Re: Microsoft Security Bulletin MS04-018 - Cumulative Security Update for Outlook Express (823353)
From: PA Bear (PABear_at_mvps.org)
Date: 07/14/04
- Next message: cinngirl11: "email address"
- Previous message: Bruce Chambers: "Re: Win2K Pro or WinXP Pro?"
- In reply to: Ivan Bútora: "Re: Microsoft Security Bulletin MS04-018 - Cumulative Security Update for Outlook Express (823353)"
- Next in thread: PCR: "Re: Microsoft Security Bulletin MS04-018 - Cumulative Security Update for Outlook Express (823353)"
- Reply: PCR: "Re: Microsoft Security Bulletin MS04-018 - Cumulative Security Update for Outlook Express (823353)"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 13 Jul 2004 21:41:57 -0400
IIRC the automatic backup of Address Book will now be found with a .WAB~
extension, Ivan. "Mysterious Tilde File" is history after installing
MS04-018.
This update supersedes (replaces) Q837009 (MS04-013) and Q330994.
The download is large because the files updated are large:
Date Time Version Size File name
--------------------------------------------------------------
03-Mar-2003 23:57 6.0.2800.1123 75,776 Directdb.dll
07-Jun-2004 21:19 6.0.2800.1441 596,480 Inetcomm.dll
11-Oct-2002 22:08 6.0.2800.1123 47,616 Inetres.dll
03-Mar-2003 23:57 6.0.2800.1123 44,032 Msident.dll
03-Mar-2003 23:57 6.0.2800.1123 56,832 Msimn.exe
26-May-2004 21:26 6.0.2800.1437 1,175,040 Msoe.dll
03-Mar-2003 23:57 6.0.2800.1123 228,864 Msoeacct.dll
11-Oct-2002 22:09 6.0.2800.1123 2,479,616 Msoeres.dll
03-Mar-2003 23:57 6.0.2800.1123 91,136 Msoert2.dll
03-Mar-2003 23:57 6.0.2800.1123 93,184 Oeimport.dll
03-Mar-2003 23:57 6.0.2800.1123 55,808 Oemig50.exe
03-Mar-2003 23:57 6.0.2800.1123 31,744 Oemiglib.dll
03-Mar-2003 23:57 6.0.2800.1123 42,496 Wab.exe
24-Jun-2004 21:26 6.0.2800.1450 463,360 Wab32.dll
03-Mar-2003 23:57 6.0.2800.1123 30,208 Wabfind.dll
03-Mar-2003 23:57 6.0.2800.1123 77,824 Wabimp.dll
03-Mar-2003 23:57 6.0.2800.1123 27,648 Wabmig.exe
The above is for Windows XP, Windows XP SP1, Windows 2000 SP3, Windows 2000
SP4, and Windows NT 4.0 SP6a w/out either Q837009 or Q330994 installed.
