Re: Microsoft Security Bulletin MS04-018 - Cumulative Security Update for Outlook Express (823353)

From: PCR (pcrrcp_at_netzero.net)
Date: 07/14/04 

Date: Wed, 14 Jul 2004 00:21:08 -0400

!!!Yea!!! 

-- 
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"PA Bear" <PABear@mvps.org> wrote in message
news:uag6$OUaEHA.3512@TK2MSFTNGP12.phx.gbl...
| IIRC the automatic backup of Address Book will now be found with a
.WAB~
| extension, Ivan.  "Mysterious Tilde File" is history after installing
| MS04-018.
|
| This update supersedes (replaces) Q837009 (MS04-013) and Q330994.
|
| The download is large because the files updated are large:
|
| Date         Time   Version            Size    File name
| --------------------------------------------------------------
| 03-Mar-2003  23:57  6.0.2800.1123      75,776  Directdb.dll
| 07-Jun-2004  21:19  6.0.2800.1441     596,480  Inetcomm.dll
| 11-Oct-2002  22:08  6.0.2800.1123      47,616  Inetres.dll
| 03-Mar-2003  23:57  6.0.2800.1123      44,032  Msident.dll
| 03-Mar-2003  23:57  6.0.2800.1123      56,832  Msimn.exe
| 26-May-2004  21:26  6.0.2800.1437   1,175,040  Msoe.dll
| 03-Mar-2003  23:57  6.0.2800.1123     228,864  Msoeacct.dll
| 11-Oct-2002  22:09  6.0.2800.1123   2,479,616  Msoeres.dll
| 03-Mar-2003  23:57  6.0.2800.1123      91,136  Msoert2.dll
| 03-Mar-2003  23:57  6.0.2800.1123      93,184  Oeimport.dll
| 03-Mar-2003  23:57  6.0.2800.1123      55,808  Oemig50.exe
| 03-Mar-2003  23:57  6.0.2800.1123      31,744  Oemiglib.dll
| 03-Mar-2003  23:57  6.0.2800.1123      42,496  Wab.exe
| 24-Jun-2004  21:26  6.0.2800.1450      463,360 Wab32.dll
| 03-Mar-2003  23:57  6.0.2800.1123      30,208  Wabfind.dll
| 03-Mar-2003  23:57  6.0.2800.1123      77,824  Wabimp.dll
| 03-Mar-2003  23:57  6.0.2800.1123      27,648  Wabmig.exe
|
| The above is for Windows XP, Windows XP SP1, Windows 2000 SP3, Windows
2000
| SP4, and Windows NT 4.0 SP6a w/out either Q837009 or Q330994
installed.
| -- 
| ~PA Bear
|
| Ivan Bútora wrote:
| > Interestingly enough, the vulnerability discussed in this bulletin
is not
| > considered critical for Windows 98 systems, but the patch is being
| > offered for Windows 98 as well, unlike the updates from MS04-024,
| > MS04-016 and other bulletins from earlier in the year, where Windows
| > 98/98SE/Me were affected, but not critically.
| >
| > Also, for those using WAB:
| >
| > ---begin quote from MS04-018 FAQ---
| > Does this update contain any other changes to functionality?
| > Yes. In addition to the change that is listed in the Vulnerability
| > Details section of this bulletin, this update includes the following
| > changes in functionality:
| > . Sets Outlook Express 5.5 SP2 to view HTML e-mail messages in the
| > Restricted Sites zone.
| > . Fixes a behavior that was introduced in MS03-014 where Outlook
Express
| > 6 SP1 and later creates a copy of the Windows Address Book in a
| > predictable location with a file name of "~". After you install this
| > update, Outlook Express will no longer create this copy of the
Windows
| > Address Book in a predictable location.
| > ---end quote---
| >
| > Wonder if this means that the "~" problem is gone, or if it only
means
| > that now the "~" will be found in several unpredictable locations
rather
| > than one predictable locations.
| >
| > BTW, why is it that the download (OE 6 SP1) is so large (1950 KB)?
Did
| > the "~" problem really affect so many different OE files? (Note that
| > there is no security issue fixed with this patch for OE 6 SP 1).
