What is the Microsoft Outlook E-mail Security Update?

Microsoft Outlook 2002 and Service Pack 2 (SP2) for Microsoft Office 2000 include the Outlook E-mail Security Update. If you have installed SP2 or Outlook 2002, you have also installed the Outlook E-mail Security Update. This update was originally released in June 2000, as a stand-alone update for Outlook 98 and 2000. Outlook 2002 has the update installed as a standard feature.

The update was developed in response to viruses like Melissa and ILOVEYOU, which exploited some of Outlook's features to rapidly spread themselves across networks and the Internet.

The Outlook E-mail Security Update provides additional levels of protection against malicious email messages. The update changes the way that Outlook handles attachments, and the way that Outlook can be controlled programmatically.

Email attachment security

Attachments are divided into three groups based on their file extension, or type. Outlook handles each group in a specific way:

Level 1 ("Unsafe")

The "unsafe" category represents any extension that may have script or code associated with it. Any attachment with an "unsafe" file extension is inaccessible if you use a version of Outlook that has the security update applied to it. You cannot save, delete, open, print, or otherwise change the "unsafe" attachment. If you receive a message that contains an attachment that cannot be accessed, your Inbox will display the paper clip in the attachment column to let you know that the message has an attachment. When you open the message, the attachment will not be available and the following will be displayed at the top of the message:

"Outlook blocked/removed access to the following potentially unsafe attachment: filename."

Instead of "filename", you will see the actual name of the attached file.

When you send or forward email that contains an unsafe attachment, Outlook will prompt you with the following message:

"This Item contains attachments that are potentially unsafe. Recipients using Microsoft Outlook may not be able to open these attachments. Do you want to send anyway?"

You can choose Yes or No. If you choose No, the message will not be sent. However, you will be able to continue editing the message. If you choose Yes, the message will be sent. If the recipient has the security update installed, the attachment may be blocked.

Level 2

You must save file types on the Level 2 security list to disk before you can open them; you cannot open the files directly from within Outlook. There are no file types on the Level 2 security list by default, but file types can be added to the list by system administrators. See the Custom security settings section below.

If you receive email containing a Level 2 file as an attachment, the following message will appear if you try to open the attachment:

"WARNING!
The file may contain a virus that can be harmful to your computer. It is important to be VERY certain that this file is safe before you open it. You must save this file to disk before it can be opened."

You can choose either Save to disk... or Cancel. If you choose Save to disk... , you will be prompted to specify where on your computer you wish to save the file. You may then scan the saved file for any known viruses before you open it.

Level 3

File types on the Level 3 security list are considered to be safe. You can open these files directly from within Outlook, or save them to disk first if you prefer. Any file that is not on the Level 1 or 2 list will automatically be Level 3.

Outlook object model guard security

The object model guard will notify you when an outside program tries any of the following:

• Sending mail on your behalf
  
  
• Accessing your address book
  
  
• Accessing email names from your messages
  
  
• Accessing email information from your contacts or other types of items
  
  
• Saving your messages to the file system
  
  
• Searching your messages for content
  
  
• Using Simple Messaging Application Programming Interface (Simple MAPI) to send messages without your consent

Synchronization with handheld devices may also be affected if you are using older versions of your synchronization software. Check with the vendor of the software if you encounter problems.

Internet security zones

The security update changes settings for Outlook to Restricted. This will affect some of the functionality of HTMLmail in Outlook. If you need more information on the security zones, see article 174360 in Microsoft's knowledge base.

You can search Microsoft's knowledge base at:

In addition, Common Messaging Calls will not function, and macro security in PowerPoint, Word, Outlook, and Excel will be increased to High.

Custom security settings

Exchange server administrators can implement custom security settings to change the default behavior of the Outlook E-mail Security Update. The custom security settings only work if you are running Outlook in Corporate or Workgroup mode.

More information

For more detailed information on the Outlook E-mail Security Update, see the following Microsoft knowledge base articles:

• Information about the Outlook E-mail Security Update, article 262631
  
  
• Known issues with the Outlook E-mail Security Update, article 262634
  
  
• Known setup issues with the Outlook E-mail Security Update, article 264567
  
  
• Known interoperability issues with the Outlook E-mail Security Update, article 264128

You can search Microsoft's knowledge base at:

Note: The Outlook 2000 E-mail Security Update does not have an uninstall feature. To completely remove the security update from Outlook 2000, you have to completely remove Office 2000 and then reinstall it, stopping at Office 2000 SR1a build. If you use Outlook 98, you can uninstall the Outlook E-mail Security Update using Add/Remove Programs from the Windows control panel. The security update is a standard feature of Outlook 2002; you cannot uninstall it.