OL98: Update Available for Outlook 98 Security Issue

Microsoft has made an updated patch available for Microsoft Outlook 98 that protects customers against a potential vulnerability involving file attachments with extremely long names as well a variant found during continued testing.

The original vulnerability was caused by improper handling of file attachments with very long file names in Outlook 98. As part of our on- going security review, we discovered a variant of this vulnerability, which this updated patch addresses. Microsoft strongly recommends that all users download the updated patch to be protected against these vulnerabilities.

This issue can cause a crash or other unexpected behavior when downloading a message with a file attachment that has an extremely long file name. This could conceivably happen when you use Outlook 98 in any installation configuration:

In Internet Mail Only (IMO), you will receive an error similar to the following: In Corporate Workgroup, you will receive an error similar to the following: It is difficult but conceptually possible for an individual to cause malicious code to be run on your computer as a result of this problem. There have not been any reports of customers being affected by this problem.

The Outlook Security Patch may be downloaded from the following Microsoft Web site: After the Outptch2.exe has been installed, the version number for Outlook will show 8.5.5603 in About Microsoft Outlook under the Help menu. This patch applies to English (U.S.) installations of Outlook. Localized versions of the patch will be released shortly.