Microsoft Issues Patch For Outlook In Wake Of Love Bug
Microsoft Corp. said today it will issue a patch for its popular Outlook e-mail software that the company hopes will limit the spread of viruses like "I Love You" and "Melissa" over the Internet.
The recent Love Bug virus that shut down many corporate and government e-mail systems around the world was partly spread by automated features in e-mail software, especially in Outlook.
A number of IT specialists and security experts have been critical of Microsoft's technology in the wake of the recent virus attacks.
The Love Bug was able to spread much faster through default "features" in Outlook. One was the ability for the software to automatically open e-mail attachments, while the second was the ability for an opened downloaded executable file to open Outlook's address book and send e-mail automatically.
In the case of the Love Bug, this allowed the virus to spread quickly to long lists of addresses via e-mail without an Outlook user being immediately aware the virus had been received or passed on.
Users of e-mail software that does not automatically open attachments had more of a chance of spotting the virus and deleting the message before the attachment executed, while users of e-mail software that does not have Outlook's address book access and automated sending features did not unwittingly spread the virus to others over the Internet.
These default "features" in Outlook are now thought to comprise such a security risk that they outweigh their initial usefulness. Microsoft has acknowledged this in issuing patches for Outlook that close several holes.
"Given the global impact of the I Love You virus and the growing threat of malicious hackers, we strongly believe we must take the unprecedented step of limiting certain popular functionality in Outlook to provide a significant, additional security option for our customers," said Steven Sinofsky, senior vice president of Microsoft Office at Microsoft today.
Microsoft says the new Outlook E-mail Security Update will:
- prevent Outlook users from accessing several file types when sent as e-mail attachments, including executables and batch files;
- prompt Outlook users with a dialog box when an external program attempts to access their Outlook address book or send e-mail on their behalf;
- make default a security setting that disables most automatic scripting and ActiveX controls from opening without the user's permission.
Microsoft admits that the update will not protect against all viruses spread over e-mail, but it does claim it will prevent Outlook spreading viruses in the same class as "I Love You" and "Melissa."
The Outlook E-mail Security Update will be available to download free of charge from the Office Update Web site, at http://officeupdate.microsoft.com , from the week of May 22, 2000.
Reported By Newsbytes.com, http://www.newsbytes.com