29 Apr 2002 09:48
On April 26, Microsoft released a new security bulletin, MS02-021, for anyone running Microsoft Word as the default email editor for Microsoft Outlook 2000 and 2002. (The Word option is enabled or disabled by clicking Tools > Options > Mail Format.) Users editing or creating email in rich text or HTML formats with the Word option could be vulnerable to harmful scripts sent from malicious users.
How it works
Users who only read their email via Word are not vulnerable; HTML email in Outlook uses Internet Explorer's security settings and will not run malicious scripts sent via email. However, users who reply or forward email using Word are at risk because Word does not have script-blocking capabilities.
Prevention
A patch is available from Microsoft. Outlook 2002 users who have enabled the "Read HTML email as plain text" feature in Office XP SP1 will not need to apply this patch.
Have your say instantly, and see what others have said. Go to the Security forum.
Let the editors know what you think in the Mailroom.
Copyright © 1995-2008 CNET Networks, Inc. All rights reserved
ZDNET is a registered service mark of CNET Networks, Inc. ZDNET Logo is a service mark of CNET Networks, Inc.