ietf
[Top] [All Lists]

RE: still no Outlook patch

2000-05-28 17:20:02
What is exactly your question/point?

1.- Is it that when is the security patch will exist?
    It already exists.

Only one of two is released.  The only one they have released is 
very weak, in that it would not have prevented Melissa and the 
other self-sending MAPI clients; it only would have slowed their spread.

2.- Is it that those features were disabled?

Sort of; please have a look at

  http://www.microsoft.com/technet/security/virus/vbslvltr.asp

In particular:

) Two security updates to Outlook are available to help protect 
) against malicious programs like worms and viruses: 
) 
) - A file attachment update is available for Outlook 97, Outlook 98
)   and Outlook 2000 This update makes it more difficult to
)   inadvertently launch attachments, by providing a more explicit
)   warning dialogue, and preventing attached executables from
)   being launched directly from e-mails. The update also is
)   included as part of Office 2000 SR1. 
)
) - A security update will soon be available for Outlook 98 and
)   2000. This update will provide even greater protection than the
)   file protection update. It prevents certain types of attached
)   files from ever being opened or saved to disk, ensures that
)   customers are alerted anytime a program attempts to send mail
)   on their behalf, and changes the default Security Zone in which
)   mail is processed. 

Likely there will be no way to turn off the MAPI Send method 
without also completely excluding a whole range of file 
attachments.  My guess is that this is being done because of 
some Excel and SQL Server scripts that send mail.  There are 
better solutions, including for Microsoft.  Will Microsoft 
really end up with those two patches 'tied' together?  The 
fact that they still have some people who have suggested it 
is not helping them avoid the "predatory" label.

Cheers,
James



<Prev in Thread] Current Thread [Next in Thread>