Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

OL2000: Information About the Outlook E-mail Security Update


View products that this article applies to.

Summary

This article provides general information about the Microsoft Outlook E-mail Security Update that was re-released on August 16, 2001.

↑ Back to the top


More information

The Outlook E-mail Security Update provides additional levels of protection against malicious e-mail messages. The update changes the way that attachments are handled by Outlook, and the way that Outlook can be controlled programmatically.

For more information about the update and how it may affect the functionality of Outlook, this article includes links to a known issues list, information for developers, information for administrators, and other information to consider before you apply the update.

History of the Outlook Security Updates

This Outlook E-mail Security Update is the third attachment-handling update for Outlook.

The first security attachment update, the Outlook E-mail Attachment Security Update, requires that you save certain file types to a disk. For additional information about the first security attachment update, click the article number below to view the article in the Microsoft Knowledge Base:
235309 Outlook E-mail Attachment Security Update
The second update is available in Microsoft Outlook 2000 SR-1. While this update provides the same functionality as the previous update, when you install this update, you can modify the list of file types that must be saved to the file system or to a disk.

For additional information about attachment security features that were added to Outlook 2000 SR-1, click the article number below to view the article in the Microsoft Knowledge Base:
259228 OL2000: Attachment Security Features Included In SR-1/SR-1a
The Outlook E-mail Security Update changes and extends attachment handling. For general information about this update, and to download the update, please see the following Microsoft Web site:

Customizing the Behavior of the Security Update

If you are not running Outlook in an Exchange Server environment, or your mail is delivered to a local Personal Folders file (.pst), you cannot configure the settings for the update and you must use the full feature set of the update.

If you run Outlook in a Microsoft Exchange Server environment and your e-mail messages are delivered to a server-based mailbox, your administrator can control specific features that are included with the update. However, if your mail is delivered to a Personal Folders file (.pst), then you cannot configure the settings for the update.

New Attachment Behavior

Attachments are divided into three groups based on their file extension, or type. Outlook handles each group in a specific way:

Level 1 ("Unsafe")

The "unsafe" category represents any extension that may have script or code associated with it. Any attachment with an "unsafe" file extension is inaccessible if you use a version of Outlook that has the security patch applied to it. The following list contains attachments that are considered unsafe.
File extension  File type
---------------------------------------------------
.ade            Microsoft Access project extension 
.adp            Microsoft Access project 
.bas            Microsoft Visual Basic class module 
.bat            Batch file 
.chm            Compiled HTML Help file 
.cmd            Microsoft Windows NT Command script 
.com            Microsoft MS-DOS program 
.cpl            Control Panel extension 
.crt            Security certificate 
.exe            Program 
.hlp            Help file 
.hta            HTML program
.inf            Setup Information 
.ins            Internet Naming Service 
.isp            Internet Communication settings 
.js             JScript file 
.jse            Jscript Encoded Script file 
.lnk            Shortcut 
.mdb            Microsoft Access program 
.mde            Microsoft Access MDE database 
.msc            Microsoft Common Console document 
.msi            Microsoft Windows Installer package 
.msp            Microsoft Windows Installer patch 
.mst            Microsoft Visual Test source files 
.pcd            Photo CD image, Microsoft Visual compiled script 
.pif            Shortcut to MS-DOS program 
.reg            Registration entries 
.scr            Screen saver 
.sct            Windows Script Component 
.shb            Shell Scrap object
.shs            Shell Scrap object 
.url            Internet shortcut 
.vb             VBScript file 
.vbe            VBScript Encoded script file 
.vbs            VBScript file 
.wsc            Windows Script Component 
.wsf            Windows Script file 
.wsh            Windows Script Host Settings file 
					
After you install Office 2000 Service Pack 3, the following file types are also considered Level 1 ("unsafe"):

File extension File type
.appVisual FoxPro Application
.fxpVisual FoxPro Compiled Program
.prg Visual FoxPro Program
.mdw Microsoft Access Workgroup Information
.mdtMicrosoft Access Workgroup Information
.opsOffice XP settings
.ksh Unix shell extension
.cshUnix shell extension


For additional information about how to download and install the Office 2000 Service Pack 3 (SP-3), click the following article number to view the article in the Microsoft Knowledge Base:
326585 OFF2000: Overview of the Office 2000 Service Pack 3
NOTE: The list of files that are included in the Level 1 category can only be changed if you are using Outlook in a Microsoft Exchange Server environment and your mail is being delivered to an Exchange Server mailbox. These changes must be made by an administrator.

