| By Susan Bradley |
For anyone using a Microsoft e-mail client, checking e-mail while at the coffee bar could be hazardous to your PC.
The familiar remote-code execution threat behind so many of the recent hacker attacks now targets users of Outlook Express, Windows Mail, and Windows Live Mail.
Mail clients need protection from hot spots
Outlook Express, Windows Mail, and Windows Live Mail all share a common bond — they’re Windows XP’s built-in e-mail client, or they’re Microsoft’s recommended free download for Windows 7. Unfortunately, all three also share a weakness: hackers could use malicious code on a bogus e-mail server to take control of your PC.
You are at greatest risk when checking your e-mail via public hotspots — typically, when you’re not using secure settings while connected to your Internet service provider’s e-mail server. Fortunately, most ISPs will let you link to their servers only if Secure Socket Layer (SSL) is on. This ensures that your password is not transmitted in clear text.
Microsoft security bulletin MS10-030 describes this patch as critical for (among others) XP users running Outlook Express. The patch is rated important for anyone with Windows Live Mail and most current versions of Windows. Check the bulletin for your specific combination of Windows and MS e-mail client.
Microsoft might offer you the patch even if you don’t have Live Mail or Windows Mail installed. I was surprised to find it on the updates list for a Windows Server 2008 R2, which does not have an e-mail client. This appears to be a case of future-proofing. The server OS still has a key file that would make the system vulnerable if the mail client were added later.