-- ~PA Bear Ivan Bútora wrote: > Interestingly enough, the vulnerability discussed in this bulletin is not > considered critical for Windows 98 systems, but the patch is being > offered for Windows 98 as well, unlike the updates from MS04-024, > MS04-016 and other bulletins from earlier in the year, where Windows > 98/98SE/Me were affected, but not critically. > > Also, for those using WAB: > > ---begin quote from MS04-018 FAQ--- > Does this update contain any other changes to functionality? > Yes. In addition to the change that is listed in the Vulnerability > Details section of this bulletin, this update includes the following > changes in functionality: > . Sets Outlook Express 5.5 SP2 to view HTML e-mail messages in the > Restricted Sites zone. > . Fixes a behavior that was introduced in MS03-014 where Outlook Express > 6 SP1 and later creates a copy of the Windows Address Book in a > predictable location with a file name of "~". After you install this > update, Outlook Express will no longer create this copy of the Windows > Address Book in a predictable location. > ---end quote--- > > Wonder if this means that the "~" problem is gone, or if it only means > that now the "~" will be found in several unpredictable locations rather > than one predictable locations. > > BTW, why is it that the download (OE 6 SP1) is so large (1950 KB)? Did > the "~" problem really affect so many different OE files? (Note that > there is no security issue fixed with this patch for OE 6 SP 1). > > > > "Emily F [MSFT]" <emilyf@onliner.microsoft.com> wrote in message > news:uduRz8QaEHA.3112@tk2msftngp13.phx.gbl... >> MS04-018 - Cumulative Security Update for Outlook Express (823353) >> http://www.microsoft.com/technet/security/bulletin/ms04-018.mspx >> >> Microsoft Security Bulletin MS04-018 >> Cumulative Security Update for Outlook Express (823353) >> >> Issued: July 13, 2004 >> Version: 1.0 >> Executive Summary: >> This update resolves a public vulnerability. A denial of service >> vulnerability exists in Outlook Express because of a lack of robust >> verification for malformed e-mail headers. The vulnerability is >> documented in the Vulnerability Details section of this bulletin. This >> update also changes the default security settings for Outlook Express >> 5.5 Service Pack 2 (SP2). This change is documented in the Frequently >> Asked Questions related to this security update section of this bulletin. >> If a user is running Outlook Express and receives a specially crafted >> e-mail message, Outlook Express would fail. If the preview pane is >> enabled, the user would have to manually remove the message, and then >> restart Outlook Express to resume functionality. >> We recommend that customers consider applying the security update. >> Summary >> Who should read this document: Customers who use Microsoft® Outlook >> Express® Impact of Vulnerability: Denial of Service >> Maximum Severity Rating: Moderate >> Recommendation: Customers should consider applying the security update. >> Security Update Replacement: This bulletin replaces MS04-013: Cumulative >> Update for Outlook Express and any prior Cumulative Security Updates for >> Outlook Express. >> Caveats: None >> Tested Software and Security Update Download Locations: >> Affected Software: >> .Microsoft Windows NT® Workstation 4.0 Service Pack 6a >> .Microsoft Windows NT Server 4.0 Service Pack 6a >> .Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 >> .Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service >> Pack 3, Microsoft Windows 2000 Service Pack 4 >> .Microsoft Windows XP and Microsoft Windows XP Service Pack 1 >> .Microsoft Windows XP 64-Bit Edition Service Pack 1 >> .Microsoft Windows XP 64-Bit Edition Version 2003 >> .Microsoft Windows ServerT 2003 >> .Microsoft Windows Server 2003 64-Bit Edition >> .Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and >> Microsoft Windows Millennium Edition (Me) - Review the FAQ section of >> this bulletin for details about these operating systems. >> >> Affected Components: >> .Microsoft Outlook Express 5.5 Service Pack 2: Download the Update >> .Microsoft Outlook Express 6: Download the Update >> .Microsoft Outlook Express 6 Service Pack 1: Download the Update >> .Microsoft Outlook Express 6 Service Pack 1 (64 bit Edition): Download >> the Update >> .Microsoft Outlook Express 6 on Windows Server 2003: Download the Update >> .Microsoft Outlook Express 6 on Windows Server 2003 (64 bit edition): >> Download the Update >> >> The software in this list has been tested to determine if the versions >> are affected. Other versions either no longer include security update >> support or may not be affected. To determine the support lifecycle for >> your product and version, visit the following Microsoft Support >> Lifecycle Web site.
- Next message: cinngirl11: "email address"
- Previous message: Bruce Chambers: "Re: Win2K Pro or WinXP Pro?"
- In reply to: Ivan Bútora: "Re: Microsoft Security Bulletin MS04-018 - Cumulative Security Update for Outlook Express (823353)"
- Next in thread: PCR: "Re: Microsoft Security Bulletin MS04-018 - Cumulative Security Update for Outlook Express (823353)"
- Reply: PCR: "Re: Microsoft Security Bulletin MS04-018 - Cumulative Security Update for Outlook Express (823353)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
