OL2000: Outlook Update for Java Permissions Security (291791)

MORE INFORMATION

This Security Update protects you from a vulnerability in Outlook that allows HTML e-mail messages to start an instance of your Internet browser with security settings at a decreased level. Because malicious Java code can potentially be run from HTML e-mail, this update sets the Java Permissions for the Microsoft virtual server to "Disable Java" for the Restricted sites zone. This setting does not affect the way your computer interacts with Java in normal Web browsing.

Considerations When You Install This Update

• To install this update, you must have Administrator-level privileges on the computer that you are using. If you are not an administrator, you receive the following message:
  You do not have administrator privileges on this machine. This installation cannot be completed correctly unless it is run by an administrator.
• If you are not an administrator, you can manually change your security settings in your browser to protect against the vulnerability:
  1. In Microsoft Internet Explorer 5.0 or later, on the Tools menu, click Internet Options.
  2. On the Security tab, click Restricted sites, and then click Custom level.
  3. Scroll down to the Microsoft VM heading, and click to select the Disable Java option under the Java permissions heading.
     
     NOTE: If you are running Microsoft Windows NT 4.0, the Microsoft VM heading may not be present. However, the update still works because it sets the proper registry keys.
  4. Click OK to change the custom setting, and click OK again to apply your new security setting and exit the Internet Options dialog box.
• After you install the update, the current user can see the setting change immediately. For all other users, the setting is applied when they next log on. However, if a user manually modifies this setting, the user setting is honored.

Availablility

The Security Update and installation instructions are available at the following Microsoft Web site: