Microsoft KB Archive/291791

= OL2000: Outlook Update for Java Permissions Security =

Article ID: 291791

Article Last Modified on 8/9/2004

-

APPLIES TO


 * Microsoft Outlook 2000 Standard Edition
 * Microsoft Outlook 98 Standard Edition

-



This article was previously published under Q291791



SUMMARY
Microsoft has issued a Security Update that sets the Java Permissions option for the Microsoft virtual server to &quot;Disable Java&quot; for the Restricted sites zone only. This setting disables potentially malicious Java code from running in an HTML-formatted e-mail message.



MORE INFORMATION
This Security Update protects you from a vulnerability in Outlook that allows HTML e-mail messages to start an instance of your Internet browser with security settings at a decreased level. Because malicious Java code can potentially be run from HTML e-mail, this update sets the Java Permissions for the Microsoft virtual server to &quot;Disable Java&quot; for the Restricted sites zone. This setting does not affect the way your computer interacts with Java in normal Web browsing.

Considerations When You Install This Update
 To install this update, you must have Administrator-level privileges on the computer that you are using. If you are not an administrator, you receive the following message:

You do not have administrator privileges on this machine. This installation cannot be completed correctly unless it is run by an administrator.

 If you are not an administrator, you can manually change your security settings in your browser to protect against the vulnerability:  In Microsoft Internet Explorer 5.0 or later, on the Tools menu, click Internet Options. On the Security tab, click Restricted sites, and then click Custom level. Scroll down to the Microsoft VM heading, and click to select the Disable Java option under the Java permissions heading.

NOTE: If you are running Microsoft Windows NT 4.0, the Microsoft VM heading may not be present. However, the update still works because it sets the proper registry keys. Click OK to change the custom setting, and click OK again to apply your new security setting and exit the Internet Options dialog box.</ol> </li> After you install the update, the current user can see the setting change immediately. For all other users, the setting is applied when they next log on. However, if a user manually modifies this setting, the user setting is honored.</li></ul>

Availablility
The Security Update and installation instructions are available at the following Microsoft Web site:

http://office.microsoft.com/downloads/2000/o2kiefrm.aspx

Additional query words: OL2K OL98 iframe security zone restricted site java

Keywords: kbinfo kbdownload KB291791

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.