 |
 |
Chris, Outlook and/or Outlook Express had a famous bug that allowed messages showing in the preview pane to execute HTML code (probably using IE). A patch was released a long time ago. Now that I think about this more, seems like the bug was discovered two or three times in Outlook. If your systems are patched with the critical/security patches from Windows updates, I would say they are probably OK with respect to viewing messages. It might be a good idea to also run OfficeUpdates and see what that says. For instance, I'm using Office 2000 + SR1a. None of the security scans I've run (HFnetchkPro, MBSA) indicate that Outlook is vulnerable. As research backing this up, I think Don was referring to the Phatbot virus, which Symantec writes up here: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.polybot.html Symantec doesn't mention Outlook as a vector, but does list three other MS security notices, all of which should have been handled by WindowsUpdates. But I would also say that Outlook is a security nightmare and should be avoided. Unfortunately I still have about 25 faculty/staff that use it. I've tried to talk them into something else, but have only had a few successful conversions. -John Chris Wolf wrote: > At 11:13 AM 3/18/2004, Bosman, Don wrote: > >>Instead it contains a link, which upon opening the email, starts a series of events that >>eventually downloads this file infector into the system. > > > From the subject of your message, it seems you are implying that in Outlook previewing a message is equivalent to actually opening it. Is this definitely the case? (We don't have many Outlook email users, so I don't work with Outlook email much.) I'm also wondering why you didn't mention the preview pane in other programs, such as Outlook Express. Eudora's preview pane (as well as its regular viewer) is safe from this threat, as long as you disallow executables in HTML content. > > > --Chris > ============================================== > Chris Wolf Computer Service Manager > Agricultural Economics [log in to unmask] > Michigan State University 517 353-5017 >