Try going to Secunia and searching for vulnerabilities that are specific to
Outlook.   I don't think there will be that many, even over the last 5
years, and the ones you do find won't have anything to do with sending mail.

 

That problem is so last-century that Outlook 2007 allows VBScript to send
mail without user prompting as long as an antivirus program is active and
current.

 

Carl

 

 


From: Matt McComas [mailto:[EMAIL PROTECTED] 

Sent: Friday, April 18, 2008 9:33 AM

To: NT System Admin Issues

Subject: Office vulnerability question

 

Greetings:

We have a unique situation in our environment in which we run Office 2003
and 2007.  We run all Office apps, except Outlook due to management concerns
about security vulnerabilities within Outlook.  Instead we run the Groupwise
client, which in some ways makes sense since we are a Novell GW mail
environment.  However, my colleagues and I would be interested in building a
business case to prove that:

1. Most grievous Outlook vulnerabilities have been fixed (again, "most" --
we know that someone out there always seems to find new exploits.)

2. That any current Outlook vulnerabilities aren't any more numerous or
critical than vulnerabilities reported in the other Office products like
Word, Excel, PowerPoint, etc.

 

I've been looking for some data, or some kind of report out there on the web
that can break down the number of vulnerabilities in each Office product, so
that we could do some comparisons.

 

The idea is, that if we use all other Office apps, we see no reason as sys
admins why we should exclude OUTLOOK considering the work and effort that
has been done to address previous vulnerabilities.  We find it hard to
believe that current Outlook vulnerabilities are any more grievous than
vulnerabilities reported in other products within the suite (though
admittedly Outlook will always be a prime target since it is an email
client).

 

Thanks,

MM


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!    ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

<<image001.png>>

Reply via email to