better get it patched. This patch is NOT available via WindowsUpdate.
********************************************************************
US-CERT Technical Cyber Security Alert TA04-070A
-- Microsoft Outlook mailto URL Handling Vulnerability
********************************************************************
Apply a patch
Apply the appropriate patch as specified by Microsoft Security
Bulletin MS04-009.
http://www.microsoft.com/technet/security/...n/ms04-009.mspx
Workarounds
Microsoft recommends the following workarounds for users who are
unable to apply the patches:
* Do not use the "Outlook Today" folder home page in Outlook 2002
You can help protect against this vulnerability by turning off the
"Outlook today" folder home page in Outlook 2002.
1. In the "Folder List" window of Outlook, right-click on
"Outlook Today" or "Mailbox - [User Name]"
2. Select Properties for "Outlook Today" or "Mailbox - [User
Name]"
3. Select "Home Page" tab
4. Uncheck "Show home page by default for this folder"
5. Repeat for all other "Folder List" items labeled "Outlook
Today" or "Mailbox - [User Name]"
Impact of Workaround: The "Outlook Today" folder home page would
no longer be available.
* If you are using Outlook 2002 or Outlook Express 6.0 SP1 or later,
read email messages in plain text format to help protect yourself
from the HTML email attack vector
Microsoft Outlook 2002 users who have applied Service Pack 1 or
later and Outlook Express 6.0 users who have applied Service Pack
1 or later can enable a feature that will enable them to view all
non-digitally-signed email messages or non-encrypted email
messages in plain text only. Digitally-signed email messages and
encrypted email messages are not affected by the setting and may
be read in their original formats.
Instructions for enabling these settings can be found at the
following locations:
+ Outlook 2002 - Microsoft Knowledge Base Article 307594
+ Outlook Express 6.0 - Microsoft Knowledge Base Article 291387
Impact of Workaround: Email that is viewed in plain text format
cannot contain pictures, specialized fonts, animations, or other
rich content. Additionally:
+ The changes are applied to the preview pane and to open
messages.
+ Pictures become attachments to avoid loss of message content.
+ The object model (custom code solutions) may behave
unexpectedly because the message is still in Rich Text Format
or in HTML format in the mail store.
********************************************************************
US-CERT Technical Cyber Security Alert TA04-070A
-- Microsoft Outlook mailto URL Handling Vulnerability
********************************************************************
Apply a patch
Apply the appropriate patch as specified by Microsoft Security
Bulletin MS04-009.
http://www.microsoft.com/technet/security/...n/ms04-009.mspx
Workarounds
Microsoft recommends the following workarounds for users who are
unable to apply the patches:
* Do not use the "Outlook Today" folder home page in Outlook 2002
You can help protect against this vulnerability by turning off the
"Outlook today" folder home page in Outlook 2002.
1. In the "Folder List" window of Outlook, right-click on
"Outlook Today" or "Mailbox - [User Name]"
2. Select Properties for "Outlook Today" or "Mailbox - [User
Name]"
3. Select "Home Page" tab
4. Uncheck "Show home page by default for this folder"
5. Repeat for all other "Folder List" items labeled "Outlook
Today" or "Mailbox - [User Name]"
Impact of Workaround: The "Outlook Today" folder home page would
no longer be available.
* If you are using Outlook 2002 or Outlook Express 6.0 SP1 or later,
read email messages in plain text format to help protect yourself
from the HTML email attack vector
Microsoft Outlook 2002 users who have applied Service Pack 1 or
later and Outlook Express 6.0 users who have applied Service Pack
1 or later can enable a feature that will enable them to view all
non-digitally-signed email messages or non-encrypted email
messages in plain text only. Digitally-signed email messages and
encrypted email messages are not affected by the setting and may
be read in their original formats.
Instructions for enabling these settings can be found at the
following locations:
+ Outlook 2002 - Microsoft Knowledge Base Article 307594
+ Outlook Express 6.0 - Microsoft Knowledge Base Article 291387
Impact of Workaround: Email that is viewed in plain text format
cannot contain pictures, specialized fonts, animations, or other
rich content. Additionally:
+ The changes are applied to the preview pane and to open
messages.
+ Pictures become attachments to avoid loss of message content.
+ The object model (custom code solutions) may behave
unexpectedly because the message is still in Rich Text Format
or in HTML format in the mail store.