Outlook and/or Outlook Express had a famous bug that allowed messages
showing in the preview pane to execute HTML code (probably using IE). A
patch was released a long time ago. Now that I think about this more,
seems like the bug was discovered two or three times in Outlook.
If your systems are patched with the critical/security patches from
Windows updates, I would say they are probably OK with respect to
viewing messages. It might be a good idea to also run OfficeUpdates and
see what that says. For instance, I'm using Office 2000 + SR1a. None of
the security scans I've run (HFnetchkPro, MBSA) indicate that Outlook is
As research backing this up, I think Don was referring to the Phatbot
virus, which Symantec writes up here:
Symantec doesn't mention Outlook as a vector, but does list three other
MS security notices, all of which should have been handled by
But I would also say that Outlook is a security nightmare and should be
avoided. Unfortunately I still have about 25 faculty/staff that use it.
I've tried to talk them into something else, but have only had a few
Chris Wolf wrote:
> At 11:13 AM 3/18/2004, Bosman, Don wrote:
>>Instead it contains a link, which upon opening the email, starts a series of events that
>>eventually downloads this file infector into the system.
> From the subject of your message, it seems you are implying that in Outlook previewing a message is equivalent to actually opening it. Is this definitely the case? (We don't have many Outlook email users, so I don't work with Outlook email much.) I'm also wondering why you didn't mention the preview pane in other programs, such as Outlook Express. Eudora's preview pane (as well as its regular viewer) is safe from this threat, as long as you disallow executables in HTML content.
> Chris Wolf Computer Service Manager
> Agricultural Economics [log in to unmask]
> Michigan State University 517 353-5017