Online privacy and security guru Richard Smith, who operates the Computer Bytes Man site, has
issued a warning about potential security problems in Microsoft Outlook 2002.
One of the most serious involves Windows Media Player (WMP).
In an e-mail to SecurityFocus Corp.’s Bugtraq
database administrators, Smith said that WMP “reintroduces the ability to
Bugtraq is an interactive list of vulnerabilities developed to help the
security community identify and fix them.
Smith is the author of a recent detailed report on what he called
“serious privacy problems” with Windows Media Player for Windows XP that
lets Microsoft track what DVD movies consumers are watching. Microsoft has
The other Outlook 2002 problems, according to Smith, are that in an HTML
that scripting is turned off by default in Outlook. The trick is to embed the
A third problem is that cookies can be set and read in HTML e-mail messages
in spite of the fact that the default security settings in Outlook 2002 claim
that cookies are turned off. This is a privacy leak problem and not a
security hole, he said. The fourth problem involves gratuitous warnings about
links sent in e-mail messages.
is making security in its products
a top priority — in January, Chairman Bill Gates emphasized that to
employees in a memo. Last month the company
turned to an outside security expert to help implement that goal.
2002, because it can facilitate the creation of worms and other malicious
code which (can be) carried by HTML e-mail messages. Using a number of simple
tricks, “WMP can be used to bypass the Outlook security settings and still
“This problem is more of an example of poor security policies in Outlook and
WMP and is not really a security hole in the classic sense,” he wrote, adding
that Outlook Express and earlier versions of Outlook likely have the same
security problem even with all security
protections set to the maximum. There was no immediate response from