This article was previously published under Q291791
This article has been archived. It is offered "as is" and will no longer be updated.
Microsoft has issued a Security Update that sets the Java Permissions option for the Microsoft virtual server to "Disable Java" for the Restricted sites zone only. This setting disables potentially malicious Java code from running in an HTML-formatted e-mail message.
This Security Update protects you from a vulnerability in Outlook that allows HTML e-mail messages to start an instance of your Internet browser with security settings at a decreased level. Because malicious Java code can potentially be run from HTML e-mail, this update sets the Java Permissions for the Microsoft virtual server to "Disable Java" for the Restricted sites zone. This setting does not affect the way your computer interacts with Java in normal Web browsing.
Considerations When You Install This Update
To install this update, you must have Administrator-level privileges on the computer that you are using. If you are not an administrator, you receive the following message:
You do not have administrator privileges on this machine. This installation cannot be completed correctly unless it is run by an administrator.
If you are not an administrator, you can manually change your security settings in your browser to protect against the vulnerability:
In Microsoft Internet Explorer 5.0 or later, on the Tools menu, click Internet Options.
On the Security tab, click Restricted sites, and then click Custom level.
Scroll down to the Microsoft VM heading, and click to select the Disable Java option under the Java permissions heading.
NOTE: If you are running Microsoft Windows NT 4.0, the Microsoft VM heading may not be present. However, the update still works because it sets the proper registry keys.
Click OK to change the custom setting, and click OK again to apply your new security setting and exit the Internet Options dialog box.
After you install the update, the current user can see the setting change immediately. For all other users, the setting is applied when they next log on. However, if a user manually modifies this setting, the user setting is honored.
The Security Update and installation instructions are available at the following Microsoft Web site: