MORE INFORMATION

There are several precautionary steps you can take to minimize the effects of this issue. We recommend that all customers take these steps.

IMPORTANT: Precautionary steps are provided below for both supported and unsupported versions of Microsoft Internet Explorer, Outlook, and Outlook Express. If you are running an unsupported version of one of these products, Microsoft strongly recommends that, in addition to using the steps below, you also upgrade to a supported version and then apply the latest security patches from the following Microsoft Windows Update Web site:

For additional information on supported versions of Microsoft Internet Explorer, Outlook, and Outlook Express, see the following Microsoft Web sites:

How to Prevent Cross-Site Scripting in E-Mail Messages

To prevent Cross-Site Scripting from occurring in e-mail messages, turn off Active Scripting in the Restricted zone and make all e-mail messages you receive run in the Restricted zone.

NOTE: Active Scripting is disabled by default in Outlook Express 6 and Outlook 2002.

For additional information about how to turn off Active Scripting in the Restricted zone and configure all e-mail to run in the Restricted zone, click the article numbers below to view the articles in the Microsoft Knowledge Base:

For additional information about virus protection features in Outlook Express 6, click the following article number to view the article in the Microsoft Knowledge Base:

Take Precautions to Avoid Attacks When You Browse the Web or Read E-Mail Messages

• Browse to Web sites that you trust are not using malicious code.
• Be careful about how you initially visit a Web site. The safest way to connect to a Web site is to type the Web address directly into the browser or use a securely-stored local bookmark or favorite. If you do this, you can significantly reduce exposure while maintaining functionality.
• Do not click hyperlinks in an e-mail message, even if the message appears to be from someone you trust. A malicious user can cause a false name to appear on the From: line of an e-mail message.

Recovering from a Cross-Site Scripting Attack

NOTE: You should only take the following steps if you have credible evidence that you have visited a Web site that uses cross-site scripting. After you perform these steps, you need to re-register and re-customize any Web sites that you visit again.

To stop cross-site scripting:

1. Close Internet Explorer.
2. Start Internet Explorer again and visit a safe Web site, such as:

   http://www.microsoft.com

3. Delete all the Cookie files on your computer. To do this, follow the appropriate steps for your version of Internet Explorer.

   Internet Explorer 6 for Windows 98, Windows NT 4.0, Windows 98 Second Edition, Windows Millennium Edition, Windows XP, or Windows 2000

   1. On the Tools menu, click Internet Options, and then click the General tab.
   2. In the Temporary Internet Files section, click Delete Cookies, click OK, and then click OK again.

   Internet Explorer 5.x for Windows 95, Windows 98, Windows NT 4.0, Windows 98 Second Edition, or Windows 2000

   1. On the Tools menu, click Internet Options, and then click the General tab.
   2. Under Temporary Internet Files, click Settings.
   3. Click View Files.
   4. On the View menu, click to select the Details command.
   5. Click the Internet Address column label, and then scroll to find the Cookie files Internet addresses. For example, a Cookie Internet address may be named something similar to the following name:

      Cookie:jsmith@websitename.com

   6. Click a Cookie file, and then press the Delete key. If you are prompted to confirm the deletion, click Yes. Repeat this step for each Cookie file.

   Internet Explorer 4.x for Windows 95, Windows 98, or Windows NT 4.0

   1. On the View menu, click Internet Options, and then click the General tab.
   2. Under Temporary Internet Files, click Settings.
   3. Click View Files
   4. On the View menu, click to select the Details command.
   5. Click the Internet Address column label, and then scroll to find the Cookie files Internet addresses. For example, a Cookie Internet address may be named something similar to the following name:

      Cookie:jsmith@websitename.com

   6. Click a Cookie file, and then press the Delete key. If you are prompted to confirm the deletion, click Yes. Repeat this step for each Cookie file.

   Internet Explorer 3.x for Windows 95 or Windows NT 4.0

   1. On the View menu, click Options, and then click the Advanced tab.
   2. Under Temporary Internet Files, click View Files.
   3. Click the Name column label, and then scroll to find the Cookie files. For example, a Cookie file may be named something similar to the following name:

      Cookie:jsmith@websitename.com

   4. Click a Cookie file, and then press the Delete key. If you are prompted to confirm the deletion, click Yes. Repeat this step for each Cookie file.

   Internet Explorer 3.x, 4.x, or 5 for Windows 3.1x and Windows NT 3.51

   1. In File Manager, click Search on the File menu.
   2. In the Search For box, type emcookie.dat.
   3. In the Start From box, type the drive letter where Internet Explorer is installed, followed by a colon (:) and backslash (\). For example, C:\.
   4. Click to select the Search All Subdirectories box, and then click OK.
   5. In the Search Results window, click the Emcookie.dat file, and then click Delete on the File menu.
   6. Click OK, click Yes if you are prompted to confirm the deletion, and then click Yes to update the Search Results window.

   Internet Explorer 4.x for Macintosh

   1. On the Edit menu, click Preferences.
   2. Under Receiving Files, click Cookies.
   3. Click one of the displayed cookies.
   4. On the Edit menu, click Select All, and then click Delete.

   Internet Explorer 4 or 5 for UNIX on HP-UX or Sun Solaris

   1. Change to the .microsoft directory in the user's home directory.
   2. Change to the Cookies directory inside of the .microsoft directory.
   3. Delete all .txt files located in this directory. For example, user@www.example.com.txt.

For additional information about cookies, click the following article number to view the article in the Microsoft Knowledge Base: