KnowledgeBase Archive

An Archive of Early Microsoft KnowledgeBase Articles

View on GitHub

Q166557: XCLN: More Secure Launching of Attachments, Freedocs and URL’s

Article: Q166557
Product(s): Microsoft Exchange
Version(s): WINDOWS:5.0; :
Operating System(s): 
Keyword(s): kbusage
Last Modified: 23-APR-2000

-------------------------------------------------------------------------------
The information in this article applies to:

- Microsoft Exchange Macintosh client, version 5.0 
- Microsoft Exchange Windows 3.x client, version 5.0 
- Microsoft Exchange Windows 95/98 client, version 5.0 
- Microsoft Exchange Windows NT client, version 5.0 
- Microsoft Outlook 97 
- Microsoft Outlook 98 
- Microsoft Outlook 2000 
-------------------------------------------------------------------------------


SYMPTOMS
========

Microsoft Exchange Client does not warn users about opening potentially
dangerous files and OLE attachments that arrive in e-mail messages.

STATUS
======

Microsoft has confirmed this to be a problem in Microsoft Exchange Server
version 5.0. This problem was corrected in the latest Microsoft Exchange Server
5.0 U.S. Service Pack. For information on obtaining the service pack, query on
the following word in the Microsoft Knowledge Base (without the spaces):

  S E R V P A C K

MORE INFORMATION
================

The following change is planned for Microsoft Exchange Client 5.0 Service Pack
1. The client behaves like Microsoft Internet Explorer 3.02 when receiving a
file attachment or OLE embedding from an external source. To effect the change,
set attachment security setting to High (on the Tools menu, click Options, and
click the Attachment).

When you receive a file attachment, you are warned about the dangers of files
from external sources and asked if you want to continue the operation. For all
non-executable/non-scriptable attachment types (that is, types other than .exe,
.cmd, .bat, .zip, and similar types) you are also presented with the option to
not be notified when this type of file is opened again. You are able to either
save the file to another destination or continue and open this file as is.

NOTE: No virus scanning is performed on this file. You are responsible for
performing such operations.

When Windows users receive a URL attachment, the above file attachment semantics
are applied. All Macintosh URLs and other URL types on Windows are "safe" from
the Microsoft Exchange Client perspective because the Internet agent (browser,
WinInet, and so on) is responsible for parsing and warning you of potential
problems.

When you receive a message containing an embedded OLE object, you are warned
before the message is displayed if it contains potentially harmful objects, and
you are given the choice of removing the object (leaving the message marked as
dirty) or using the object as is. An object is considered safe to display if it
uses only the default OLE server or handler for in- process operations. You will
also be warned about the safety of the OLE object when you attempt to activate
it (for example, when you double-click or choose another operation from the
object's context menu) unless you have marked all objects as safe. You can also
indicate on the warning dialog box (in either case) whether to be warned about
this type of object in the future.

This feature may be disabled in the actual prompt by selecting the Don't Remind
Me Again option. To re-enable this feature, on the Tools menu, click Options,
click Security, and then click Attachment Security. Set this back to High
(recommended) to restore the prompt.

Additional query words: 8.0 8.01 8.02 8.03 8.04 8.5 9.0

======================================================================
Keywords          : kbusage 
Technology        : kbHWMAC kbOSMAC kbOutlookSearch kbExchangeSearch kbExchange500 kbExchangeClientSearch kbZNotKeyword kbZNotKeyword2 kbOutlook2000Search kbOutlook97Search kbOutlook98Search kbZNotKeyword3 kbExchange500Mac kbExchange500NT kbExchange500Win95
Version           : WINDOWS:5.0; :
Issue type        : kbbug
Solution Type     : kbfix

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 1986-2002.