Microsoft has issued a software patch designed to fix a security glitch in the Macintosh version of its Outlook Express 5.0 email client.
The vulnerability could allow attachments to HTML mails to be automatically downloaded onto a user's computer, according to a bulletin issued yesterday by Microsoft's security notification service. Outlook Express isn't supposed to download mail attachments until a user requests it to do so.
The bug, which affects only the Macintosh version of the program, doesn't provide a way for a malicious user to launch attachments once they have been downloaded, according to Microsoft. However, "it poses a security risk because a user might later run a downloaded file without realising where it came from," the company said in the bulletin.
The patch also provides replacements for several digital certificates included in Internet Explorer for Macintosh that will expire on December 31, 1999. Outlook Express ships as part of Internet Explorer.