Finally!! After slaving for more than a month and a half, I finally released MS04-018 for Outlook Express as a critical security release available from Windows update, OEM CDs and as a download on Microsoft.com.
All the information you need to know can be found here and here: vulnerability fixed, defense in depth fixes included in the patch and supported platforms. You need this fix if you use Outlook Express 6 (comes with Windows XP RTM) for reading or writing email, unlike the last one which left you vulnerable even if you didn’t use Outlook Express at all (Inetcomm.dll exports system functions that are consumed by other applications in Windows).
Outlook Express for Longhorn is an interesting project for the communications user experience team. We may not even call it Outlook Express! We want to make the Out of the Box mail experience very special and secure. The downside of owning the future product though, is owning the old code base as well……. so MS04-018 is an ongoing effort to keep the legions in user community of the diminutive Outlook Express happy.