MOREnet's Outlook Express Warning
MOREnet's Outlook Express Warning
| MOREnet Security Advisory: Malformed E-mail Header Vulnerability Outlook and Outlook Express share a flaw that allow attackers to run programs of their choice on your computer. To be attacked, the only thing you have to do is download e-mail from the server. You do not need to open or read the mail for the attack to work. Patching or upgrading Internet Explorer will fix the problem. Affected Software Versions ======================== Directly Affected: Microsoft Outlook e-mail clients Microsoft Outlook Express e-mail clients Microsoft Internet Explorer versions older than 5.5 Indirectly Affected: Security of any computer with Microsoft Internet Explorer versions older than 5.5. What Customers Should Do ======================== 1. Please read Microsoft Security Advisory MS00-043: http://www.microsoft.com/technet/security/bulletin/MS00-043.asp 2. If you are running an affected version (true unless you have recently installed IE 5.01 Service Pack 1 or IE 5.5), either download the patch or upgrade IE to version 5.5. Windows 2000 computer users should install the patch, while other users should either install the patch or upgrade to IE 5.5. MOREnet Security recommends all users upgrade to IE 5.5, rather than continue to support older versions. (A few copies of the upgrade are available on CD from Show-Me Net. For more info, ask HelpDesk@showme.net or call 204-1097) If you have previously upgraded and/or installed these patches, you do not need do so again. 3. Consider creating a software maintenance plan, with provisions for urgent distribution of security related patches and upgrades. Such a plan should include testing patches and upgrades on non-production computers before widespread installation. Show-Me Net Members are asked to report significant or suspected Internet security activity to Show-Me Net's Help Desk or law enforcement agencies as appropriate. |
This page was last modified March 07, 2003.