Author Topic: MS mail software security (Outlook / Express) (Read 2509 times)

mikeymike · « **on:** January 19, 2004, 03:28:31 PM »

I'm trying to find a good article that is reasonably up-to-date, which includes information like what patches stopped certain security holes in MS mail software, and what its current status is at the moment (ie. what a fully-patched system is vulnerable to).

And no, I'm not considering going back to using Outlook / Express :-)

Vincent · « **Reply #1 on:** January 19, 2004, 03:56:10 PM »

Quote

mikeymike wrote:
And no, I'm not considering going back to using Outlook / Express :-)

You just want to laugh at how many holes there are/were? ;-)

mikeymike · « **Reply #2 on:** January 19, 2004, 04:17:34 PM »

No, advising a customer. I am aware of the general issues with running MS mail clients, but having some solid facts and research to hand would be useful.

Jettah · « **Reply #3 on:** January 19, 2004, 04:39:08 PM »

Quote

Vincent wrote:
Quote

mikeymike wrote:
And no, I'm not considering going back to using Outlook / Express :-)

You just want to laugh at how many holes there are/were? ;-)

Ehm, isn't then Outlook / Express a hole by itself?

On the other hand, consider that it is part of M$'s .NET strategy and a net isn't that just a bunch of holes tied together with pieces of rope? :-P

I know, you arn't getting any the wiser from this reflections, but think of the fun, ehm, well eh fun?

Cheers

Tjitte

Cass · « **Reply #4 on:** January 19, 2004, 04:59:51 PM »

Go check this, and customize your search according to your needs.
________
Shemale Amateur

mikeymike · « **Reply #5 on:** January 19, 2004, 06:37:43 PM »

Thanks. I had looked there already, but it's not easy to differentiate between what are classed as IE vulns and strictly O/OE vulns.

Trev · « **Reply #6 on:** January 19, 2004, 06:58:07 PM »

You won't find many patches specific to Outlook or Outlook Express. When patches are released, they're usually pacakaged as an Office or Internet Explorer patch, repsectively. I wouldn't necessarily call the problems with either product vulnerabilities. In many cases, the vulnerabilities have more to do with a user's understanding of the product than the product itself (i.e. not disabling preview, launching attachments from unknown senders, etc.).

That said, you'll need to hit the security site mentioned above and search for Office (all versions), Outlook (all versions), Outlook Express (all versions), and Internet Explorer (all versions). Again, you won't find many patches specific to the mail clients. What you'll see are things like, "added switch to enable users to disable HTML previews," and such.

As with any software product, your customers should understand the features available in the product, the risks associated with using those features, and how to mitigate those risks.

Trev

Author Topic: MS mail software security (Outlook / Express) (Read 2509 times)

mikeymike

MS mail software security (Outlook / Express)

Vincent

Re: MS mail software security (Outlook / Express)

mikeymike

Re: MS mail software security (Outlook / Express)

Jettah

Re: MS mail software security (Outlook / Express)

Cass

Re: MS mail software security (Outlook / Express)

mikeymike

Re: MS mail software security (Outlook / Express)

Trev

Re: MS mail software security (Outlook / Express)