Article ID: 291791 - Last Review: August 9, 2004 - Revision: 2.3

OL2000: Outlook Update for Java Permissions Security

View products that this article applies to.
This article was previously published under Q291791

On This Page

Expand all | Collapse all

SUMMARY

Microsoft has issued a Security Update that sets the Java Permissions option for the Microsoft virtual server to "Disable Java" for the Restricted sites zone only. This setting disables potentially malicious Java code from running in an HTML-formatted e-mail message.
Back to the top

MORE INFORMATION

This Security Update protects you from a vulnerability in Outlook that allows HTML e-mail messages to start an instance of your Internet browser with security settings at a decreased level. Because malicious Java code can potentially be run from HTML e-mail, this update sets the Java Permissions for the Microsoft virtual server to "Disable Java" for the Restricted sites zone. This setting does not affect the way your computer interacts with Java in normal Web browsing.
Back to the top

Considerations When You Install This Update

  • To install this update, you must have Administrator-level privileges on the computer that you are using. If you are not an administrator, you receive the following message:
    You do not have administrator privileges on this machine. This installation cannot be completed correctly unless it is run by an administrator.
  • If you are not an administrator, you can manually change your security settings in your browser to protect against the vulnerability:
    1. In Microsoft Internet Explorer 5.0 or later, on the Tools menu, click Internet Options.
    2. On the Security tab, click Restricted sites, and then click Custom level.
    3. Scroll down to the Microsoft VM heading, and click to select the Disable Java option under the Java permissions heading.

      NOTE: If you are running Microsoft Windows NT 4.0, the Microsoft VM heading may not be present. However, the update still works because it sets the proper registry keys.
    4. Click OK to change the custom setting, and click OK again to apply your new security setting and exit the Internet Options dialog box.
  • After you install the update, the current user can see the setting change immediately. For all other users, the setting is applied when they next log on. However, if a user manually modifies this setting, the user setting is honored.
Back to the top

Availablility

The Security Update and installation instructions are available at the following Microsoft Web site:
http://office.microsoft.com/downloads/2000/o2kiefrm.aspx (http://office.microsoft.com/downloads/2000/o2kiefrm.aspx)
Back to the top
APPLIES TO
  • Microsoft Outlook 2000 Standard Edition
  • Microsoft Outlook 98 Standard Edition
Back to the top
Keywords: 
kbinfo kbdownload KB291791
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations