Re: Outlook Security Settings removed

From: Anthony Papaleo (papaleo_at_ameritech.net)
Date: 05/02/03

  • Next message: Jonathan Grotegut: "RE: Outlook Security Settings removed"
    To: "Williamson, Scott" <scott.williamson@htcinc.net>, "Focus-MS" <focus-ms@securityfocus.com>
    Date: Thu, 1 May 2003 19:28:21 -0500
    
    

    We have encountered not a patch but a Microsoft utility that can,
    incrementally, remove one or all of the security settings in Outlook. It is
    called the Outlook Security Administrative Package, contained in a file "
    admpack.e_x_e_ "
    on the Office XP resource kit CD or Enterprise editions of MS Office.
    We too have a legacy program that sends internal e-mails for notification
    puposes. Starting with SP1 of Outlook 2000 and up to the present Outlook
    2003, these e-mails cause Outlook to throw up warnings (at least 2 per
    e-mail) that must be "OK'd" before the e-mail could be openned.
    BUT: Beware the serious implications of shutting down security functions,
    filters. Microsoft put those things in there for very obvious and painful
    reasons.

    Tony P.
    lurker and now responder

    ----- Original Message -----
    From: "Williamson, Scott" <scott.williamson@htcinc.net>
    To: "Focus-MS" <focus-ms@securityfocus.com>
    Sent: Wednesday, April 30, 2003 8:42 AM
    Subject: Outlook Security Settings removed

    > I was wondering if anyone heard of a patch that removed the registry
    > settings for bypassing the "Outlook Security Settings". We had some
    systems
    > setup that need to be able to send email from a third party program
    through
    > outlook. When the "Outlook Security" add-on was installed we setup a
    public
    > folder on Exchange 5.5 and configured it for these users. We then added
    the
    > necessary registry entries on these users machines. Now we find these
    > machines are now prompting for approval each time the program sends emails
    > and the registry setting is gone.
    >
    > Thanks,
    >
    > Scott Williamson
    > Systems Administrator
    >
    > --------------------------------------------------------------------------

    ---
    > FastTrain has your solution for a great CISSP Boot Camp. The industry`s
    most
    > recognized corporate security certification track, provides a
    comprehensive
    > prospectus based upon the core principle concepts of security. This ALL
    INCLUSIVE curriculum utilizes lectures, case studies and true hands-on
    utilization
    > of pertinent security tools. For a limited time you can enter for a chance
    > to win one of the latest technological innovations, the SEGWAY HT.
    > Log onto http://www.securityfocus.com/FastTrain-focus-ms
    > --------------------------------------------------------------------------
    ----
    -----------------------------------------------------------------------------
    FastTrain has your solution for a great CISSP Boot Camp. The industry`s most 
    recognized corporate security certification track, provides a comprehensive 
    prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization 
    of pertinent security tools. For a limited time you can enter for a chance 
    to win one of the latest technological innovations, the SEGWAY HT. 
    Log onto http://www.securityfocus.com/FastTrain-focus-ms
    ------------------------------------------------------------------------------
    

  • Next message: Jonathan Grotegut: "RE: Outlook Security Settings removed"

    Relevant Pages

    • Re: Spamnet add-in to Outlook
      ... If you're modifying the security settings item (you should never be ... Outlook may not save the change to the member list. ... I agree that setting up the Outlook Security Template and not ...
      (microsoft.public.outlook.program_addins)
    • Re: Spamnet add-in to Outlook
      ... Sue Mosher, Outlook MVP ... > I just went to create a new security item (added members in an Exception ... >> If you're modifying the security settings item (you should never be ...
      (microsoft.public.outlook.program_addins)
    • [NT] MHTML vulnerability in Outlook Express
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A vulnerability in Outlook Express allows an attacker to run code of the ... If an attacker were to host a malicious website that contained an MHTML ...
      (Securiteam)
    • Bypassing SMTP Content Protection with a Flick of a Button
      ... How about using Outlook Express as ... more than an Outlook Express client and employs a rarely-used feature ... This RFC documented feature called "Message Fragmentation and ... comprehensive security policy to restrict potentially harmful content ...
      (Bugtraq)
    • [VulnWatch] Bypassing SMTP Content Protection with a Flick of a Button
      ... How about using Outlook Express as ... more than an Outlook Express client and employs a rarely-used feature ... This RFC documented feature called "Message Fragmentation and ... comprehensive security policy to restrict potentially harmful content ...
      (VulnWatch)