Microsoft has issued a stand-alone patch that it says fixes a recently discovered hole in its Outlook and Outlook Express e-mail software that creates the potential for attackers to infect systems with malicious code.
The so-called buffer overrun vulnerability, which initially was discovered by an Argentinean security software company, opens the popular Internet e-mail software to attacks when messages are being downloaded from a server to Outlook or Outlook Express clients.
Recipients wouldn't have to open or even preview an infected message in order for their systems to be exploited, according to a statement issued last week by Microsoft.
The patch that eliminates the hole was released by Microsoft last week and can be from Microsoft's Web site.
Microsoft is also advising users to perform a default installation of Internet Explorer 5.01 Service Pack 1 or to upgrade to IE 5.5 on any system except Windows 2000.
Earlier last week, before the stand-alone patch became available, users had to do a full-version upgrade of either IE 5.5 or the IE 5.01 service pack to work around the security hole.
Microsoft says the vulnerability affects all users of Outlook Express, plus Outlook users who rely on the Post Office Protocol Version 3 and the Internet Mail Access Protocol Version 4 to access their Internet mail. To get the download click here: http://www.microsoft.com/windows/ie/download/critical/patch9.htm