News

Outlook Express Feature Could Let Viruses Slip Past Virus Scanners, Firewalls

A security firm discovered that users who enable a rarely used feature in Microsoft's Outlook Express client could allow viruses, trojans and worms to slip past the usual array of perimeter security defenses, including gateway virus scanners, SMTP-checking firewalls and content filters.

Outlook Express has a feature that allows users with slow connections to download large messages in pieces so they can begin reading the message without waiting for the entire file to download. Users can enable the feature with a few clicks in the Outlook Express Tools menu.

This feature "allows anyone to bypass most of the security restrictions imposed on e-mail messages, due to the fact that messages are spliced into smaller segments that will not be detected by virus scanners or other content testing mechanisms," according to a bulletin on the Web site of Beyond Security Ltd., the firm that reported the vulnerability.

The feature, called "message fragmentation and re-assembly," allows attackers to separate virus signatures so they are only reassembled at the client.

Several third-party vendors acknowledged that their products are vulnerable to the Outlook Express problem and have created patches, including Trend Micro and GFI.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.

  • Windows 365 Reserve, Microsoft's Cloud PC Rental Service, Hits Preview

    Microsoft has launched a limited public preview of its new "Windows 365 Reserve" service, which lets organizations rent cloud PC instances in the event their Windows devices are stolen, lost or damaged.

  • Hands-On AI Skills Now Outshine Certs in Salary Stakes

    For AI-related roles, employers are prioritizing verifiable, hands-on abilities over framed certificates -- and they're paying a premium for it.

  • Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

    Businesses risk losing up to $87 million a year if they fail to catch up with AI innovation, according to the Couchbase FY 2026 CIO AI Survey released this month.