Security Patch for Georgi’s Exploit (Outlook 2000)

Topic

New Reply

I have installed the security patch provided by Microsoft at http://office.microsoft.com/downloads/2000/outlctlx.aspx as discussed in the last “Woody’s Office Watch”, however the patch does not appear to fix the vulnerability. Thanks very much to Georgi for discovering this problem, and for this group for bringing it to my attention. In our organization, we have installed the patch on a number of machines, and under a number of login accounts, the vulnerability persists on all the machines. According to Microsoft at http://support.microsoft.com/directory/art…B;EN-US;Q303833 (Tech Bulletin Q303833), once the patch is installed, Outlook’s version number should change to 9.0.0.4527, our machines remain at 9.0.0.3821. If anyone has any ideas on how to plug this hole (from inside Outlook), feedback would be greatly appreciated.
thanks,
Mike Stevens

Reply | Quote

Replies

i’m seeing the same on a mix of machines – both ol2000 and ol2002. at this point, i’m still working on getting an answer and/or a fix.

Reply | Quote

I’ve run the patch on a number of mostly Outlook 2000 machines (and one XP unit) and my version has updated to 4527. I don’t get the popup messages “Much more fun is possible”, but my Inbox still appears on the web page. I’m on an MS Exchange server system – could that be the cause (the server has to be patched somehow)?

Just wonderin’ if anyone’s seen this “patch” actually work. (I assume web sites AREN’T supposed to be able to display my mail!)
Eric Sanders

Reply | Quote

the view control is for viewing your folders in a digital dashboard. the ability to script the control was not intened to be part of the package.

Reply | Quote