US Report: Microsoft fixes Outlook bug

Microsoft has posted updated patches for the "long file-name attachment" bug that was recently discovered in its Outlook 98 and Outlook Express 4.x messaging clients.

The company issued an advisory on Tuesday detailing the availability of the updated patches. The original patches were posted on July 27.

The security breach, discovered by researchers at Oulu University's Secure Programming Group in Finland, was determined to affect both Microsoft's and Netscape's Internet-based mail applications. It would permit a hacker to deliver malicious code that erases local files or performs other malevolent acts.

Microsoft's updated patches include the original fixes and address a variant of the vulnerability found during subsequent testing, company officials said. Microsoft officials emphasised that users should obtain the patches only from the Microsoft Web site or through a "trusted mechanism," such as an Internet Service Provider. An unidentified user reportedly has circulated an unauthorised patch via e-mail.

Although no customers have reported being affected by the security vulnerability, Microsoft continues to take it seriously, officials added.

For Netscape Mail users, a fix will be included in the imminent Communicator version 4.06, according to officials.