[dba-Tech] Outlook question

Stuart McLachlan stuart at lexacorp.com.pg
Fri Dec 11 16:16:36 CST 2009


I'm talking about the attack which someone develops next week when they find yet another 
security hole in IE. Until the exploit has infected a lot of people just like you, there won't be a 
patch for it.  Patches don't prevent new attacks, they just prevent old ones.

As long as your email program uses a full blown web browser engine just to render the text 
in an email, you are exposed to every new IE (or Firefox if you use Thunderbird for your 
email program) exploit that comes along until they release a patch for it.  

Having the preview pane automatically render the HTML in an email is effectively the same 
as clicking on a link and visiting a malicious website.   

-- 
Stuart

On 11 Dec 2009 at 16:53, Susan Harkins wrote:

> =======Well, I'm not the expert, but I'm not sure I agree -- if the hole has 
> been patched, what "next attack" are you talking about? Wouldn't any new 
> attacks need a new, as yet, unpatched vulnerability?
> 
> Susan H. 
> 
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com





More information about the dba-Tech mailing list