Critical Office XP fix disables spam filters

The latest Microsoft Office security patch is disrupting the PCs of companies using some anti-spam applications

Microsoft's critical security patch for Office 2002 effectively disables two spam-filtering applications, Sunbelt Software's iHateSpam and Cloudmark's Spamnet, and renders PCs with the software installed practically unusable, according to security experts.

As part of its monthly patch cycle, Microsoft on Tuesday released three patches for vulnerabilities in MSN Messenger, Windows Media Services and Outlook 2002. The Outlook patch was originally rated as Moderate but then upgraded to Critical after a security researcher challenged the original rating.

Companies using either iHateSpam or Spamnet have complained that after installing the update, their junk email filters do not work correctly because the user is inundated with pop-up messages alerting them that an application is trying to access Outlook's email addresses.

Users of the NT BugTraq Web site started reporting problems shortly after Microsoft released the fix. One BugTraq user reports that his client was successfully using iHateSpam to filter out 98 percent of junk emails until the fix was installed: "Now, the resulting pop-up messages have rendered his system unusable, with the security dialogues creating a de facto denial-of-service situation on this desktop," he said. "The obvious solution is to uninstall iHateSpam, but then he still has the 200 junk emails a day to contend with."

In a statement, Cloudmark said it is working with Microsoft to find a solution to the problem but until one is found, it recommends that users revert to a Windows Restore Point from before the update, called Service Pack 3 (SP3). Alternatively, its users are asked to uninstall Office, reinstall it and then not update to SP3.

Sunbelt Software has released an updated version of iHateSpam that solves the problem.