Results 1 to 4 of 4
  1. #1
    m_stevens
    Guest

    Security Patch for Georgi's Exploit (Outlook 2000)

    I have installed the security patch provided by Microsoft at http://office.microsoft.com/download.../outlctlx.aspx as discussed in the last "Woody's Office Watch", however the patch does not appear to fix the vulnerability. Thanks very much to Georgi for discovering this problem, and for this group for bringing it to my attention. In our organization, we have installed the patch on a number of machines, and under a number of login accounts, the vulnerability persists on all the machines. According to Microsoft at http://support.microsoft.com/directory/art...B;EN-US;Q303833 (Tech Bulletin Q303833), once the patch is installed, Outlook's version number should change to 9.0.0.4527, our machines remain at 9.0.0.3821. If anyone has any ideas on how to plug this hole (from inside Outlook), feedback would be greatly appreciated.
    thanks,
    Mike Stevens

  2. #2
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Roanoke area, Virginia, USA
    Posts
    3,729
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security Patch for Georgi's Exploit (Outlook 2000)

    i'm seeing the same on a mix of machines - both ol2000 and ol2002. at this point, i'm still working on getting an answer and/or a fix.

  3. #3
    New Lounger
    Join Date
    Aug 2001
    Location
    Wisconsin, USA
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security Patch for Georgi's Exploit (Outlook 2000)

    I've run the patch on a number of mostly Outlook 2000 machines (and one XP unit) and my version has updated to 4527. I don't get the popup messages "Much more fun is possible", but my Inbox still appears on the web page. I'm on an MS Exchange server system - could that be the cause (the server has to be patched somehow)?

    Just wonderin' if anyone's seen this "patch" actually work. (I assume web sites AREN'T supposed to be able to display my mail!)
    Eric Sanders

  4. #4
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Roanoke area, Virginia, USA
    Posts
    3,729
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security Patch for Georgi's Exploit (Outlook 2000)

    the view control is for viewing your folders in a digital dashboard. the ability to script the control was not intened to be part of the package.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •