Two new updates for Microsoft Outlook and one of them is a pretty important security patch.

The security patch fixes another “remote code execution” hole that allows a special form of file attachment to run itself from inside Outlook. Rather than rehash the technical details I’ll comment that this is a bigger problem than normal because it applies to all versions of Outlook 2000, XP, and 2003 plus it also occurs on Exchange server 5, 5.5, and 2000 SP3. Microsoft calls it MS06-003 - the link contains download details for each version of the security patch.

Of less importance but higher visibility, the Outlook Junk E-Mail filter has been updated again. No major reduction in junk mail or change in Outlook’s behaviors from this update (from Dec. 13th, 2005 - so I am a bit late in installing), but they’re worth installing. Even though I can think of more important things for my staff to work on, it always seems to calm users down a bit to see that IT is getting the “latest junk mail filters” installed.

Microsoft Outlook PM’s: I know that out of office responses are handled server-side, so the Outlook Junk mail filter will never help to keep responses from being sent to junk mail too. We can’t turn off sending out of office resonses off-site either - out clients are the only ones who matter when we’re sending those. Is there any chance you could update the Outlook Junk E-Mail filter so that undeliverable out-of-office responses can be matched to the original incoming message - and sent to Junk E-Mail? (…and to whomever runs the MSDN Blogs - there’s no good heirarchy or directory. Your own search function returns poor (and dated) results. Of course, even Google’s Blogsearch returns results almost entirely on keyword content and not on who is a member of what team or by topic.)

Article tagged: Microsoft, Outlook, security, patch, TNEF, MIME, decoding, vulnerability, junk, email, e-mail, filter, update

Comment on this post below

You can leave a response, or trackback from your own site.