COMMAND

    Outlook Express

SYSTEMS AFFECTED

    MacOS with OU5

PROBLEM

    Following was  found on  ZDNet.   Microsoft Corp.  has revealed  a
    security issue with  the Mac version  of Outlook Express  5.0 that
    may  leave  users  of  the  free  Internet  e-mail  client open to
    invasions by potentially destructive Trojan horses.  According  to
    an e-mail sent out Friday evening by Waggener Edstrom, Microsoft's
    PR firm,  "Microsoft is  taking this  issue very  seriously and is
    working  diligently  to  provide  a  solution  to  this issue that
    will  enable  our  customers  to  continue  having a safe and easy
    computing experience.

    A  security  gap  in  Open  Express  5.0  "makes it possible for a
    malicious sender to send [a multilingual HTML] message to an OE  5
    user that will automatically download a file to the user's default
    Download folder witho ut the OE 5 user's knowledge. (The  location
    of the default Download folder is set in IE or Internet Config.)

    "The downloaded  file can  be anything,  including an  executable.
    This scenario is similar  to malicious users sending  out messages
    containing harmful attachments in that the user has to  explicitly
    take action (opening the attachment, or in this case, opening  the
    downloaded file) in order  for any damage to  occur - the file  is
    NOT automatically opened or executed on the user's machine.

    "Since the user  is not aware  that the file  has been downloaded,
    the user may  encounter the file  later and open/launch  it. Since
    the file  can be  an executable,  launching it  could cause damage
    to the user's machine.   Users should NEVER open  any file in  the
    Downloads Folder unless they know where the file came from.

SOLUTION

    In the meantime,  OE 5 users  should ensure they  do NOT open  any
    file  in  their  Downloads  Folder  without knowing where the file
    came from.