BOSTON (05/20/2000) - Microsoft Corp. this week announced that it will issue a patch for its popular Outlook e-mail client that's aimed at preventing the software from propagating viruses like the "I Love You" and "Melissa" bugs. Those viruses were spread recently via e-mail attachments or Internet worms that replicated through the Outlookaddress book.
The patch, which is nowbeing analyzed by developers, could have a wide-rangingimpact on third-party software designed to interoperate with Outlook.
The upcoming patch will prevent Outlook 2000 and Outlook 98 from receiving certain types of program files, such as .exe and .bat, that contain executable code used to spread viruses. Updated versions of Outlook will also block script modules and files such as .js, .bas and .vbs (Visual Basic Script) attachments.
The "I Love You" virus payload was a .vbs attachment. Internet links and shortcuts to files such as .lnk and .pif files will be restricted. "The goalis to take the guesswork outof determining whether an attachment is safe," said Lisa Gurry, a product manager on Microsoft's Office team.
Gurry confirmed that the virus patch will affect a number of business applications, including San Mateo, California-based Siebel Systems Inc.'s customer relationship management applications and SAP AG's enterprise resource planning software.
But she said they and other software partners are just now receiving the beta code and that it's too early to know what the impact will be. "We will be inviting them to campus to discuss the right balance between security and functionality and ensure that our products continue to work well with theirs," Gurry said.
Microsoft has acknowledged that the patch will affect certain functionalities within Outlook and the interaction of some third-party software with Office.
Some vendors - including Novell Inc., Palm Inc. and Paragon Software Ltd. - are evaluating the effect on their products, according to Microsoft's beta download site.
The development of the patch is a departure for Microsoft, which has often countered criticism of security weaknesses in its Office products by arguing that users want a range of automated features, even if they're vulnerable to attack.
A patch for all Outlook users, called the Microsoft Outlook 98/2000 E-mail Security Update, will be available this week.