surprise another outlook express vulnerability
Results 1 to 5 of 5

Thread: surprise another outlook express vulnerability

  1. #1
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,049

    surprise another outlook express vulnerability

    well i was doing my usual browsing and stumbled apon the link
    http://news.com.com/2100-1001-961769.html

    well it seems that the mail reader cant read read specific message inabiling some one to crash a computer and gain entry
    Microsoft warned Outlook Express users late Thursday that a software flaw could allow an online vandal to control their computers.

    A critical vulnerability in the e-mail reader could allow an attacker to send a specially formatted message that would crash the software and potentially take control of the recipient's computer.

    The flaw occurs in how the software handles messages that include components using secure MIME (multipurpose Internet mail extensions), a standard that allows e-mail messages to contain encrypted data and digital signatures.

    Click Here to go to IBM!

    "Outlook Express ships with every Windows system, or rather as part of IE, so it's on every system. But unless it is configured to receive mail, you are not at risk," said Scott Culp, manager for Microsoft security response.

    Microsoft Outlook Express 5.5 and 6.0 are both affected. Earlier versions of the software giant's default e-mail application may also carry the flaw, but Microsoft hasn't tested the applications because they are no longer supported. Microsoft Outlook, the giant's full-featured e-mail and workgroup software, is not affected, Culp said.

    The advisory released on Thursday includes links to a patch for Outlook Express 5.5 users and Outlook Express 6 Gold users. Anyone who has already downloaded and installed the Internet Explorer 6 service pack or the Windows XP service pack announced on Sept. 9 already have the patch, Culp said.

    "We moved heaven and earth to get this into service packs," he said. Microsoft has found that its software service packs are downloaded in greater numbers, so the company tries to push out all application fixes that it can into the semiannual patches. Millions of people downloaded the two service packs in the first week, he said.

    Focusing on the service pack had the consequence of delaying a patch for the smaller number of people who use Outlook Express 5.5 and Outlook Express 6.0 Gold, which is the company's internal term for the latest Outlook Express without any service packs applied. While the flaw had been found in late August and Microsoft rushed a patch out for the service packs released on Sept. 9, it took another 30 days for the company to release patches for other users.

    "In order to meet the delivery date, we had to focus fully on the service packs," Culp said. "We didn't even start on OE 5.5 until after that."

    The company updated the advisory, its 58th this year, on Friday morning to explain an error message that appears on computers that have Internet Explorer 6 service pack 1 already installed if the user tries to install the new patch. Microsoft stated that the message--"This update requires Internet Explorer 6.0 to be installed"--is incorrect and should say that the patch is not needed.
    heres a link for the patch
    http://www.microsoft.com/technet/tre...n/MS02-058.asp

    so heads up people
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  2. #2
    Old Fart
    Join Date
    Jun 2002
    Posts
    1,658
    "Outlook Express ships with every Windows system, or rather as part of IE, so it's on every system. But unless it is configured to receive mail, you are not at risk," said Scott Culp, manager for Microsoft security response.
    *TRANSLATION* Our products are perfectly secure if you don't turn them on.

    Finally....someone at M$ spoke the truth.
    Al
    It isn't paranoia when you KNOW they're out to get you...

  3. #3
    Senior Member
    Join Date
    Apr 2002
    Posts
    634
    I have noticed that for 3 or 4 months. Microsoft officials seem less sure of the security of their products. Strange, if even them don't believe Windows and its tools are safe, we can really be intrigued. Maybe they have discovered an enormous vulnerability they want to hide.

    Or maybe our friend Bill has installed Linux
    Life is boring. Play NetHack... --more--

  4. #4
    Junior Member
    Join Date
    Oct 2002
    Posts
    21
    "Or maybe our friend Bill has installed Linux"

    Nah I'll bet he has a specially modified copy of Openbsd tweaked by a special forces team of
    computer genius to keep Hackers out and just laughs at all there attempts to attack his system.

  5. #5
    Senior Member
    Join Date
    Apr 2002
    Posts
    380
    LMAO at :
    "Outlook Express ships with every Windows system, or rather as part of IE, so it's on every system. But unless it is configured to receive mail, you are not at risk,"

    They might as well say, as a bonus, we include programs with Windows that will increase the chances of you getting hacked. We hope you are thankful at all those free buggy apps we provide to you for free!

    The weird thing is that Outlook (Non Express) doesn't have that bug. I thought they based Outlook xpress on the regular Outlook?!?! How did they manage to have an additional insecurity in a simpler application is a mystery to me
    [shadow]Scorp666, the Infamous Orgasmatron[/shadow]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides