none
Internal Domains exposed via Outlook XML

    Question

  • We have discovered that Outlook is exposing all internally hosted domains via the following file:

    C:\%USERPROFILE%\AppData\Roaming\Microsoft\Outlook\PB4S-Configuration-<username@domain>.xml

    This is on a SP2 install utilizing ABPs.

    Anyone else seeing this issue?

    Monday, April 02, 2012 2:15 PM

Answers

  • Yes I do. Sorry I didn't post back. We have coded a fix for this issue and it will ship in SP2 RU4 later this year.

    The change will require that no Outlook Protection Rules are configured (which is the default). If there are no rules we will only return the callers SMTP domain back, rather than all domains.

    Monday, May 21, 2012 4:17 PM

All replies

  • Do you have RMS configured in your organization?

    Monday, April 02, 2012 4:59 PM
  • And more precisely, do you have Outlook Protection Rules configured?
    Monday, April 02, 2012 5:09 PM
  • We don't currently have RMS deployed.  Is RMS a requirement to control this particular information leak?
    Monday, April 02, 2012 5:54 PM
  • No, it's not. Was just checking. I'm investigating now and will post back when I have some more info.
    Monday, April 02, 2012 6:45 PM
  • We're working on a solution for this. I'll post again when I have more information.
    Tuesday, April 03, 2012 8:09 PM
  • Thanks Greg.  Would it help if we open a support case on this issue for tracking purposes?  
    Tuesday, April 03, 2012 8:50 PM
  • Sure, be sure to point the engineer at me, and I will point them at the bug I opened.
    Tuesday, April 03, 2012 8:53 PM
  • Do you have any information concerning this issue 

    Thanks

    Monday, May 21, 2012 12:51 PM
  • Yes I do. Sorry I didn't post back. We have coded a fix for this issue and it will ship in SP2 RU4 later this year.

    The change will require that no Outlook Protection Rules are configured (which is the default). If there are no rules we will only return the callers SMTP domain back, rather than all domains.

    Monday, May 21, 2012 4:17 PM