Today we released the fix for CVE-2010-0816 in MS10-030. This vulnerability affects Outlook Express, Windows Mail, and Windows Live Mail. We recommend that you install the update as soon as possible, but realize that some customers may need to prioritize which updates they install first. While the vulnerability is rated critical, many customers may not be affected by it. This blog post should help you better understand the risk associated with this vulnerability.
Default installations of Windows 7 are not affected by this vulnerability because they do not include Windows Live Mail. Windows Live Mail is available as a free download for Windows 7, but is not included in the operating system by default.
Attack vector details
Summary of risk
Thanks to Andrew Roths, Damian Hasse, and Fermin J. Serna for their contributions to this blog post.
We hope you found this information helpful!
-Kevin Brown, MSRC Engineering
*Posting is provided "AS IS" with no warranties, and confers no rights.*