Outlook blocked access to the following potentially unsafe attachments: filename.
The attachments that are affected by this issue are fairly uncommon. They are typically created by custom solutions by using Extended MAPI or the Outlook object model to add functionality to a Microsoft Exchange mailbox or to a local set of Outlook folders.
For more information about this security update, click the following article number to view the article in the Microsoft Knowledge Base:
For more information, visit the following Microsoft Security Response Center bulletin:
- Method 1
If you are a developer of a custom solution that uses linked file attachments, we recommend that you change the solution so that it no longer uses linked files. Specifically, avoid using the following options for an attachment's PR_ATTACH_METHOD property:
One possible approach may be to use a hyperlink in the body of a message instead.
- Method 2
Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.
ImportantThis section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:322756 How to back up and restore the registry in Windows
A registry entry can be used to prevent Outlook from blocking linked file attachments so that they can be opened directly. However, we do not recommend that you use this registry entry because doing this will reduce the security of Outlook, and may allow access to malicious attachments.
To configure the AllowAttachByRef registry entry, add a DWORD value named AllowAttachByRef that has a value of 1. To add this registry entry, follow these steps:
- Click Start, click Run, type regedit in the Open box, and then click OK.
- Locate and then click one of the following subkeys in the registry:
- Outlook 2013 (version 15.0)HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Security Or:HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\Outlook\Security
- Outlook 2010 (version 14.0)HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security
- Outlook 2007 (version 12.0)HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Security
- Outlook 2003 (version 11.0)HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security
- Outlook 2002 (version 10.0)HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Security
- Outlook 2013 (version 15.0)
- On the Edit menu, point to New, and then click DWORD Value.
- Type AllowAttachByRef for the name of the DWORD, and then press ENTER.
- Right-click AllowAttachByRef, and then click Modify.
- In the Value data box, type 1, and then click OK.
- Exit Registry Editor, and then restart the computer.
Important The AllowAttachByRef registry entry only re-enables ATTACH_BY_REFERENCE and ATTACH_BY_REF_ONLY attachments. ATTACH_BY_REF_RESOLVE attachments are still blocked.
The Outlook object model lets users create and send linked attachments. However, when these messages are sent, MAPI converts the linked attachment to an embedded attachment.
Because the overall matrix of scenarios is very large, and because Outlook also blocks other kinds of attachments, depending on the configuration, you should make sure to test the scenarios to see whether this issue may be related to unexpected behavior you may notice in Outlook. The best way to determine whether an attachment is a linked file is to use a MAPI-based tool such as MFCMAPI to check if the PR_ATTACH_METHOD property of the attachment is set to one of the following values:
- Start MFCMAPI.
- On the Session menu, click Logon and Display Store Table.
- Double-click one of the MAPI stores in the list to open that store. This is likely the store that contains the message that has the suspect attachment.
- Expand the folder tree in the navigation pane to find the correct folder, and then double-click the folder name to open that folder.
- Right-click the message that has the suspect attachment, and then click Display Attachment Table.
- Select the suspect attachment and then locate the PR_ATTACH_METHOD property in the list of properties. Value and SmartView columns display the data. The attachment is a linked attachment if the data matches one of the three values that are listed in the MAPI Flag table that was listed earlier.
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
Article ID: 2271150 - Last Review: Mar 15, 2013 - Revision: 1