Patch Available for "Cache Bypass" Vulnerability
Originally Posted: July 20, 2000
Summary
=======
Microsoft has released a patch that eliminates a security
vulnerability in Microsoft(r) Outlook(r) and Outlook Express. The
vulnerability could allow a malicious user to send an HTML mail that,
when opened, could read, but not add, change or delete, files on the
recipientĀ“s computer. If coupled with other vulnerabilities, it could
potentially be used in more advanced attacks as well.
The patch eliminates this vulnerability as well as those discussed in
Microsoft Security Bulletins MS00-043 and MS00-045. Customers who
already have taken the corrective action discussed in either of these
bulletins do not need to take any additional action.
Frequently asked questions regarding this vulnerability and
the patch can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-046.asp
Affected Software Versions
==========================
- Microsoft Outlook Express 4.0
- Microsoft Outlook Express 4.01
- Microsoft Outlook Express 5.0
- Microsoft Outlook Express 5.01
- Microsoft Outlook 97
- Microsoft Outlook 98
- Microsoft Outlook 2000
Patch Availability
==================
This vulnerability can be eliminated by taking any of the following
actions:
- Installing the patch available at
http://www.microsoft.com/windows/ie/download/critical/patch9.htm
- Performing a default installation of Internet Explorer 5.01
Service Pack 1,
http://www.microsoft.com/Windows/ie/download/ie501sp1.htm
Originally Posted: July 20, 2000
Summary
=======
Microsoft has released a patch that eliminates a security
vulnerability in Microsoft(r) Outlook(r) and Outlook Express. The
vulnerability could allow a malicious user to send an HTML mail that,
when opened, could read, but not add, change or delete, files on the
recipientĀ“s computer. If coupled with other vulnerabilities, it could
potentially be used in more advanced attacks as well.
The patch eliminates this vulnerability as well as those discussed in
Microsoft Security Bulletins MS00-043 and MS00-045. Customers who
already have taken the corrective action discussed in either of these
bulletins do not need to take any additional action.
Frequently asked questions regarding this vulnerability and
the patch can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-046.asp
Affected Software Versions
==========================
- Microsoft Outlook Express 4.0
- Microsoft Outlook Express 4.01
- Microsoft Outlook Express 5.0
- Microsoft Outlook Express 5.01
- Microsoft Outlook 97
- Microsoft Outlook 98
- Microsoft Outlook 2000
Patch Availability
==================
This vulnerability can be eliminated by taking any of the following
actions:
- Installing the patch available at
http://www.microsoft.com/windows/ie/download/critical/patch9.htm
- Performing a default installation of Internet Explorer 5.01
Service Pack 1,
http://www.microsoft.com/Windows/ie/download/ie501sp1.htm