Ask Dr. Intranet

FRAMINGHAM (07/31/2000) - What's up with the new bug that makes Outlook susceptible to e-mail viruses even if I don't open or read the e-mail?

The SANS Institute says Outlook and Outlook Express share a vulnerability that lets attackers run programs on your computer, and all you have to do is download e-mail from the server. Microsoft Corp. posted a patch at www.microsoft.com/technet/security/bulletin/ MS00-043.asp. SANS recommends blocking outgoing Windows File Sharing at the firewall.

Another issue is the Office HTML Script Vulnerability. Microsoft released MS00-049 to resolve two vulnerabilities in which a particular fragment of HTML code could cause an Excel 2000 or PowerPoint document to be saved to the user's system, which could execute a VBA code. This patch addresses a vulnerability whereby an Access database could execute commands on the user's system. The FAQ and patch are at www.microsoft.com/technet/security/ bulletin/fq00-049.asp. To fully address the Access problem, open Access without opening any databases, and assign a nontrivial password to the Admin user under the Tools/ Security/User and Group Accounts menu.

It was recently reported that Internet Explorer 5.X and Outlook are susceptible to a DHTML Control vulnerability that lets malicious Web sites or e-mails gain access to files on a user's system. To fix, disable active scripting until a patch comes out.

Blass is a network architect with Sprint Enterprise Network Services in Houston. He can be reached at dr.intranet@paranet.com.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about MicrosoftOpen AccessSANS InstituteSprintThe SANS Institute

Show Comments