OL98: Информация для разработчиков об обновлении безопасности электронной почты Outlook

Переводы статьи Переводы статьи
Код статьи: 262700 - Vizualiza?i produsele pentru care se aplic? acest articol.
Развернуть все | Свернуть все

В этой статье

Аннотация

Эта статья содержит сведения для разработчиков, поставщиков решений и независимые поставщики программного обеспечения (ISV) по Microsoft Outlook обновление безопасности электронной почты, выпущенное 7 июня 2000 г.

Дополнительная информация

Существенный:Майкрософт рекомендует, что вам знакомы основные возможности обновления безопасности электронной почты Outlook перед в этой статье. Общие сведения об обновлении безопасности электронной почты Outlook предоставляется на веб-узле корпорации Майкрософт:
http://www.Microsoft.com/downloads/details.aspx?FamilyID=48B0BC6A-B123-4F48-B27D-119078B4819F&displaylang=EN
Для получения дополнительных сведений об обновлении безопасности электронной почты Outlook щелкните следующий номер статьи базы знаний Майкрософт:
262617OL98: Information About the Outlook E-mail Security Update
This article describes the behavior of Outlook after you apply the security update. Administrators can configure client computers so that they do not contain all of these restrictions. As a developer, you need to be familiar with the administrative options that are available with this security update.

For additional information about how to override the restrictions imposed by the security update, click the article number below to view the article in the Microsoft Knowledge Base:
263296OL98: Administrator Information About the Outlook E-mail Security Update

ОБЗОР

The Outlook E-mail Security Update provides Outlook with additional levels of protection against malicious e-mail messages. The update directly affects the way that many Outlook features function, and it may adversely affect solutions that you built by using developer features that are included in Outlook and other messaging technologies or Application Programming Interfaces (APIs). If you have created any type of solution by using Microsoft messaging technologies, Microsoft recommends that you become familiar with the changes that the security update makes to Outlook and how those changes may affect your solution. In some cases, solutions do not function at all; in other cases, solutions may result in a warning message that interrupts your solution when you try to run it.

The security update changes Outlook and general messaging functionality in the following areas:

  • General attachment behavior (from the end-user perspective)
  • The Outlook object model
  • Other areas in Outlook that are related to security
  • The Collaboration Data Objects (CDO) object model
  • Simple Messaging Application Programming Interface, or Simple Messaging Application Programming Interface (MAPI)
Существенный:: This security update affects all custom solutions that use the Outlook object model and Simple MAPI. This includes the following:

  • Outlook custom forms that are published to any folder or forms library, including the Organizational Forms Library.
  • Any other type of development project that uses the Outlook object model or Simple MAPI, even if the project is digitally signed.

Outlook Object Model Design Changes

Attachments

Attachments with Level 1, or "unsafe," file extensions are not accessible in the Outlook object model, specifically:
  • надписьюAttachmentscollection in the object model is unaware of unsafe attachments.
  • If you try to send mail programmatically with one of these attachments, the mail is not sent. If the program is written in the C or C++ programming languages, you receive the MAPI_E_CANCELLED return code.
  • If you attempt to open an unsafe file system object (or "freedoc" file) by using the Outlook object model, you receive the E_FAIL return code in the C or C++ programming languages. Previously, you could open an unsafe file system object by using theотображения.method in the Outlook object model.

Item.Send

When you run a program that uses the Outlook object model to call the Send method, you receive a warning message. This warning message tells you that a program is trying to send mail on your behalf and asks if you want to allow the message to be sent. The warning message contains both aДА.and aНет,button, however, theДА.button is not available until five seconds have passed since the warning message appeared. The warning message can be dismissed immediately if you clickНет,. При щелчкеНет,надписьюОтправитьmethod returns an E_FAIL error in the C or C++ programming languages.

Accessing Address Books and Recipients

If a program tries to reference any type of recipient information by using the Outlook object model, a dialog box is displayed that asks you to confirm access to this information. You can allow access to the address book or recipient information for up to ten minutes after you receive the dialog box. This allows features, such as mobile device synchronization, to be completed. If you decide not to allow access to your address book or recipient information, you receive the E_FAIL return code for all of these messages in the C or C++ programming languages.

