommended using Windows Mail instead of Outlook or Outlook Express a new exploit has come about to negate that recommendation.  Microsoft has acknowledged the existence of a possible exploit and is currently researching its validity.Symantec has issued a warning regarding the vulnerability giving it a threat rating of 7.5 after it was discovered the bug could be remotely executed.  The exploit works by first sending an email message to the inbox with a link that is attached to a malicious file.  Using this, the suspect PC could be infected with a trojan or identity theft software.

Some of these exploits only require the user to click the link in the email.  In this case, the link is to a local executable file such as winrm.cmd, the remote management command line utility.  That would give the attacker completely control of the PC.

It should be noted that if the link points to a file that is not local it may be easier to spot it as being a scam, especially if it needs to download its support files from somewhere which must then be given permission to execute.  If you aren’t sure of what program launched the request or is asking for permission, don’t allow it.  Please, don’t get in the habit of just clicking “Allow�, “Yes� or “Okay� when these things pop up, actually read the notification first.

Microsoft doesn’t seem to think this is as serious as Symantec or other security firms think it is.  A spokeswomen from Microsoft’s Security Response Center said “Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time� but at the same time, they are still looking into the matter.

It is possible that Microsoft will eventually acknowledge this as a real flaw instead of beating around the bush about it.  If they do, the next update cycle for Windows products is on April 10th and that includes Vista.  We would also like to remind users that if you are unsure of who sent the message to you NOT to click any of the links in it or download any attached files present in the email.  That goes for all emails, on all accounts, regardless of which email client you are using.

In order to prevent this very thing from happening, it is important to follow our recommended precautions and have up to date security software.  See our post Free Security Software for Vista.  I also recommend McAfee or Norton 360 (no other version) for use on Vista.
Source:http://vista.blorge.com/2007/03/24/dangerous-exploit-looms-in-windows-vista-mail/