| >
| >
| >
| > "Emily F [MSFT]" <emilyf@onliner.microsoft.com> wrote in message
| > news:uduRz8QaEHA.3112@tk2msftngp13.phx.gbl...
| >> MS04-018 - Cumulative Security Update for Outlook Express (823353)
| >> http://www.microsoft.com/technet/security/bulletin/ms04-018.mspx
| >>
| >> Microsoft Security Bulletin MS04-018
| >> Cumulative Security Update for Outlook Express (823353)
| >>
| >> Issued: July 13, 2004
| >> Version: 1.0
| >> Executive Summary:
| >> This update resolves a public vulnerability. A denial of service
| >> vulnerability exists in Outlook Express because of a lack of robust
| >> verification for malformed e-mail headers. The vulnerability is
| >> documented in the Vulnerability Details section of this bulletin.
This
| >> update also changes the default security settings for Outlook
Express
| >> 5.5 Service Pack 2 (SP2). This change is documented in the
Frequently
| >> Asked Questions related to this security update section of this
bulletin.
| >> If a user is running Outlook Express and receives a specially
crafted
| >> e-mail message, Outlook Express would fail. If the preview pane is
| >> enabled, the user would have to manually remove the message, and
then
| >> restart Outlook Express to resume functionality.
| >> We recommend that customers consider applying the security update.
| >> Summary
| >> Who should read this document: Customers who use Microsoft® Outlook
| >> Express® Impact of Vulnerability:  Denial of Service
| >> Maximum Severity Rating: Moderate
| >> Recommendation: Customers should consider applying the security
update.
| >> Security Update Replacement: This bulletin replaces MS04-013:
Cumulative
| >> Update for Outlook Express and any prior Cumulative Security
Updates for
| >> Outlook Express.
| >> Caveats: None
| >> Tested Software and Security Update Download Locations:
| >> Affected Software:
| >> .Microsoft Windows NT® Workstation 4.0 Service Pack 6a
| >> .Microsoft Windows NT Server 4.0 Service Pack 6a
| >> .Microsoft Windows NT Server 4.0 Terminal Server Edition Service
Pack 6
| >> .Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000
Service
| >> Pack 3, Microsoft Windows 2000 Service Pack 4
| >> .Microsoft Windows XP and Microsoft Windows XP Service Pack 1
| >> .Microsoft Windows XP 64-Bit Edition Service Pack 1
| >> .Microsoft Windows XP 64-Bit Edition Version 2003
| >> .Microsoft Windows ServerT 2003
| >> .Microsoft Windows Server 2003 64-Bit Edition
| >> .Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),
and
| >> Microsoft Windows Millennium Edition (Me) - Review the FAQ section
of
| >> this bulletin for details about these operating systems.
| >>
| >> Affected Components:
| >> .Microsoft Outlook Express 5.5 Service Pack 2: Download the Update
| >> .Microsoft Outlook Express 6: Download the Update
| >> .Microsoft Outlook Express 6 Service Pack 1: Download the Update
| >> .Microsoft Outlook Express 6 Service Pack 1 (64 bit Edition):
Download
| >> the Update
| >> .Microsoft Outlook Express 6 on Windows Server 2003: Download the
Update
| >> .Microsoft Outlook Express 6 on Windows Server 2003 (64 bit
edition):
| >> Download the Update
| >>
| >> The software in this list has been tested to determine if the
versions
| >> are affected. Other versions either no longer include security
update
| >> support or may not be affected. To determine the support lifecycle
for
| >> your product and version, visit the following Microsoft Support
| >> Lifecycle Web site.
|

Relevant Pages