Exchange and Lync, plus other Microsoft products. (Click here for a full list: https://technet.microsoft.com/en-us/security/advisory/2896666)
Microsoft has identified a “zero-day” vulnerability involving .TIFF files. This means that neither Microsoft nor the antivirus companies have been able to develop tools to address this vulnerability. Because this is a zero-day vulnerability, the only way to protect yourself is to exercise extreme caution when opening .TIFF files, no matter how they reach you—whether via Exchange or Lync or through unknown websites. We advise all users to be very careful with .TIFF files. Anti-virus and firewall protection applications may not stop this threat. Do not open any files with a filename ending in .tiff – either through your personal mail or Exchangemail. There are a number of news articles discussing the specific details of the vulnerability. You can read them here: https://news.google.com/news?ncl=d-A1C6SaxJzq77M7R5cmrPtUUtToM&q=zero+day+microsoft&lr=English&hl=en
Here are some answers to questions you may have:
Q: Won’t Blue Net’s Mail Filter catch any viruses that are trying to get through?
A: No. The very definition of zero-day means that as of today, there are no signatures that let us detect any attachments containing malware. Your best defense is user awareness until Microsoft delivers a patch, and until signatures can be developed.
Q: Can I block .TIFF files from being delivered to my end users mailboxes?
A: Unfortunately, that functionality is not available.
Q: When is Microsoft anticipated to deliver a patch?
A: Microsoft has stated that it will “take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update”. Rest assured that we’ll apply the updates as soon as they’re made available to us.
“A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on “day zero” of awareness of the vulnerability. This means that the developers have had zero days to address and patch the vulnerability.” The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images. An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, open a specially crafted file, or browse specially crafted web content. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- Open https://controlpanel.msoutlookonline.net/asp/MManager/Login.asp?mmm=1 in your browser making sure “My Services” at the top of the page is selected.
- Login with email address and password
- On the right hand site is a link “Change password:”
- Follow the prompts
New passwords have to conform to the Password complexity rules:
A password must not contain:
- all or part of the email address;
- the entire Account Name;
- the entire Display Name.
Note: The Account Name and Full Name are parsed for delimiters: commas, periods, dashes or hyphens, underscores, spaces, pound signs, and tabs. If any of these delimiters are found, the Account Name or Full
Name is split and each section is verified as not included in the password. There is no check for any inidividual character or any three characters in succession.
Minimum password length is six (6) characters.
The password must contain characters from three (3) of the following five (5) categories:
- English uppercase letters (A-Z)
- English lowercase letters (a-z)
- Numbers (0-9)
- Special characters (e.g. ! $ # %)
- Unicode characters that do not fall into one of the above categories (e.g., a Japanese character or Russian letter)
Set up the first account with the supplied setup facility. That is the easiest. However these instructions will also work for the first account
In windows go into: Control Panel / mail / email accounts
Click on New…
and you get
The select “Manually configure…..
And select “Microsoft Exchange or compatible service”
And enter the right server and username:
The click “More Settings”
And in the “Connections” tab down the bottom select “Connect to Microsoft Exchange using HTTP”
Then click “Exchange Proxy Settings…”
And fill the page in as appropriate (server names might be different to these)
Then OK and OK and Next
Then you will have to log in with the right username and password and the setup of the second account is complete.
Firstly you will need to create a new email and write whatever you want your Out Of Office reply to say. When you are happy with it, save it as a a .oft template. (see image for reference)
Then go to:
-Rules and Alerts
-Select ‘Check messages when they arrive’ under the Start from a blank rule category at the very bottom of the list.
-Tick ‘sent only to me’
Select whether you want it forwarded to someone else or moved to a folder. Select ‘reply using a specific template’. Click the link and navigate to ‘User Templates in File System’ (see image for reference).
That should do it. Test to make sure it is working fine and make sure you untick it when not out of the office.
Open a .pst file
If you created a .pst file that does not appear in the Navigation Pane, add the .pst file to Outlook so that you can work with the items in it.
1. On the File menu, point to Open, and then click Outlook Data File.
2. Browse to the location of your wanted PST file.
3. Click the .pst file that you want to open, and then click OK.
The name of the folder that is associated with the data file appears in the Folder List. To view the Folder List, on the Go menu, click Folder List. By default, the folder will be called Personal Folders.
Close an Outlook Data File (.pst)
When you no longer need frequent access to an Outlook Data File (.pst), you can close the file. A closed file no longer appears in the Navigation Pane, but is not deleted from your computer.
* Right-click the name of the Outlook Data File (.pst) that you want to remove from the Navigation Pane, and then click Close name.
Close Outlook Data File (.pst) command