MS mail software security (Outlook / Express)

**mikeymike** · 01-19-2004, 08:28 AM

I'm trying to find a good article that is reasonably up-to-date, which includes information like what patches stopped certain security holes in MS mail software, and what its current status is at the moment (ie. what a fully-patched system is vulnerable to).

And no, I'm not considering going back to using Outlook / Express :-)

Vincent · 01-19-2004, 08:56 AM

Quote:

mikeymike wrote:
And no, I'm not considering going back to using Outlook / Express :-)

You just want to laugh at how many holes there are/were? ;-)

**mikeymike** · 01-19-2004, 09:17 AM

No, advising a customer. I am aware of the general issues with running MS mail clients, but having some solid facts and research to hand would be useful.

Jettah · 01-19-2004, 09:39 AM

Quote:

Vincent wrote:

Quote:

mikeymike wrote:
And no, I'm not considering going back to using Outlook / Express :-)

You just want to laugh at how many holes there are/were? ;-)

Ehm, isn't then Outlook / Express a hole by itself?

On the other hand, consider that it is part of M$'s .NET strategy and a net isn't that just a bunch of holes tied together with pieces of rope? :-P

I know, you arn't getting any the wiser from this reflections, but think of the fun, ehm, well eh fun?

Cheers

Tjitte

Cass · 01-19-2004, 09:59 AM

Go check this, and customize your search according to your needs.
________
Shemale Amateur

**mikeymike** · 01-19-2004, 11:37 AM

Thanks. I had looked there already, but it's not easy to differentiate between what are classed as IE vulns and strictly O/OE vulns.

**Trev** · 01-19-2004, 11:58 AM

You won't find many patches specific to Outlook or Outlook Express. When patches are released, they're usually pacakaged as an Office or Internet Explorer patch, repsectively. I wouldn't necessarily call the problems with either product vulnerabilities. In many cases, the vulnerabilities have more to do with a user's understanding of the product than the product itself (i.e. not disabling preview, launching attachments from unknown senders, etc.).

That said, you'll need to hit the security site mentioned above and search for Office (all versions), Outlook (all versions), Outlook Express (all versions), and Internet Explorer (all versions). Again, you won't find many patches specific to the mail clients. What you'll see are things like, "added switch to enable users to disable HTML previews," and such.

As with any software product, your customers should understand the features available in the product, the risks associated with using those features, and how to mitigate those risks.

Trev

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Can I use a PCI Express 2 card in a PCI express 1 slot?	RMK305	Alternative Operating Systems	6	12-22-2008 01:49 AM
Needing IDEfix-Express software	r6stu	Amiga Software Issues and Discussion	2	09-19-2008 04:40 PM
IDE-Fix Express software installation?	x56h34	Amiga Software Issues and Discussion	7	01-16-2008 02:17 PM
Contribute YOUR World Outlook!!	JDIAL	CH / Politics	2	01-31-2005 11:58 AM
Outlook Express replacement	billchase	Alternative Operating Systems	11	07-07-2004 05:58 AM