Microsoft to issue Outlook security patch

Featured eBooks
AI in the Workplace
Read Now

CX in Action

Read Now

Next Steps for CMMC

Read Now
By Ann Harrison

By Ann Harrison

|

The patch is to prevent the program from falling victim to viruses such as the recent 'love bug'

Microsoft Corp. announced this week that it will issue a patch for its popular Outlook e-mail client that's aimed at preventing the software from propagating viruses like the "love bug" and Melissa. Those viruses were spread via e-mail attachments or Internet worms that replicated through the Outlook address book.

The patch, which is being analyzed by developers, could have a wide-ranging impact on third-party software designed to interoperate with Outlook.

The recent "I Love You" virus overwhelmed many corporate and government networks when it triggered Outlook to automatically mail the virus to everyone in victims' Outlook address books. The upcoming patch will prevent Outlook 2000 and Outlook 98 from receiving certain types of programs files, such as .exe and .bat, that contain executable code used to spread viruses.

Updated versions of Outlook will also block script modules and files such as .js, .bas and .vbs Visual Basic script attachments. The love bug virus payload was a .vbs attachment. Internet links and shortcuts to files such as .lnk and .pif files will be restricted. "The goal is to take the guesswork out of determining whether an attachment is safe," said Lisa Gurry, a product manager with Microsoft's Office team.

Microsoft has made a beta version of the patch available to independent software vendors whose products may be impacted by the update. The beta, available at http://officeupdate.microsoft.com/2000/articles/o2ksecISV.htm is intended only for use by systems administrators and independent software vendors.

Microsoft posted a warning on the site that "the beta is not intended to be placed into production situations and should be deployed only on machines that can be reformatted after testing without serious concerns." The site includes a link through which companies can contact Microsoft to report bugs or provide feedback on the update.

A patch for all Outlook users, known as the Microsoft Outlook 98/2000 E-mail Security Update, will be available next week.

REPORT CARD

User's manual for hackers' [Federal Computer Week, May 15, 2000]

Love bloomed amid bureacracy[FCW.com, May 11, 2000]

CIOs see security "nightmare' [FCW.com, May 11, 2000]

BY Ann Harrison, Computerworld online
May 18, 2000

More Related Links

NEXT STORY: Privacy fears prompt study, delay