OL2000: You Cannot Customize Outlook Today After You Install Critical Update 813489 for Internet Explorer (820575)


The information in this article applies to:

  • Microsoft Outlook 2000
  • Microsoft Internet Explorer 6.0 SP1, when used with:
    • the operating system: Microsoft Windows XP
    • the operating system: Microsoft Windows XP SP1
    • the operating system: Microsoft Windows 2000 SP2
    • the operating system: Microsoft Windows 2000 SP3
    • the operating system: Microsoft Windows NT 4.0 SP6
    • the operating system: Microsoft Windows Millennium Edition
    • the operating system: Microsoft Windows 98 Second Edition
  • Microsoft Internet Explorer 6.0, when used with:
    • the operating system: Microsoft Windows XP
  • Microsoft Internet Explorer 5.5 SP2, when used with:
    • the operating system: Microsoft Windows 2000 SP3
    • the operating system: Microsoft Windows NT 4.0 SP6a
    • the operating system: Microsoft Windows Millennium Edition
    • the operating system: Microsoft Windows 98 Second Edition
  • Microsoft Internet Explorer 5.01 SP3, when used with:
    • the operating system: Microsoft Windows 2000 SP3
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SYMPTOMS

When you use the Outlook Today view in Outlook 2000, the Customize Outlook Today option does not work as expected.

CAUSE

This problem occurs after you install the Critical Update 813489 for Microsoft Internet Explorer. For additional information about the Critical Update 813489 for Internet Explorer, click the following article number to view the article in the Microsoft Knowledge Base:

813489 MS03-015: April, 2003, Cumulative Patch for Internet Explorer

WORKAROUND

Warning This article contains instructions to add a DWORD value in the registry. When you add the DWORD value, it partially disables the Critical Update 813489 for Internet Explorer. After you add the DWORD value, you can customized Outlook Today, but you will be vulnerable to an information-disclosure vulnerability that is related to the way that Internet Explorer handles encoded characters in a Web address (a Uniform Resource Locator [URL]). For more information about this vulnerability, see the "More Information" section of this article. Microsoft recommends that after you have customized Outlook Today, you remove the DWORD value, or you disable the DWORD value by setting it to 0 to help protect your computer from this vulnerability.

To work around this problem, partially disable the Critical Update 813489 for Internet Explorer, customize Outlook Today, and then enable the Critical Update 813489 for Internet Explorer.

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. To do this, follow these steps:
  1. Quit Outlook 2000.
  2. Click Start, click Run, type regedit in the Open box, and then click OK.
  3. Locate and then click the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Application Compatibility
  4. Click Edit, click New, and then click DWORD Value.
  5. Type Outlook.exe, and then press ENTER. This creates a new DWORD value named Outlook.exe.
  6. With the new Outlook.exe DWORD value selected, click Edit, and then click Modify.
  7. In the Value data box, type 1, and then click OK.
  8. Quit Registry Editor.
  9. Start Outlook 2000, and then go to the Outlook Today view.
  10. Click Customize Outlook Today, and then customize the view as necessary.
  11. Repeat steps 1 through 8. When you do step 8, set the Outlook.exe DWORD value to 0 instead of 1.
Note After you set the Outlook.exe DWORD value to 1 to partially disable the Critical Update 813489 for Internet Explorer, your computer is temporarily vulnerable to the vulnerability that is described in the "More Information" section of this article. When you use the Microsoft Baseline Security Analyzer tool (MBSA) to scan your computer for vulnerabilities, the MBSA Tool will not detect that the Critical Update 813489 for Internet Explorer has been partially disabled. For additional information about the Microsoft Baseline Security Analyzer tool (MBSA), click the following article number to view the article in the Microsoft Knowledge Base:

320454 Microsoft Baseline Security Analyzer (MBSA) Version 1.1 Is Available

How to Export the Outlook.exe DWORD Value With the Value Set to 1 and With the Value Set to 0

If you want to configure Outlook today regularly, you can export the Outlook.exe DWORD value with the value set to 1 and with the value set to 0. This permits you to export the appropriate registry value whenever you require the ability to customize Outlook Today. After you have customize Outlook Today, you can import the appropriate registry value to help protect your computer from the vulnerability that is described in this article.

To do this, follow these steps.WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
  1. Quit Outlook 2000.
  2. Click Start, click Run, type regedit in the Open box, and then click OK.
  3. Locate and then click the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Application Compatibility
  4. In the right pane of Registry Editor, locate and then click the Outlook.exe registry value. If the value has not already been created, create the value by using the steps that are listed in the "Workaround" section of this article.
  5. With the new Outlook.exe registry value selected, click Edit, and then click Modify.
  6. If the Value data box is not set to 1, type 1 in the box, and then click OK.
  7. Click File, and then click Export.
  8. In the File name box, enter a name that will help you remember the purpose of the registration file, for example type Not_Protected.
  9. Select an appropriate folder to save the registration file, and then click Save. When you want to customize Outlook Today, locate the registration file that you saved in step 8, and double-click it to import the registry value. Now, you can customize Outlook Today.
  10. Select the Outlook.exe registry value , click Edit, and then click Modify.
  11. In the Value data box, type 0, and then click OK.
  12. Click File, and then click Export.
  13. In the File name box, enter a name that will help you remember the purpose of the registration file, for example type Protected.
  14. Select an appropriate folder to save the registration file, and then click Save. When you have customized Outlook Today, and you want to help protect your computer from the vulnerability described in this article, locate the registration file that you saved in step 13, and then double-click it to import the registry value. Now, you cannot customize Outlook Today.
  15. Quit Registry Editor.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION

This article discusses an information-disclosure vulnerability that might permit an attacker to craft a URL that contains some encoded characters. The encoded characters might redirect you to a second Web site. If you follow the URL, the attacker can gain the same access as you on the second Web site. This might permit the attacker to access any information that you share with the second Web site. For additional information about this vulnerability, click the following article number to view the article in the Microsoft Knowledge Base: This vulnerability was first documented in Microsoft Security Bulletin MS02-068. For additional information about this vulnerability, click the following article number to view the article in the Microsoft Knowledge Base:

328970 MS02-066: November, 2002, Cumulative Patch for Internet Explorer

REFERENCES

For additional information about other articles the describe issues about how to customize Outlook Today, click the following article numbers to view the articles in the Microsoft Knowledge Base:

273616 OL2000: The Customize Outlook Today Feature Does Not Customize with MSNBC Personal Update

234707 OL2000: No Option To Customize Outlook Today With Winter Style


Modification Type:MinorLast Reviewed:12/2/2004
Keywords:kbBug kbprb KB820575
©2004 Microsoft Corporation. All rights reserved.