Re: outlook 2000 vs latest outlook express deployment

From: Frederick Garbrecht (fgarbrecht@ecogchair.org)
Date: 11/19/02

  • Next message: Eric: "Re: outlook 2000 vs latest outlook express deployment" 
    From: "Frederick Garbrecht" <fgarbrecht@ecogchair.org>
To: <focus-ms@securityfocus.com>, <auto472736@hushmail.com>
Date: Mon, 18 Nov 2002 20:45:38 -0500

    My condolences to you.....I'm not sure about differences in security issues
    between the two, but IMHO the most critical issues in securing Outlook /
    Outlook Express are 1) keep them very up to date on security hotfixes 2)
    familiarize yourself with MS security zones and use them to tightly restrict
    what the mail client can accept. For example, you probably will want to
    prohibit unsigned activeX controls and java applets. I restrict everything
    that can possibly execute, so no scripts are allowed, no executables, etc.
    I'm sure you can probably find some step-by-step commentary on setting up
    Outlook clients to maximize security, microsoft has an entire portion of
    their site devoted to security issues, so you should check that out. Oh,
    and don't forget to educate your users about double-clicking on attachments
    that they don't expect........

    Fred

    ----- Original Message -----
    From: <auto472736@hushmail.com>
    To: <focus-ms@securityfocus.com>
    Sent: Monday, November 18, 2002 12:01 AM
    Subject: outlook 2000 vs latest outlook express deployment

    >
    > All,
    >
    > Our school have been using eudora for many years. Due to political
    reasons, we now have to migrate to outlook. We have licensed copies of
    Outlook 2000 which provides the tasks, calendar, etc. functions
    > and the latest free version of Outlook Express. In terms of security,
    which version is more secure? We do not have a budget for Outlook 2002
    However, we have enough paid Outlook 2000 licenses to more than accomadate
    everyone at this point. I am just concerned with the security issues. We
    already have an antivirus solution at the mail gateway and also NAV on the
    user desktops.
    >
    > Thanks.
    >
    >
    >
    >
    >
    > Get your free encrypted email at https://www.hushmail.com
    >

    Relevant Pages

    • [NT] MHTML vulnerability in Outlook Express
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A vulnerability in Outlook Express allows an attacker to run code of the ... If an attacker were to host a malicious website that contained an MHTML ...
      (Securiteam)
    • Bypassing SMTP Content Protection with a Flick of a Button
      ... How about using Outlook Express as ... more than an Outlook Express client and employs a rarely-used feature ... This RFC documented feature called "Message Fragmentation and ... comprehensive security policy to restrict potentially harmful content ...
      (Bugtraq)
    • [VulnWatch] Bypassing SMTP Content Protection with a Flick of a Button
      ... How about using Outlook Express as ... more than an Outlook Express client and employs a rarely-used feature ... This RFC documented feature called "Message Fragmentation and ... comprehensive security policy to restrict potentially harmful content ...
      (VulnWatch)
    • Re: How do I receive an access database?
      ... To provide enhanced security, Microsoft Office Outlook 2003 is designed to ... If you need to share files that have file types blocked by this feature, ... There is no control over those files (no settings within ...
      (microsoft.public.access.gettingstarted)
    • Re: Unsafe Attachments
      ... Teach Yourself Outlook 2003 in 24 Hours ... > Outlook 2002 includes a new security feature that blocks> attachments considered unsafe. ... > Request that the sender use a file compression utility> that changes the file extension. ...
      (microsoft.public.outlook.installation)