News

Microsoft Releases "Love Bug" Fix

Microsoft Corp. released a patch that addresses the recent rash of "Love Bug" and copycat worms that made their way around the Internet. However, the fix may end up affecting users more than the bugs did.

The Outlook 98 and Outlook 2000 E-mail Security Updates are software updates that limit functionality in Microsoft (www.microsoft.com) Outlook, as well as in other applications in Microsoft Office as well as third-party ISV products.

The Outlook updates are a three-pronged attack on viruses. E-mail attachment security prevents users from accessing several file types when sent as e-mail attachments. Object model guard prompts users with a dialog box whenever an external program attempts to access their Outlook address book or send e-mail. Heightened Outlook default security settings increase the default Internet security zone setting within Outlook from "Internet" to "restricted sites."

With the update installed, Outlook will check the file type of each attachment received in a user's in box and compare it against two lists of file types, Level 1 security and Level 2 security file types. Access to Level 1 security file types - .EXE, .COM, .BAS, .VBS, .JS, URLs, .ISN, .LNK, and .PIF files - is restricted, because these are either scripted code or links to viruses. Level 2 security files are only .ZIP files, which are not restricted, but Outlook will require the user to save these files to the hard drive.

If an e-mail message is received in Outlook with a Level 1 attachment, the Inbox will display the paperclip icon in the attachment column to let the user know that the message originally contained an attachment. When the message is opened, the attachment will not be available and Outlook will notify the user that it removed access to the attachment. If a message is received with a Level 2 attachment, a warning box is displayed instructing the user to save the attached file to the hard drive before opening.

Microsoft has reported several cases of functionality failure surrounding the Outlook updates. The most significant of these involves the updates' installation procedures. There is no remove or uninstall utility for the update. In order to remove it, Office must be removed and reinstalled. Additionally, in some cases the update fails to install. Net Folders do not always work with the update, and Palm and Windows CE devices have synchronization issues involving address book and Inbox synchronization. With the updates installed, Mail Merge fails from within Word, but works from within Outlook. When sending PowerPoint presentations through e-mail, a warning is displayed, as all presentations mailed as attachments contain a .JS script file.

In addition to functionality issues within Outlook and Office, the updates cause functionality problems with some third-party software. ISVs whose software is affected by the updates include Accountmate Software Corp. (www.accountmate.com), Chapura Inc. (www.chapura.com), FileNET Corp. (www.filenet.com), Great Plains Software Inc. (www.greatplains.com), Instinctive Technology Inc. (www.instinctive.com), Micro Eye Inc. (www.microeye.com), Motiva (www.motiva.com), Novell Inc. (www.novell.com), Palm Inc. (www.palm.com), Paragon Software Ltd. (www.paragonsoftware.com), PUMATECH Inc. (www.pumatech.com), Research In Motion Ltd. (www.blackberry.net), and Slipstick Systems (www.slipstick.com). - Isaac Slepner

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

  • First Stable Chromium-Based Microsoft Edge Browser Released

    Microsoft on Wednesday announced the first release of its Chromium-based Microsoft Edge browser at the "stable" commercial-release stage.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.