Re: Microsoft Security Bulletin MS04-018 - Cumulative Security Update for Outlook Express (823353)
From: Ivan Bútora (xxx_at_xxx.xxx)
Date: 07/13/04
- Next message: Walter Cohen: "How clear Win2k recent documents list?"
- Previous message: Sarita: "Quick Launch"
- In reply to: Emily F [MSFT]: "Microsoft Security Bulletin MS04-018 - Cumulative Security Update for Outlook Express (823353)"
- Next in thread: PA Bear: "Re: Microsoft Security Bulletin MS04-018 - Cumulative Security Update for Outlook Express (823353)"
- Reply: PA Bear: "Re: Microsoft Security Bulletin MS04-018 - Cumulative Security Update for Outlook Express (823353)"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 14 Jul 2004 01:51:44 +0200
Interestingly enough, the vulnerability discussed in this bulletin is not considered critical for Windows 98 systems, but the patch is being offered for Windows 98 as well, unlike the updates from MS04-024, MS04-016 and other bulletins from earlier in the year, where Windows 98/98SE/Me were affected, but not critically.
Also, for those using WAB:
---begin quote from MS04-018 FAQ---
Does this update contain any other changes to functionality?
Yes. In addition to the change that is listed in the Vulnerability Details section of this bulletin, this update includes the following changes in functionality:
. Sets Outlook Express 5.5 SP2 to view HTML e-mail messages in the Restricted Sites zone.
. Fixes a behavior that was introduced in MS03-014 where Outlook Express 6 SP1 and later creates a copy of the Windows Address Book in a predictable location with a file name of "~". After you install this update, Outlook Express will no longer create this copy of the Windows Address Book in a predictable location.
---end quote---
Wonder if this means that the "~" problem is gone, or if it only means that now the "~" will be found in several unpredictable locations rather than one predictable locations.
BTW, why is it that the download (OE 6 SP1) is so large (1950 KB)? Did the "~" problem really affect so many different OE files? (Note that there is no security issue fixed with this patch for OE 6 SP 1).
"Emily F [MSFT]" <emilyf@onliner.microsoft.com> wrote in message news:uduRz8QaEHA.3112@tk2msftngp13.phx.gbl...
> MS04-018 - Cumulative Security Update for Outlook Express (823353)
> http://www.microsoft.com/technet/security/bulletin/ms04-018.mspx
>
> Microsoft Security Bulletin MS04-018
> Cumulative Security Update for Outlook Express (823353)
>
> Issued: July 13, 2004
> Version: 1.0
> Executive Summary:
> This update resolves a public vulnerability. A denial of service
> vulnerability exists in Outlook Express because of a lack of robust
> verification for malformed e-mail headers. The vulnerability is documented
> in the Vulnerability Details section of this bulletin. This update also
> changes the default security settings for Outlook Express 5.5 Service Pack 2
> (SP2). This change is documented in the Frequently Asked Questions related
> to this security update section of this bulletin.
> If a user is running Outlook Express and receives a specially crafted e-mail
> message, Outlook Express would fail. If the preview pane is enabled, the
> user would have to manually remove the message, and then restart Outlook
> Express to resume functionality.
> We recommend that customers consider applying the security update.
> Summary
> Who should read this document: Customers who use Microsoft® Outlook Express®
> Impact of Vulnerability: Denial of Service
> Maximum Severity Rating: Moderate
> Recommendation: Customers should consider applying the security update.
> Security Update Replacement: This bulletin replaces MS04-013: Cumulative
> Update for Outlook Express and any prior Cumulative Security Updates for
> Outlook Express.
> Caveats: None
> Tested Software and Security Update Download Locations:
> Affected Software:
> .Microsoft Windows NT® Workstation 4.0 Service Pack 6a
> .Microsoft Windows NT Server 4.0 Service Pack 6a
> .Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
> .Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack
> 3, Microsoft Windows 2000 Service Pack 4
> .Microsoft Windows XP and Microsoft Windows XP Service Pack 1
> .Microsoft Windows XP 64-Bit Edition Service Pack 1
> .Microsoft Windows XP 64-Bit Edition Version 2003
> .Microsoft Windows ServerT 2003
> .Microsoft Windows Server 2003 64-Bit Edition
> .Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
> Microsoft Windows Millennium Edition (Me) - Review the FAQ section of this
> bulletin for details about these operating systems.
>
> Affected Components:
> .Microsoft Outlook Express 5.5 Service Pack 2: Download the Update
> .Microsoft Outlook Express 6: Download the Update
> .Microsoft Outlook Express 6 Service Pack 1: Download the Update
> .Microsoft Outlook Express 6 Service Pack 1 (64 bit Edition): Download the
> Update
> .Microsoft Outlook Express 6 on Windows Server 2003: Download the Update
> .Microsoft Outlook Express 6 on Windows Server 2003 (64 bit edition):
> Download the Update
>
> The software in this list has been tested to determine if the versions are
> affected. Other versions either no longer include security update support or
> may not be affected. To determine the support lifecycle for your product and
> version, visit the following Microsoft Support Lifecycle Web site.
>
>
- Next message: Walter Cohen: "How clear Win2k recent documents list?"
- Previous message: Sarita: "Quick Launch"
- In reply to: Emily F [MSFT]: "Microsoft Security Bulletin MS04-018 - Cumulative Security Update for Outlook Express (823353)"
- Next in thread: PA Bear: "Re: Microsoft Security Bulletin MS04-018 - Cumulative Security Update for Outlook Express (823353)"
- Reply: PA Bear: "Re: Microsoft Security Bulletin MS04-018 - Cumulative Security Update for Outlook Express (823353)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
