General 8066 Published by

Patch Available for "Persistent Mail-Browser Link" Vulnerability

Originally Posted: July 20, 2000

Summary
=======
Microsoft has released a patch that eliminates a security
vulnerability affecting Microsoft(r) Outlook Express. The
vulnerability could allow a malicious user to send an email that
would "read over the shoulder" of the recipient as he previews
subsequent emails in Outlook Express.

A patch is available that eliminates this vulnerability as well as
those discussed in Microsoft Security Bulletins MS00-043 and
MS00-046. Customers who already have taken the corrective action
discussed in either of these bulletins do not need to take any
additional action.

Frequently asked questions regarding this vulnerability and the
patch can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-045.asp

Affected Software Versions
==========================
- Microsoft Outlook Express 4.0
- Microsoft Outlook Express 4.01
- Microsoft Outlook Express 5.0
- Microsoft Outlook Express 5.01

Patch Availability
==================
This vulnerability can be eliminated by taking any of the following
actions:
- Installing the patch available at
http://www.microsoft.com/windows/ie/download/critical/patch9.htm
- Performing a default installation of Internet Explorer 5.01
Service Pack 1,
http://www.microsoft.com/Windows/ie/download/ie501sp1.htm