Disable OE?

Just seen this MS Bulletin about the latest problem with OE;
http://www.microsoft.com/technet/security/bulletin/MS04-013.mspx

I use Win 98 but I don't use OE so the version I have is what came with 98, version 5. The bulletin suggests that this is still a critical issue even if you don't use OE.

Is it possible to disable or uninstall OE in some way?

 

You can disable it by renaming the .exe to msimn.exe-old if you want. Not really sure about removal of that version.

But the way I read the security details, OE does not have to run for you to have a problem.

 

I read through it and agree with Newt. OE does not need to be running. However, there is the tried and true method of not clicking on links in email from unknown sources to help prevent this. From your link.
Mitigating factors for MHTML URL Processing Vulnerability - CAN-2004-0380:

• In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.

Microsoft has the Critical Updates for this on the site right now.

 

Maybe I am misreading all the above posts, but
http://www.microsoft.com/technet/security/bulletin/MS04-013.mspx
says
"Who should read this document: Customers who have Microsoft® Outlook Express® installed "
So if you have OE installed and presumably run it at times, you should run the patch. It does not seem aimed at those who run various versions of Windows without OE installed.
Windows Update today offers two patches for me (running Win98FE and OE 6 SP1) even though none were offered a few days ago
KB837009 (MS04-013)
KB831167 (this does not seem to be related to latest OE problem, but as I said, it was not offered a few days ago.) It seems to be a fix for the 832894 fix of a few weeks ago
http://support.microsoft.com/?kbid=831167
Perhaps we should be guided by what Windows Update recommends.

 

Thanks for the responses.

I'd like to think I was too sensible (and too old) to be lured by offers of pictures of Britney Spears but who knows?

As for having OE installed, I thought it was like IE, you weren't given a choice (but I didn't personally install 98 on this machine). I only used OE a few times with an ISP I'm no longer with and, if I open OE now, I get an error message that it is trying to connect to that ISP. Perhaps I have it crippled already?

My version is v.5 which is not even mentioned in the bulletin so I doubt if I should apply a patch intended for 5.5 onwards and I don't see the point of upgrading to 5.5 to apply the patch so I can go on not using the program.

Windows Update wasn't offering any patches for this problem yesterday but I will check again.