Telecom and Logistics Associates 

Security NEWs Service: TLAnews
publication: Christian ALT  new6.gif (1031 bytes) TLAalert    Security Service 
Translate this page from:  Save Time and Money 

 9.6.2000 Security: MS Outlook security patch realesed
 Virus makers have climbed through Outlook holes to spread their handiwork. The new patch could make their job more difficult.

En français: Le patch pour MS Outlook liberé
Les auteurs de virus se sont insinués dans les trous de Outlook pour diffuser leur vers. Le nouveau patch pourrai rendre leur travail plus difficile

 
English version
Microsoft Corp. has released a security patch of its Outlook mail client aimed at closing holes exploited by numerous viruses in the past 18 months.

In addition to other safeguards, the patch prevents e-mail from directly accessing almost 40 potentially unsafe file types, including Visual Basic Script (VBS) and object code (EXE).

Résumé en français
Le patch de sécurité pour Outlook contient des ameliorations pour fermer des trous de sécurité trouvé ces 18 derniers mois.

Il empêche également d'acceder à plus de 40 extension de fichier automatiquement, VBS et EXE par exemple.

 
Quoted from Symantec

 The patch "by no means solves the problembut it helps to neuter a vector of spread."

In the ILOVEYOU incident, the original worm -- contained in an e-mail -- used a bit of wordplay to convince the reader to click on a Visual Basic Script attachment labeled "LOVE-LETTER-FOR-YOU.TXT.vbs". Once opened, the attachment accessed the user's Outlook address book and sent mail to every address. In addition, the worm could spread through Internet Relay Chat and deleted several different multimedia files types.

Warning dialog box
"This is an extension of an update that we made available last year," said Lisa Gurry, Microsoft Office product manager. That patch, created in response to the Melissa virus, required users to save certain file types to the hard disk first. Microsoft hoped that doing so would cause users to look more closely at what they were opening.

In addition, whenever another program attempts to access the Outlook address book, the patched version of Outlook will prompt users with a warning dialog box. The patch causes Outlook to similarly prompt the user when a program attempts to send an e-mail on the user's behalf.

Finally, the update will cause Outlook to operate as a "restricted" Internet zone with scripts disabled -- the highest security setting allowed by Internet Explorer.

The greatest problem may be getting users to update their software

Home users more savvy?
Most people don't bother to patch their systems

Microsoft, however, has high hopes that home users as well will be more savvy this time around.

"With each more virus that hits, and the greater the damage is becoming, people are becoming more aware of protecting themselves," said Microsoft's Gurry.

 

 

 
Author information.
Copyright © [Telecom and Logistics Associates Sàrl]. All rights reserved.
Revised: juin 09, 2000 .

All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the facts of the particular situation.