You receive the confirmation dialog box when a solution tries to programmatically access the following features of the Outlook object model:
  • надписьюAddressEntriescollection or anyAddressEntryОбъект.
  • надписьюПолучателиcollection or anyRecipientОбъект.
  • The following properties of aContactItemobject:
    Email1.Address
    Email1.AddressType
    Email1.DisplayName
    Email1.EntryID
    Email2.Address
    Email2.AddressType
    Email2.DisplayName
    Email2.EntryID
    Email3.Address
    Email3.AddressType
    Email3.DisplayName
    Email3.EntryID
    NetMeetingAlias
    ReferredBy
  • The following properties of aMailItemobject:
    SentOnBehalfOfName
    SenderName
    ReceivedByName
    ReceivedOnBehalfOfName
    ReplyRecipientNames
    Кому:
    Cc:
    Отправка скрытых копий:
  • The following properties of aAppointmentItemobject:
    Organizer
    RequiredAttendees
    OptionalAttendees
    Ресурсы
    NetMeetingOrganizerAlias
  • The following properties of aTaskItemobject:
    ContactNames
    Контакты:
    Delegator
    Владелец:
    StatusUpdateRecipients
    StatusOnCompletionRecipients
  • надписьюGetMembermethod of aDistListItemОбъект.
  • надписьюContactNamesСвойствоJournalItemОбъект.
  • надписьюSenderNameСвойствоMeetingItemОбъект.
  • надписьюSenderNameСвойствоPostItemОбъект.
  • надписьюGetRecipientFromIDСвойствоNamespaceОбъект.
  • надписьювыполнен.method of anуказанного действия.Объект.
  • надписьюFormulaСвойствоUserPropertyОбъект.

Item.SaveAs

При использовании командыСохранить какmethod to save items to the file system, you receive an "address book" warning message. This includes all types of items whether or not the items have attachments or active content. This change has been made so that you cannot programmatically save items to a file and then parse the file to retrieve e-mail addresses.

Send CommandBar Button

It is no longer possible to use theвыполнен.method to programmatically click theОтправитьbutton on the Outlook toolbar. Although this is not commonly done in Outlook solutions, this change has been made to prevent malicious intent. You receive the E_FAIL return code for all of these messages in the C or C++ programming languages.

SendKeys

Outlook does not allow access to certain dialog boxes by using the Visual Basic or Visual Basic for ApplicationsSendKeysКоманда:. Это позволяет предотвратить вредоносные программы автоматического отключения предупреждений и обход новые средства безопасности.

VBScript в неопубликованные формы не запускается.

При создании пользовательских форм Outlook можно непосредственно внедрить Visual Basic Scripting Edition (VBScript) внутри элемента. Это может сделать, если другие пользователи не смогут получить доступ к опубликованной формы. These types of forms are called "one-off" forms.

For additional information about one-off forms, click the article number below to view the article in the Microsoft Knowledge Base:
181266OL98: Working with Form Definitions and One-Off Forms
When you open one of these items in a version of Outlook that does not have the update applied to it, Outlook displays a security warning message that asks if you want to enable or disable the code in the form. When you use a version of Outlook that has the update applied to it, Outlook disables the code and you cannot activate it. If you want to use a script written in VBScript in a custom form, the custom form must be published to the Organizational Forms Library or to a public folder on a Microsoft Exchange Server computer. You can also distribute the custom form and install it in a local forms library on individual client computers.

Office Applications Are Reset to High Security

To help protect against harmful macro viruses that may be in Microsoft Office documents, the security update puts the following list of Office programs into "high security" mode.

Примечание.: For the typical Microsoft Office 97 program, you are asked if you want to run macros. For the typical Microsoft Office 2000 program, macros cannot run unless they are signed and trusted. If the macros are signed and trusted, you are not asked if you want to run the macros.

Products Affected

  • Microsoft Outlook 2000 only. Visual Basic for Applications was not included with Outlook 98.
  • Microsoft Word 97 and Microsoft Word 2000. By default, Word is in high security mode in Office 2000.
  • Microsoft Excel 97 and Microsoft Excel 2000.
  • Microsoft PowerPoint 97 and Microsoft PowerPoint 2000.
Примечание.: Microsoft Access has no equivalent settings for macro security and is therefore not affected. As a result, all Access document types are included in the list of unsafe file extensions that cannot be accessed.

Outlook and HTML Mail

The security update puts Outlook into the "restricted zone" by default. If you open an e-mail message that is in Hypertext Markup Language (HTML) format, and the HTML contains script, the script runs within the context of the Internet security settings.

Примечание.: This is one difference between Outlook 98 and Outlook 2000. When you use Outlook 98, active content runs as long as security settings are set adequately low. With the Outlook E-mail Security Update installed, Outlook 2000 completely disables script in HTML e-mail messages, regardless of the Internet security settings.

Simple MAPI Design Changes

When Outlook is installed on a computer as the default Simple MAPI client, Outlook processes requests that are made by using Simple MAPI calls. Therefore, when you install the Outlook E-mail Security Update, changes are made to the way that Simple MAPI calls are handled. By default, if you use many Simple MAPI functions you receive a warning message that says a program is trying to either access recipient information or send mail on your behalf.

The following list describes how Outlook responds to Simple MAPI calls.
Simple MAPI call   Behavior if handled by Outlook
----------------------------------------------------------------
MAPIAddress        OK
MAPIDeleteMail     OK
MAPIDetails        OK
MAPIFindNext       OK
MAPIFreeBuffer     OK
MAPILogoff         OK
MAPILogon          OK
MAPIReadMail       Prompt
MAPIResolveName    Prompt
MAPISaveMail       OK
MAPISendDocuments  OK
MAPISendMail       OK with the MAPI_DIALOG argument, otherwise prompt
For more information about the Simple MAPI calls, see the following article on the Microsoft Web site:
http://msdn2.microsoft.com/en-us/library/ms529053.aspx

CDO Design Changes

The Outlook 98 E-mail Security Update removes the CDO object model if it has been previously installed on the Outlook 98 computer. This differs from the Outlook 2000 E-mail Security Update, which does not remove the CDO object model from the computer.