The following list describes how Outlook functions when you receive an "unsafe" file attachment:
  • Any "unsafe" attachment is not accessible after you install the update. You cannot save, delete, open, print, or otherwise manipulate "unsafe" files. The top of the e-mail message indicates that Outlook has blocked access to the "unsafe" attachment; the attachment is not accessible from Outlook, however, the attachment is not actually removed from the e-mail message.
  • If you forward an e-mail message with an "unsafe" attachment, the attachment is not included in the forwarded e-mail message.
  • If you send an e-mail message that contains an "unsafe" attachment, you receive a warning message that says other Outlook recipients may not be able to access the attachment that you are trying to send. You can either disregard the warning message and send the e-mail message, or you can choose to not send the e-mail message.
  • If you save an e-mail message that contains an "unsafe" attachment, you receive a warning message that says you may not be able to access the attachment from Outlook. You can override the warning message and save the e-mail message.
  • You cannot open objects that are inserted into Outlook Rich Text messages by using the Insert Object command. You do see a visual representation of the object, but you cannot open or activate the object in the e-mail message.
  • You cannot open "unsafe" files that have been directly stored in an Outlook or Exchange Server folder. Although these files are not attached to an Outlook item, they are still considered "unsafe."

Level 2

Level 2 files are not "unsafe" but they do require more security than other attachments. When you receive a Level 2 attachment, you are prompted to save the attachment to a disk; you cannot open the attachment from within the message. By default, no file extensions are associated with this group, however, you can add file extensions to the Level 2 list.

NOTE: The list of files that are included in the Level 2 category can only be changed if you are using Outlook in a Microsoft Exchange Server environment and your mail is being delivered to an Exchange Server mailbox. These changes must be made by an administrator.

Other Attachments

When you try to open an attachment other than those in the "unsafe" or Level 2 lists, you are prompted to either open the file directly or to save it to a disk. You can turn off future prompts for that extension if you click to clear the Always ask before opening this type of file check box.

NOTE: If a program associates itself with a new file extension, that file extension is treated as an "other" attachment until you add the file extension to the "unsafe" list. For example, if you install a program on your computer that uses files with an .xyz file extension, whenever you open an attachment that has an .xyz file extension, the new program opens and runs the attachment. By default, the .xyz file extension is not on the "unsafe" or Level 2 list, so it is treated as an "other" file extension. If you want attachments with the .xyz file extension to be treated as "unsafe," you must add the .xyz file extension to the list of "unsafe" file extensions.

New Programmability Behavior

When you install the update, programmatic access to Outlook is restricted. If other applications try to use Outlook on your behalf, you receive a warning message and you are prompted to confirm what the other application is doing. You receive warning messages when another application tries to do anything in the following list:
  • Send mail on your behalf
  • Access your address book
  • Access e-mail names from your messages
  • Access e-mail information from your contacts or other types of items
  • Save your messages to the file system
  • Search your messages for content
  • Use Simple Messaging Application Programming Interface, Simple MAPI, to send messages without your consent
The update may affect how other applications interact with Outlook by changing the default security zone settings from "Internet" to "restricted," and by automatically disabling script in Hypertext Markup Language (HTML) e-mail messages and unpublished custom Outlook forms. For additional information about developer-related updates and how they may impact third-party products and custom Outlook solutions, click the article number below to view the article in the Microsoft Knowledge Base:
262701 OL2000: Developer Information About the E-mail Security Update

Known Issues

For additional information about known issues for the Outlook E-mail Security Update, click the article numbers below to view the articles in the Microsoft Knowledge Base:
262634 OL2000: Known Issues with the Outlook E-mail Security Update
264128 OL2000: Known Interoperability Issues with the Outlook E-mail Security Update
264130 OL2000: Known Third-Party Issues with the Outlook E-mail Security Update

