dslreports logo

Problem Symptoms
----------------
A file will appear on your desktop with the file name of simply "~" (the tilde character). Clicking on file properties does not seem to be very helpful.

Affected Software
-----------------
What software is involved?

This problem happens to users of Outlook Express 5.5 and 6.0 only. It can happen with any version of Windows.

The Cause
---------
It has reportedly been caused by the April, 2003 Microsoft Critical Security Update, Outlook Express Update Q330994 due to a a glitch in the code of this Security Update that affects the Outlook Express backup Address Book. The primary address book is called yourname.wab. When you update the primary address book, your old address book should be copied to a backup file called yourname.~ab.

After this security patch is installed, the backup process is broken. Your old address book is copied to a file called ~ (just the tilde character) and put on the desktop instead of the Outlook Express Address Book Directory.

This causes two problems. First is the appearance of a suspicious file on the desktop. Second is misplacement of the backup Outlook Express address book.

Note -- this was reported as early as November, 2002 in a Security Forum thread -- I found a mystery on my desktop

Verification
------------
To verify that the patch has been installed on your machine, open Internet Explorer, select Help, then select About Internet Explorer and confirm that Q330994 is listed in the Update Versions field.

To verify the individual files, use the patch manifest provided in Microsoft Knowledge Base article 330994.

What should I do?
-----------------
You have two possible courses of action.

1) Ignore the extraneous file on your desktop. Make a mental note that it contains your backup Outlook Express Address Book. It is very unlikely that you will ever need this file.

2) You can remove the security patch. To remove this patch, use the Add or Remove Programs (Add/Remove Programs) tool in Control Panel. Click Outlook Express Update Q330994, and then click Change/Remove (or Add/Remove). Once the patch is removed, you can remove the file from your desktop and it should not reappear. Any vulnerability that the Security Patch fixes will remain in your system.

Some time in the future, Microsoft is expected to issue a fix to the fix.

Further Information
===================
Here are two links with further information:

MS03-014 is a Microsoft TechNet Security Bulletin with detailed information about the patch and the security risk that it mitigates.

Q330994 is a Microsoft Knowledge Base article about the Patch.

Remember -- You are responsible for the security of your machine. Everyone has a personal amount of risk tolerance. This information is being presented to help you make an informed decision regarding this security patch. It is not a suggestion to take any particular course of action.


Expand got feedback?

by cprgolds See Profile edited by MSeng See Profile
last modified: 2003-07-26 21:49:14