R E L A T E D   C O N T E N T
Similar articles
IT hound results
News centre
More from IT Week

Free email newsletters




ADVERTISEMENT

Outlook flaw hinders secure remote access

A serious flaw in Outlook poses security problems for remote workers

Roger Howorth, IT Week 20 May 2004
ADVERTISEMENT

Microsoft is preparing a patch for its Outlook email software to enable it to work with passwords and encryption while sending mail. Firms testing email security options should contact Microsoft for the update if they find Outlook fails to authenticate against their mail system.

IT Week Labs tests have found incompatibilities in the way Outlook 2002 and Outlook 2003 handle Simple Authentication and Security Layer (SASL) password authentication, and Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption when using non-standard TCP port numbers. These three protocols are all IETF standards relating to email security. Firms supporting LAN-based users do not normally use such authentication, but companies supporting remote workers usually require username and password authentication to prevent their mail servers being used by third-parties to send spam.

Currently the problems are not documented on the Microsoft web site, so companies affected by the flaws might incorrectly assume Outlook works properly and that their servers are at fault.

A Microsoft source said, "The issue you're experiencing looks very similar to something we're already working on a hotfix for, which we're hoping to be able to release very soon."

Microsoft gave us a modified Outlook file (outlph.dll) that removed the flaw from Outlook 2003. However, it said the DLL is still under development and would not be ready in time to be included in Service Pack 1 for Office 2003, due later this year. Microsoft said the patch would probably be released shortly after the service pack.

The Microsoft source said, "In the meantime, I have a version of the updated file I've attached for testing. This file should not be used or rolled out in a production environment. I'm providing it purely so that we can assess whether the hot-fix (when it's released) will resolve the problem you're experiencing, or whether it's a different issue that requires further troubleshooting."

See also:

Security dominates XP Service Pack 2
Eighty per cent of changes focused on security as Microsoft prepares for operating system upgrade  13 May 2004
Neil Barrett
Security comes from the top
Companies will struggle to maintain effective IT security if senior managers are not seen to take the topic seriously  11 May 2004

All Bugs & Fixes

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
R E A D E R   C O M M E N T S
Post your comment Post your comment   What is this?

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Java/J2SE Developer, Greenfield, Banking, Java 6, Spring 2
| Aston Carter
Skills Summary: Core Java/J2SE (Multi-threading), Java 6, Spring 2, UNIX, Linux, Shell-scripting, Python, Perl, Sybase. A position for a solid Core Java/J2SE Developer at a leading Investment Bank that has done exceptionally with profits in ... more >
German Speaking Technical Support - Poole, Bournemouth
| Evolution Recruitment Solutions
German Speaking Technical Support Translators, Poole, Bournemouth are required for my telephony services client. You will need to be IT literate and able to respond to technical queries in German fluently (native speaking ideally). Role ... more >
French Speaking Technical Customer Support officers - Poole, Dorset
| Evolution Recruitment Solutions
French Speaking Technical Customer Support officers - Poole, Dorset required for my telephony services client. You will need to be IT literate and able to respond to technical queries in French fluently (native speaking ideally). ... more >
Danish Speaking Technical Customer Support officers - Poole, Dorset
| Evolution Recruitment Solutions
Danish Speaking Technical Customer Support officers - Poole, Dorset required for my telephony services client. You will need to be IT literate and able to respond to technical queries in Danish fluently (native speaking ideally). ... more >
More job opportunities

Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Advertise
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP and Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Software engineer jobs
Inquirer Jobs Firmware developer jobs, Electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . V3.co.uk
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2009
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in England and Wales with company registration number 04038503