And Internet Explorer is designed to try to execute almost any executable and script it encounters in an effort to make browsing an "easy" experience, which has also enabled it to be the vector of most viruses and other malware.Īny security fixed acknowledged by Microsoft is handled according to Microsoft's internal security policy, and when necessary, patches are distributed via Microsoft Update. So even if users completely avoid use of Internet Explorer and use only other browsers, they are exposed to all its security holes when using Outlook Express.
Outlook Express uses Internet Explorer to render email. Even when the preview pane is turned off, Outlook Express automatically "internally" opens the first message in the inbox ( see). In fact, turning off the preview pane only seemingly circumvents this vulnerability.
OUTLOOK EXPRESS CODE
Opening or previewing an e-mail can cause code to run without the user's knowledge or consent.
OUTLOOK EXPRESS WINDOWS
This bug was later fixed so that only the last '.' represented the end of the filename and the beginning of the file extension-the correct behavior for the Windows filesystem. Another aggravating factor was a bug in Outlook Express's attachment handling that allowed an executable to appear to be a harmless attachment such as a graphics file. A script could automatically open as an attachment. Another flaw was the fact that the "Restricted" security zone wasn't restrictive enough. Rather than the zones being controlled by the user, AOL had shown that remote sites could alter them.īut that was a relatively benign breach due to Microsoft's implementation of the plan. AOL's action required an Internet Explorer hack that should not have been possible if Microsoft's zones had worked as intended. AOL was worried that the warning might scare away potential customers.
OUTLOOK EXPRESS SOFTWARE
AOL used it to add to ensure that users who wanted to download their online service client software didn't have to grant them permission via an ActiveX dialog box. The trusted zone was clearly designed for administrators who wanted to allow updating without any confusion. Trusted sites could do things without asking user's permission. The zones were Intranet, Internet, Trusted, and Restricted. Outlook Express and Internet Explorer both featured security zones-a feature not found in competing products Template:Fact. In the "Welcome e-mail" for both Outlook and Outlook Express, Microsoft acknowledged that with new HTML e-mail, security was a risk, and described their plan for foiling the security risk.
That's because Outlook allowed web pages and executable script as email. Outlook was one of the first e-mail clients to allow a virus in e-mail body (which is not in an attachment), disseminating e-mail viruses by only opening it. However, Microsoft has released a procedure for Windows XP which may be able to correct problems and restore access to e-mail messages without resorting to third party solutions using their Outlook Express Basic Repair Kit. A cursory Web search on the term Outlook Express will reveal dozens of such rescue programs. This has led to a thriving market for programs which can backup, restore, and recover corrupted OE files. Outlook Express has been vulnerable to a number of problems which could corrupt its files. However, Microsoft did not provide it with a way to back up the address book - something that would later create a great deal of frustration among users. Internet Mail and News handled plain text e-mail (not HTML mail), and had none of the security holes Outlook is known for. Windows 95 included Internet Mail and News, a simple precursor to Outlook Express. The similar names lead many people to incorrectly conclude that Outlook Express is a stripped down version of Outlook. The two programs do not share common code, but do share a common architectural philosophy. Outlook Express is a different program from the Microsoft Office Outlook e-mail client which ships with Microsoft Office for Windows. 2.2 Handling of PGP/MIME signed messages.