[14960] in bugtraq
Re: MICROSOFT SECURITY FLAW?
daemon@ATHENA.MIT.EDU (Russ)
Fri May 19 18:38:22 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-Id: <E9A01F52DC939448BBDE44ED2E1C468F07FACF@muskie.rc.on.ca>
Date: Thu, 18 May 2000 16:45:20 -0400
Reply-To: Russ <Russ.Cooper@RC.ON.CA>
From: Russ <Russ.Cooper@RC.ON.CA>
X-To: "http-equiv@excite.com" <http-equiv@excite.com>,
BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Simply modifying your Outlook (98/2000/OE 5.0) Security setting to
"Restricted Sites" shuts this down clean. The ActiveX control cannot be
invoked and the user does not have an option to by-pass the security (and no
files, .chm or .exe, are copied down).
Microsoft's "Outlook Email Security Update" will do this automatically when
its released and applied. Meanwhile, anyone who hasn't already realized
their Outlook Security should be set to "Restricted Sites" deserves more
than an oolala and a joke...;-]
Cheers,
Russ - NTBugtraq Editor
"dot-age" (as in "we're in the dot-age") = senility (source Webster's)
