Microsoft Admits Shortcomings in Outlook

In a rare mea culpa, Microsoft admitted during May that vulnerabilities in its Outlook e-mail program helped propagate the damaging "I LOVE YOU" worm. This prompted the software giant to release a free security upgrade to protect users from opening and further spreading viruses.

In the past, Microsoft has proved reluctant to install any antivirus measures at all into Outlook, despite fallout for serving as a launching pad for other e-mail attacks, such as 1999's Melissa virus. The company had concerns that much of the software's appeal and functionality would be lost on users because of the integration of security features, said a product manager from the Microsoft Office team.

The fix Microsoft is now offering restricts users from running any type of executable code attachments in e-mail; ZIP files must be saved to disk to be viewed. The company also will release a patch that will issue an alert if an e-mail attachment attempts to access Outlook or tries to send itself to parties listed in the address book.

The Outlook e-mail attachment filtering update takes no prisoners: Besides Visual Basic Script, Windows Script, and JavaScript files, it also stops Windows Help files, batch files, PowerPoint files, Photo CD images, and Internet shortcuts, Microsoft officials said.

Join the newsletter!

Error: Please check your email address.

More about Microsoft

Show Comments

Market Place

[]