1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Flaw in how Outlook 2002 handles V1 Exchange Server: Jan 22

Discussion in 'Business Applications' started by eddie5659, Jan 23, 2003.

Thread Status:
Not open for further replies.
  1. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    36,380
    Hiya

    Issue:
    ======
    Microsoft Outlook 2002 provides the facility to encrypt e-mails
    sent between e-mail recipients. Encryption is used to prevent
    parties other than the intended recipients from reading the
    contents of an e-mail. Outlook uses public key certificates to
    facilitate the exchange of the cryptographic keys that are used in
    the encryption process, and Outlook offers a number of different
    options as to what type of certificates can be used. S/MIME
    certificates are the most commonly used (and are not affected by
    the vulnerability that is the subject of this bulletin), but there
    are other certificate options including V1 Exchange Server Security
    certificates.

    A vulnerability exists because there is a flaw in the way Outlook
    2002 handles a V1 Exchange Server Security certificate when using
    it to encrypt e-mail. As a result of this flaw, Outlook fails to
    encrypt the mail correctly and the message will be sent in plain
    text. This could cause the information in the e-mail to be exposed
    when the user believed it to be protected through encryption.

    Mitigating Factors:
    ====================
    - -This vulnerability only affects encryption when a V1 Exchange
    Server Security certificate is used. S/MIME encryption, which is
    the most widely used form of e-mail encryption used by Outlook, is
    not affected.

    - -This vulnerability only affects Outlook 2002 and only when sending
    HTML e-mail.


    Maximum Severity Rating: Moderate

    Affected Software:

    Microsoft Outlook 2002

    Download locations for this patch

    Microsoft Outlook 2002:

    http://microsoft.com/downloads/deta...4B-E458-48F0-B0CB-7E73C0BB4884&displaylang=en

    (administrative update only)

    http://www.microsoft.com/office/ork/xp/journ/olk1006a.htm

    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-003.asp

    Regards

    eddie
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/114854

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice