Microsoft Puts Out 2 Security Bulletins -- Redmond Channel Partner

Microsoft Puts Out 2 Security Bulletins

By Scott Bekker
December 10, 2002

Microsoft issued new security bulletins warning users of moderate threats due to vulnerabilities in Internet Explorer and Microsoft Outlook 2002.

The Internet Explorer vulnerability affects versions 5.5 and 6.0 but not 5.01. It is addressed in a cumulative patch for Internet Explorer that can be found at http://www.microsoft.com/technet/security/bulletin/MS02-068.asp.

The new vulnerability involves a flaw in IE's cross-domain security model that arises from IE's incomplete security checks when certain object caching techniques are used on Web pages. The flaw could result in information disclosure.

The flaw in Microsoft's flagship e-mail client exists in the way Outlook 2002 processes e-mail header information. To execute this denial of service attack, an attacker would need to send a specially malformed e-mail to the Outlook 2002 user. The message would cause Outlook 2002 to fail and the e-mail client application would continue to fail until the message is removed from the server. The message removal could be done at the server level by an administrator or by the client using another e-mail client, such as Outlook Web Access or Outlook Express.

The patch for the Outlook 2002 vulnerability can be found at http://www.microsoft.com/technet/security/bulletin/MS02-067.asp.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Printable Format

Partner Resources

Hot Topics

More Resources

Microsoft Puts Out 2 Security Bulletins

The 2018 Microsoft Product Roadmap

Microsoft Raises Bar for Direct CSPs

Microsoft Warns Orgs Away from Windows 10's 'Long-Term Servicing' Branch

2018 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Acquires AI Startup Founded by Former Employees

Free Partner Guide PDFs from RCP's editors

FREE WHITE PAPERS FROM OUR SPONSORS

Sponsored Links