Amiga.org

The "Not Quite Amiga but still computer related category" => Alternative Operating Systems => Topic started by: mikeymike on January 19, 2004, 03:28:31 PM

Title: MS mail software security (Outlook / Express)
Post by: mikeymike on January 19, 2004, 03:28:31 PM

I'm trying to find a good article that is reasonably up-to-date, which includes information like what patches stopped certain security holes in MS mail software, and what its current status is at the moment (ie. what a fully-patched system is vulnerable to).

And no, I'm not considering going back to using Outlook / Express :-)

Title: Re: MS mail software security (Outlook / Express)
Post by: Vincent on January 19, 2004, 03:56:10 PM

Quote

mikeymike wrote:
And no, I'm not considering going back to using Outlook / Express :-)

You just want to laugh at how many holes there are/were? ;-)

Title: Re: MS mail software security (Outlook / Express)
Post by: mikeymike on January 19, 2004, 04:17:34 PM

No, advising a customer.  I am aware of the general issues with running MS mail clients, but having some solid facts and research to hand would be useful.

Title: Re: MS mail software security (Outlook / Express)
Post by: Jettah on January 19, 2004, 04:39:08 PM

Quote

Vincent wrote:

Quote

mikeymike wrote:
And no, I'm not considering going back to using Outlook / Express :-)

You just want to laugh at how many holes there are/were? ;-)

Ehm, isn't then Outlook / Express a hole by itself?

On the other hand, consider that it is part of M$'s .NET strategy and a net isn't that just a bunch of holes tied together with pieces of rope? :-P

I know, you arn't getting any the wiser from this reflections, but think of the fun, ehm, well eh fun?

Cheers

Tjitte

Title: Re: MS mail software security (Outlook / Express)
Post by: Cass on January 19, 2004, 04:59:51 PM

Go check this (http://www.microsoft.com/technet/security/Currentdl.asp), and customize your search according to your needs.
________
Shemale Amateur (http://www.fucktube.com/categories/945/amateur/videos/1)

Title: Re: MS mail software security (Outlook / Express)
Post by: mikeymike on January 19, 2004, 06:37:43 PM

Thanks.  I had looked there already, but it's not easy to differentiate between what are classed as IE vulns and strictly O/OE vulns.

Title: Re: MS mail software security (Outlook / Express)
Post by: Trev on January 19, 2004, 06:58:07 PM

You won't find many patches specific to Outlook or Outlook Express. When patches are released, they're usually pacakaged as an Office or Internet Explorer patch, repsectively. I wouldn't necessarily call the problems with either product vulnerabilities. In many cases, the vulnerabilities have more to do with a user's understanding of the product than the product itself (i.e. not disabling preview, launching attachments from unknown senders, etc.).

That said, you'll need to hit the security site mentioned above and search for Office (all versions), Outlook (all versions), Outlook Express (all versions), and Internet Explorer (all versions). Again, you won't find many patches specific to the mail clients. What you'll see are things like, "added switch to enable users to disable HTML previews," and such.

As with any software product, your customers should understand the features available in the product, the risks associated with using those features, and how to mitigate those risks.

Trev