Microsoft Outlook Default Install

1998-01-01T00:00:00
ID OSVDB:3112
Type osvdb
Reporter OSVDB
Modified 1998-01-01T00:00:00

Description

Vulnerability Description

Microsoft Outlook and Outlook Express provide e-mail functionality (and more) designed to be integrated into the Windows platform, allowing easy to use features shared by many applications. By default, Outlook is configured for convenience which means many features are set to automatically activate upon certain actions. This allows remote attackers or automated worms send hostile content that will be executed automatically, further infecting the system and network.

Solution Description

Users and administrators can help keep systems secure by following these tips: - Keep Outlook updated at all times. Apply all critical patches as they are released. - Disable the Message Preview Pane as this can automatically execute content w/o user interaction. - Adjust the Outlook security settings to "high" where possible. - Make users aware that attachments are a significant thread and execution of untrusted content can cause serious security problems. - Install Anti-Virus software. Filter known bad content such as trojans and backdoor executables.

Short Description

Microsoft Outlook and Outlook Express provide e-mail functionality (and more) designed to be integrated into the Windows platform, allowing easy to use features shared by many applications. By default, Outlook is configured for convenience which means many features are set to automatically activate upon certain actions. This allows remote attackers or automated worms send hostile content that will be executed automatically, further infecting the system and network.

References:

Vendor Specific Solution URL: http://windowsupdate.microsoft.com Keyword: SANS Top 20 2003 Windows Issue #08 Generic Informational URL: http://www.microsoft.com/windows/oe/ Generic Informational URL: http://www.sans.org/top20/#w8 Generic Informational URL: http://www.microsoft.com/office/outlook/