Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.
When you try to open a linked file attachment in a Microsoft Outlook message, Outlook blocks access to the link. When the issue occurs, you may receive a message that resembles the following in the Outlook Information Bar:
Outlook blocked access to the following potentially unsafe attachments: filename.
The attachments that are affected by this issue are fairly uncommon. They are typically created by custom solutions by using Extended MAPI or the Outlook object model to add functionality to a Microsoft Exchange mailbox or to a local set of Outlook folders.
This issue occurs because, by default, Outlook 2010 and Outlook 2013 do not allow linked file attachments to be opened. Also, a July 2010 security update made a change to Outlook 2002, Outlook 2003, and Outlook 2007 to include this behavior.
For more information about this security update, click the following article number to view the article in the Microsoft Knowledge Base:
978212 MS10-045: Vulnerability in Help and Support Center could allow remote code execution
For more information, visit the following Microsoft Security Response Center bulletin:
To work around this issue, use the following methods:
Method 1 If you are a developer of a custom solution that uses linked file attachments, we recommend that you change the solution so that it no longer uses linked files. Specifically, avoid using the following options for an attachment's PR_ATTACH_METHOD property:
One possible approach may be to use a hyperlink in the body of a message instead.
Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.
ImportantThis section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756How to back up and restore the registry in Windows
A registry entry can be used to prevent Outlook from blocking linked file attachments so that they can be opened directly. However, we do not recommend that you use this registry entry because doing this will reduce the security of Outlook, and may allow access to malicious attachments.
To configure the AllowAttachByRef registry entry, add a DWORD value named AllowAttachByRef that has a value of 1. To add this registry entry, follow these steps:
Click Start, click Run, type regedit in the Open box, and then click OK.
Locate and then click one of the following subkeys in the registry:
On the Edit menu, point to New, and then click DWORD Value.
Type AllowAttachByRef for the name of the DWORD, and then press ENTER.
Right-click AllowAttachByRef, and then click Modify.
In the Value data box, type 1, and then click OK.
Exit Registry Editor, and then restart the computer.
Important The AllowAttachByRef registry entry only re-enables ATTACH_BY_REFERENCE and ATTACH_BY_REF_ONLY attachments. ATTACH_BY_REF_RESOLVE attachments are still blocked.
Outlook 2002 and earlier versions of Outlook allowed you to create linked attachments by using the Insert File command. However, this was only possible with messages that are formatted by using rich text. This feature is not available in newer versions of Outlook. However, you can insert hyperlinks in the body of the message instead.
The Outlook object model lets users create and send linked attachments. However, when these messages are sent, MAPI converts the linked attachment to an embedded attachment.
Because the overall matrix of scenarios is very large, and because Outlook also blocks other kinds of attachments, depending on the configuration, you should make sure to test the scenarios to see whether this issue may be related to unexpected behavior you may notice in Outlook. The best way to determine whether an attachment is a linked file is to use a MAPI-based tool such as MFCMAPI to check if the PR_ATTACH_METHOD property of the attachment is set to one of the following values:
To use MFCMAPI to determine whether an attachment is a linked attachment, follow these steps:
On the Session menu, click Logon and Display Store Table.
Double-click one of the MAPI stores in the list to open that store. This is likely the store that contains the message that has the suspect attachment.
Expand the folder tree in the navigation pane to find the correct folder, and then double-click the folder name to open that folder.
Right-click the message that has the suspect attachment, and then click Display Attachment Table.
Select the suspect attachment and then locate the PR_ATTACH_METHOD property in the list of properties. Value and SmartView columns display the data. The attachment is a linked attachment if the data matches one of the three values that are listed in the MAPI Flag table that was listed earlier.
For more information about MFCMAPI, visit the following Microsoft webpage:
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE