What is exactly your question/point?
1.- Is it that when is the security patch will exist?
It already exists.
Only one of two is released. The only one they have released is
very weak, in that it would not have prevented Melissa and the
other self-sending MAPI clients; it only would have slowed their spread.
2.- Is it that those features were disabled?
Sort of; please have a look at
http://www.microsoft.com/technet/security/virus/vbslvltr.asp
In particular:
) Two security updates to Outlook are available to help protect
) against malicious programs like worms and viruses:
)
) - A file attachment update is available for Outlook 97, Outlook 98
) and Outlook 2000 This update makes it more difficult to
) inadvertently launch attachments, by providing a more explicit
) warning dialogue, and preventing attached executables from
) being launched directly from e-mails. The update also is
) included as part of Office 2000 SR1.
)
) - A security update will soon be available for Outlook 98 and
) 2000. This update will provide even greater protection than the
) file protection update. It prevents certain types of attached
) files from ever being opened or saved to disk, ensures that
) customers are alerted anytime a program attempts to send mail
) on their behalf, and changes the default Security Zone in which
) mail is processed.
Likely there will be no way to turn off the MAPI Send method
without also completely excluding a whole range of file
attachments. My guess is that this is being done because of
some Excel and SQL Server scripts that send mail. There are
better solutions, including for Microsoft. Will Microsoft
really end up with those two patches 'tied' together? The
fact that they still have some people who have suggested it
is not helping them avoid the "predatory" label.
Cheers,
James