Microsoft Outlook 2007 update caused email authentication issues

Article

Microsoft Outlook 2007 update caused email authentication issues

Robert Westervelt, News Director
Microsoft has pulled a non-security update to Office 2007 after customers complained of serious connection issues and performance degradation.

Not only opening Outlook folders was very slow, it refused to download POP3 emails from Gmail, but it was downloading from other POP3 mail servers.

user of
Microsoft Answers support forum

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

The update (KB2412171), which was issued Dec. 14, was supposed to apply stability enhancements and performance improvements to Outlook 2007. But shortly after the automatic update was applied, Microsoft support forums began filling up with complaints from users having problems connecting to Microsoft Exchange Server or having sluggish performance.

"Not only was opening Outlook folders very slow, it refused to download POP3 emails from Gmail, but it was downloading from other POP3 mail servers," according to one complaint on the Microsoft Answers support forum.

The bulk of the issues were reported by consumers and small businesses that may not have a Microsoft Exchange Server account configured in Outlook.

Microsoft's Outlook product team confirmed the Outlook 2007 email authentication issues late last week in a blog entry and yanked the update while engineers addressed the problem. The errant update broke Outlook's support of Secure Password Authentication, a Microsoft protocol that enables Outlook to authenticate using SMTP, POP or IMAP. The update also caused sluggishness when switching between folders.

"Outlook customers using Gmail who have the SPA option turned on cannot connect to Gmail," the Outlook team wrote.

In an email message, Dave Forstrom, director of Microsoft's Trustworthy Computing, said the update was supposed to allow Outlook 2007 users to opt into Extended Protection for Authentication. But the update process instead modified the behavior for Outlook 2007, causing the authentication issues.

"We have no evidence the update caused any security issues," Forstrom said.

The update was supposed to add protection for certain types of attacks, Forstrom said. Extended Protection for Authentication ensures authentication requests are bound to both the Service Principal Names (SPN) of the server and the Transport Layer Security (TLS) channel where Windows authentication occurs, Forstrom said.


Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top