Installation Considerations

Before you install the Outlook E-mail Security Update, Microsoft recommends that you understand how the update will affect the way that Outlook handles attachments and other applications:
  • Several Outlook features no longer work. For a detailed list of issues, refer to the "Known Issues" section in this article.
  • Any process or program that you use to automate Outlook may function differently and the process or program may not work. This includes synchronization utilities for handheld devices and any program that has mail-based features or features based on attachments.
  • If you use Outlook in Internet Mail Only mode, or if your e-mail messages are delivered to a Personal Folders file (.pst), you cannot disable any of the features that are included with this update. If you decide to install the update, you will receive all of the new features.
  • If you have "unsafe" attachments with file extensions that are on the "unsafe" list in any of your existing Outlook items (e-mail messages, contact, tasks, and so on), the items are not accessible. Before you install the update, Microsoft recommends that you save all of the items with file names that are on the "unsafe" list to ensure that you can access the files after you install the update.
  • You must have Outlook 2000 SR-1 installed on your computer to install the update.
  • The update is an integral part of the Outlook installation. If you want to uninstall the update, you must completely uninstall the software that Outlook was installed from. For example, if Outlook was installed as part of Microsoft Office Premium Edition, you must uninstall and then reinstall Microsoft Office Premium Edition to uninstall the update; you cannot just uninstall and then reinstall Outlook.
  • The original attachment security update, the Outlook E-mail Attachment Security Update, and the Outlook 2000 SR-1 enhancements are available. For more information about how to obtain a previous version of the attachment security update, see the "History of the Outlook Security Updates" section in this article.

File Attributes

After the fix is installed, the English-language version of this fix will have the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the "Date and Time" tool in Control Panel.
   Date         Time   Version        Size        File Name
   --------------------------------------------------------------
   14-Jun-2000  14:11  1.0.3.27        41,472     Bjablr32.dll
   14-Jun-2000  14:12  3.2.0.27        61,952     Bjlog32.dll
   08-Jan-2001  18:37  1.0.3.28        98,304     Bjsrch32.dll
   19-Jun-2000  15:12  5.5.2652.65    808,720     Cdo.dll
   16-Nov-2000  05:25  9.0.0.4715     122,931     Contab32.dll
   14-Jun-2000  14:14  1.0.3.27       183,808     Emablt32.dll
   31-Aug-2000  16:43  5.5.3142.0     154,112     Emsabp32.dll
   25-May-2001  23:56  5.5.3158.0     594,192     Emsmdb32.dll
   01-Jun-2001  22:15  5.5.3159.0     131,344     Emsui32.dll
   02-Jun-2000  07:45  9.0.0.4201      86,067     Envelope.dll
   10-May-2001  02:35  5.5.3156.0     540,944     Exsec32.dll
   05-Apr-2000  16:02  9.0.0.4005     192,561     Mimedir.dll
   21-May-2001  15:20  5.5.3157.0     792,576     Msmapi32.dll
   03-Aug-2000  12:39  9.0.0.4402   5,595,185     Mso9.dll
   08-Jul-2000  00:07  5.5.3138.0     602,384     Mspst32.dll
   31-Jan-2000  22:56  9.0.0.3731     196,661     Oladd.fae
   30-May-2000  15:53                  26,643     Olsec9.chm
   08-Feb-2001  14:21  5.5.3153.0     548,352     Omint.dll
   01-Jun-2001  22:15  8.30.3157.0    782,608     Outex.dll
   15-Jun-2001  03:30  9.0.0.5414   5,328,946     Outllib.dll
   15-Jun-2001  03:31  9.0.0.5414   1,675,315     Outllibr.dll
   25-May-2001  23:50  9.0.5324.0     368,691     Pstprx32.dll
   07-Jul-2000  15:41  9.0.0.4307      73,772     Rm.dll
   02-Jun-2000  08:30  9.0.0.4201      65,586     Sendto9.dll
				

↑ Back to the top


References

For additional information about the Outlook E-mail Security Update, click the article numbers below to view the articles in the Microsoft Knowledge Base:
262631 OL2000: Information About the Outlook E-mail Security Update
262701 OL2000: Developer Information About the Outlook E-mail Security Update
263297 OL2000: Administrator Information About the Outlook E-mail Security Update
262634 OL2000: Known Issues with the Outlook E-mail Security Update
264567 OL2000: Known Setup Issues with the Outlook E-mail Security Update
264128 OL2000: Known Interoperability Issues with the Outlook E-mail Security Update
264130 OL2000: Known Third-Party Issues with the Outlook E-mail Security Update

↑ Back to the top


Keywords: kbproductlink, kbdownload, kbOffice2000SP3Fix, kbhowto, KB262631

↑ Back to the top

Article Info
Article ID : 262631
Revision : 6
Created on : 9/3/2013
Published on : 9/3/2013
Exists online : False
Views : 551