A CDO E-mail Security Update has been released for Outlook 98.

For additional information about the CDO update, click the article number below to view the article in the Microsoft Knowledge Base:
268462OL98: Information About the CDO E-mail Security Update

Common Messaging Calls No Longer Supported

After you install the Outlook E-mail Security Update, Common Messaging Calls (CMC) no longer function. The CMC interface is a set of ten functions that enables you to add simple messaging capabilities to your custom program quickly. For example, your program can send a message with a single CMC function call and receive a message with two CMC function calls.

For additional information about CMC, see the following Microsoft Web site:
http://msdn2.microsoft.com/en-us/library/ms527945.aspx
Microsoft does not intend to re-implement this functionality and therefore recommends that you do not use CMC in messaging solutions.

Designing Solutions With the Security Update

There is no direct, programmatic way to determine which security update features a user has enabled. However, depending on your solution, you may be able to use one or more of the following approaches to determine if the security update has been installed.

Determine the Outlook Build Number

You can programmatically determine the version of Outlook to see if the security update has been applied to Outlook. However, this does not directly tell you whether an administrator has granted the user any "override" capabilities. The following Outlook Visual Basic for Applications code example illustrates how you can determine the version of Outlook that is installed.
Sub CheckForVersion()
   MsgBox UpdateApplied
End Sub

Function UpdateApplied()
   Set ol = CreateObject("Outlook.Application")
   iBuild = Int(Mid(ol.Version, 5, 4))
   ' NOTE: The version number format changed between Outlook 98 and 2000
   If iBuild >= 7806 Then
      UpdateApplied = True
   Else
      UpdateApplied = False
   End If
   Set ol = Nothing
End Function
Примечание.: This code does not function in Microsoft Outlook 97 because that version did not contain aномер_версииproperty in the object model.

Determine the Mail Delivery Location

You may want to verify that Outlook is delivering mail to a Personal Folders file (.pst). If mail is being delivered to a Personal Folders file, all of the security update features are in effect. The following Outlook automation code sample illustrates how you can determine if a user's mail is delivered to a mailbox or Personal Folders file.
Sub CheckForPST()
   MsgBox UsingPST
End Sub

Function UsingPST()
   Set ol = CreateObject("Outlook.Application")
   Set oInbox = ol.Session.GetDefaultFolder(6) ' 6 = olFolderInbox
   If InStr(oInbox.Parent.Name, "Mailbox - ") Then
      UsingPST = False
   Else
      UsingPST = True
   End If
   Set oInbox = Nothing
   Set ol = Nothing
End Function

Ссылки

For additional information about the Outlook E-mail Security Update, click the article numbers below to view the articles in the Microsoft Knowledge Base:
262617OL98: Information About the Outlook E-mail Security Update
262700OL98: Информация для разработчиков об обновлении безопасности электронной почты Outlook
263296OL98: Administrator Information About the Outlook E-mail Security Update
262618OL98: Known Issues with the Outlook E-mail Security Update
264566OL98: Known Setup Issues with the Outlook E-mail Security Update
264127OL98: Known Interoperability Issues with the Outlook E-mail Security Update
264129OL98: Known Third-Party Issues with the Outlook E-mail Security Update

Свойства

Код статьи: 262700 - Последний отзыв: 19 ноября 2010 г. - Revision: 2.0
Информация в данной статье относится к следующим продуктам.
  • Microsoft Outlook 98 Standard Edition
Ключевые слова: 
kbdownload kbinfo kbmt KB262700 KbMtru
Переведено с помощью машинного перевода
ВНИМАНИЕ! Перевод данной статьи был выполнен не человеком, а с помощью программы машинного перевода, разработанной корпорацией Майкрософт. Корпорация Майкрософт предлагает вам статьи, переведенные как людьми, так и средствами машинного перевода, чтобы у вас была возможность ознакомиться со статьями базы знаний KB на родном языке. Однако машинный перевод не всегда идеален. Он может содержать смысловые, синтаксические и грамматические ошибки, подобно тому как иностранец делает ошибки, пытаясь говорить на вашем языке. Корпорация Майкрософт не несет ответственности за неточности, ошибки и возможный ущерб, причиненный в результате неправильного перевода или его использования. Корпорация Майкрософт также часто обновляет средства машинного перевода.
Эта статья на английском языке:262700
Заявление об отказе относительно содержимого статьи о продуктах, поддержка которых прекращена
Эта статья содержит сведения о продуктах, поддержка которых корпорацией Майкрософт прекращена. Поэтому она предлагается как есть и обновляться не будет.

Отправить отзыв

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com