Microsoft KB Archive/820575

= You cannot customize Outlook Today after you install Critical Update 813489 for Internet Explorer =

Article ID: 820575

Article Last Modified on 3/6/2007

-

APPLIES TO

 Microsoft Outlook 2000 Standard Edition Microsoft Internet Explorer 6.0 Service Pack 1, when used with:  Microsoft Windows XP Professional

 Microsoft Windows XP Embedded

 Microsoft Windows 2000 Service Pack 2

 Microsoft Windows 2000 Service Pack 3</li></ul>

 Microsoft Windows NT 4.0 Service Pack 6</li></ul>

 Microsoft Windows Millennium Edition</li></ul>

 Microsoft Windows 98 Second Edition</li></ul> </li> Microsoft Internet Explorer 6.0, when used with:  Microsoft Windows XP Professional</li></ul> </li> Microsoft Internet Explorer 5.5, when used with:  Microsoft Windows 2000 Service Pack 3</li></ul>

 Microsoft Windows NT 4.0 Service Pack 6a</li></ul>

<ul> <li>Microsoft Windows Millennium Edition</li></ul>

<ul> <li>Microsoft Windows 98 Second Edition</li></ul> </li> <li>Microsoft Internet Explorer 5.01 Service Pack 3, when used with: <ul> <li>Microsoft Windows 2000 Service Pack 3</li></ul> </li></ul>

-

<div class="notice_section">

<div class="notice_section">

IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

<div class="symptoms_section">

SYMPTOMS
When you use the Outlook Today view in Outlook 2000, the Customize Outlook Today option does not work as expected.

<div class="cause_section">

CAUSE
This problem occurs after you install the Critical Update 813489 for Microsoft Internet Explorer. For additional information about the Critical Update 813489 for Internet Explorer, click the following article number to view the article in the Microsoft Knowledge Base:

813489 MS03-015: April, 2003, Cumulative Patch for Internet Explorer

<div class="workaround_section">

WORKAROUND
Warning This article contains instructions to add a DWORD value in the registry. When you add the DWORD value, it partially disables the Critical Update 813489 for Internet Explorer. After you add the DWORD value, you can customized Outlook Today, but you will be vulnerable to an information-disclosure vulnerability that is related to the way that Internet Explorer handles encoded characters in a Web address (a Uniform Resource Locator [URL]). For more information about this vulnerability, see the &quot;More Information&quot; section of this article. Microsoft recommends that after you have customized Outlook Today, you remove the DWORD value, or you disable the DWORD value by setting it to 0 to help protect your computer from this vulnerability.

To work around this problem, partially disable the Critical Update 813489 for Internet Explorer, customize Outlook Today, and then enable the Critical Update 813489 for Internet Explorer.

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. To do this, follow these steps:
 * 1) Quit Outlook 2000.
 * 2) Click Start, click Run, type regedit in the Open box, and then click OK.
 * 3) Locate and then click the following registry key:


 * 1) Click Edit, click New, and then click DWORD Value.
 * 2) Type Outlook.exe, and then press ENTER. This creates a new DWORD value named Outlook.exe.
 * 3) With the new Outlook.exe DWORD value selected, click Edit, and then click Modify.
 * 4) In the Value data box, type 1, and then click OK.
 * 5) Quit Registry Editor.
 * 6) Start Outlook 2000, and then go to the Outlook Today view.
 * 7) Click Customize Outlook Today, and then customize the view as necessary.
 * 8) Repeat steps 1 through 8. When you do step 8, set the Outlook.exe DWORD value to 0 instead of 1.

Note After you set the Outlook.exe DWORD value to 1 to partially disable the Critical Update 813489 for Internet Explorer, your computer is temporarily vulnerable to the vulnerability that is described in the &quot;More Information&quot; section of this article. When you use the Microsoft Baseline Security Analyzer tool (MBSA) to scan your computer for vulnerabilities, the MBSA Tool will not detect that the Critical Update 813489 for Internet Explorer has been partially disabled.

For more information, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/tools/mbsahome.mspx

Note The MBSA Web site always offers the most current version of the MBSA Tool.

How to export the Outlook.exe DWORD value with the value set to 1 and with the value set to 0
If you want to configure Outlook today regularly, you can export the Outlook.exe DWORD value with the value set to 1 and with the value set to 0. This permits you to export the appropriate registry value whenever you require the ability to customize Outlook Today. After you have customize Outlook Today, you can import the appropriate registry value to help protect your computer from the vulnerability that is described in this article.

To do this, follow these steps.

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
 * 1) Quit Outlook 2000.
 * 2) Click Start, click Run, type regedit in the Open box, and then click OK.
 * 3) Locate and then click the following registry key:


 * 1) In the right pane of Registry Editor, locate and then click the Outlook.exe registry value. If the value has not already been created, create the value by using the steps that are listed in the &quot;Workaround&quot; section of this article.
 * 2) With the new Outlook.exe registry value selected, click Edit, and then click Modify.
 * 3) If the Value data box is not set to 1, type 1 in the box, and then click OK.
 * 4) Click File, and then click Export.
 * 5) In the File name box, enter a name that will help you remember the purpose of the registration file, for example type Not_Protected.
 * 6) Select an appropriate folder to save the registration file, and then click Save. When you want to customize Outlook Today, locate the registration file that you saved in step 8, and double-click it to import the registry value. Now, you can customize Outlook Today.
 * 7) Select the Outlook.exe registry value, click Edit , and then click Modify.
 * 8) In the Value data box, type 0, and then click OK.
 * 9) Click File, and then click Export.
 * 10) In the File name box, enter a name that will help you remember the purpose of the registration file, for example type Protected.
 * 11) Select an appropriate folder to save the registration file, and then click Save. When you have customized Outlook Today, and you want to help protect your computer from the vulnerability described in this article, locate the registration file that you saved in step 13, and then double-click it to import the registry value. Now, you cannot customize Outlook Today.
 * 12) Quit Registry Editor.

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

<div class="moreinformation_section">

MORE INFORMATION
This article discusses an information-disclosure vulnerability that might permit an attacker to craft a URL that contains some encoded characters. The encoded characters might redirect you to a second Web site. If you follow the URL, the attacker can gain the same access as you on the second Web site. This might permit the attacker to access any information that you share with the second Web site. For additional information about this vulnerability, click the following article number to view the article in the Microsoft Knowledge Base: This vulnerability was first documented in Microsoft Security Bulletin MS02-068. For additional information about this vulnerability, click the following article number to view the article in the Microsoft Knowledge Base:

328970 MS02-066: November, 2002, Cumulative Patch for Internet Explorer

<div class="references_section">