What was more shocking to me was the fact that Microsoft does not offer any option to easily remove these via Add/Remove program. Instead, Microsoft suggests a very convoluted method to get rid of Outlook Express and none for WMP.
I fail to understand the reasoning behind:
- offering Outlook Express and WMP as default options.
- lack of easy uninstallation.
- increasing your threat surface by including such historically vulnerable pieces of software.
- the purpose of a mail client and media player on a server class operating system.
- MS07-034: Cumulative security update for Outlook Express and for Windows Mail
- MS08-048: Security update for Outlook Express and Windows Mail
- MS06-078: Vulnerability in Windows Media Format could allow remote code execution