[14906] in bugtraq
Microsoft to release a new Outlook Security patch
daemon@ATHENA.MIT.EDU (Richard M. Smith)
Mon May 15 17:05:19 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Message-Id: <NDBBKGHPMKBKDDGLDEEHAENLDIAA.rms2000@bellatlantic.net>
Date: Mon, 15 May 2000 09:16:30 -0400
Reply-To: "Richard M. Smith" <rms2000@BELLATLANTIC.NET>
From: "Richard M. Smith" <rms2000@BELLATLANTIC.NET>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Hello,
Business Week is reporting that Microsoft is preparing patches
for Outlook 98 and Outlook 2000 to help prevent Email worms like
LoveBug and Melissa. The article is available online at:
http://www.businessweek.com/bwdaily/dnflash/may2000/nf00515d.htm
The patches will do 2 things:
1. Prevent users from running VBScript and other executable
programs that come in as Email attachments.
2. Prevent programs from automatically scanning the Outlook
address book for Email addresses.
This is a giant step forward IMHO for securing Outlook. I am
extremely happy to see Microsoft making these changes. The next
major step is to get JavaScript, Java, and ActiveX turned off
by default in Outlook and Outlook Express.
According to the article, the patch files will be available for
download on the week of May 22.
Similar security fixes are also being worked on for Outlook
Express.
Richard
==========================================
Richard M. Smith
Internet consultant
Email: rms2000@bellatlantic.net
http://www.tiac.net/users/smiths
==========================================
