Microsoft has announced that it plans to soon offer security
patches for Microsoft Outlook 98 and 2000 for Windows. These patches
will block many of the routes used by worms such as W97M/Melissa,
VBS/LoveLetter (aka ILOVEYOU and LoveBug), and their variants to
replicate themselves. (A new destructive worm, VBS/NewLove.A, which
like Melissa and LoveLetter also mails copies of itself to the e-mail
addresses in a user's Outlook address book, was discovered just
yesterday.)
These patches are not yet publicly available. An Associated Press
article today states that they will likely be released "next week."
You can find more information on these forthcoming patches at
Microsoft's Web pages:
"Protect Against Viruses with the Outlook E-mail Security Update"
http://www.officeupdate.com/2000/articles/Out2ksecarticle.htm
(the home page for the patches, with many links to auxiliary articles)
Outlook 2000 patches
http://www.officeupdate.com/2000/downloadDetails/Out2ksec.htm
(provides general info)
http://support.microsoft.com/support/kb/articles/Q262/7/01.asp
(for developers and sysadmins; provides detailed technical info)
Outlook 98 patches
http://www.officeupdate.com/downloadDetails/Out98sec.htm
(provides general info)
http://support.microsoft.com/support/kb/articles/Q262/7/00.asp
(for developers and sysadmins; provides detailed technical info)
Note that these patches will also block certain actions that
Outlook users or other programs might wish to legitimately perform.
Some of these side effects are mentioned in the
developer/sysadmin-oriented articles, above.
Two examples:
- Outlook users will no longer be able to receive certain types of
executable files (such as .EXE, .COM, and .CMD files) as attachments.
If you wish to distribute these files to your Outlook users, you'll
need to use some other method.
- Certain Microsoft and third-party products that employ various Outlook
automation features might be blocked from performing their actions.
For example, Microsoft mentions that mailbox and address book
"synchronization utilities, such as utilities that are used
with 3Com Palm devices and Microsoft Windows CE-based devices,"
may either "generate warning messages" or "stop responding ...
depending on the software and action taken."
In addition, Microsoft notes that "There is no remove/uninstall
utility for this [Outlook E-mail security] update. To remove it, you
must remove and then reinstall Office."
Aron Roberts
Workstation Software Support Group
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the Micronet Web site at <URL:http://wss-www.berkeley.edu/micronet/>.
This archive was generated by hypermail 2b29 : Fri May 19 2000 - 11:42:32 PDT