The security add-on was posted to the company's Web site today. It works with Microsoft's various Win 32 MAPI based email clients such as the Exchange groupware client and Outlook software that comes in Exchange and the Office97 suite.
The security patch offers up a warning message whenever a suspect email attachment is being opened and gives users the option of not opening the file. The message can be bypassed at the user's discretion, the company said.
Security experts said such email attacks are virtually unheard of. However, unless security concerns are addressed, email could potentially serve as an open gateway for malicious strikes, they said. Attachments could potentially be used to send programs or executable files that once opened can possibly damage the receiver's computer.
"Microsoft takes the threat of malicious code very seriously and is committed to quickly responding to security issues as they arise," a Microsoft spokesperson said today.
In recent weeks the company has been inundated with reports of security holes in Explorer and other Internet software offerings and has scrambled to come up with patches to cover the holes. Microsoft said senior development and testing staff have even launched an internal audit in an effort to identify potential security issues in its messaging clients.
Wolfgang Stiller, president of Stiller Research, an antivirus consulting company, said work needs to be done to preempt the possibility of widespread email attacks.
"I have never encountered anyone who has become infected or received a Trojan [virus] in email," said Stiller. Nevertheless, he added, "potentially email attachments are a major risk."
Stiller had mixed feelings about Microsoft's fix.
"It's positive in that it will provide and additional layer of protection," said Stiller, of the Microsoft add-on. "Yet, the missing element is education. They need to be a little clearer about what you are getting and what you are not getting," Stiller said.
"If you just install this thing and think it will provide antiviral protection, it won't," he pointed out.
Other experts have said due to the sheer volume of Microsoft software worldwide, the most vulnerable people will be the millions of Microsoft customers who never hear about the company's security upgrades and never protect themselves.
The company has come up with one version of the patch for users of Outlook, the Windows Inbox and Exchange client running on Microsoft Windows 95 or NT 4.0 operating systems, and another for versions of the Exchange running on earlier versions of the systems. Macintosh users will receive the add-on with a forthcoming Exchange service pack, while Internet Mail and News users will get protection by downloading recently patched Internet Explorer 3.02.