ARCHIVED: What is the Microsoft Outlook E-mail Security Update?
Microsoft Outlook 2002 and Service Pack 2 (SP2) for Microsoft Office 2000 include the Outlook E-mail Security Update. If you have installed SP2 or Outlook 2002, you have also installed the Outlook E-mail Security Update. This update was originally released in June 2000 as a stand-alone update for Outlook 98 and 2000; Outlook 2002 has the update installed as a standard feature.
The update was developed in response to viruses like Melissa and ILOVEYOU, which exploited some of Outlook's features to rapidly spread themselves across networks and the Internet.
The Outlook E-mail Security Update provides additional levels of protection against malicious email messages. The update changes the way that Outlook handles attachments, and the way that Outlook can be controlled programmatically.
Note: Indiana University provides attachment blocking to reduce spam and email fraud; see At IU, what types of attachments are blocked from my email account?
Email attachment security
Attachments are divided into three groups based on their file extension, or type. Outlook handles each group in a specific way:
Level 1 ("Unsafe")
The "unsafe" category represents any extension that may have script or code associated with it. Any attachment with an "unsafe" file extension is inaccessible if you use a version of Outlook that has the security update applied to it. You cannot save, delete, open, print, or otherwise change the "unsafe" attachment. If you receive a message that contains an attachment that cannot be accessed, your Inbox will display the paper clip in the attachment column to let you know that the message has an attachment. When you open the message, the attachment will not be available and the following will be displayed at the top of the message:
"Outlook blocked/removed access to the following potentially unsafe attachment: filename."
Instead of "filename", you will see the actual name of the attached file.
When you send or forward email that contains an unsafe attachment, Outlook will prompt you with the following message:
"This Item contains attachments that are potentially unsafe. Recipients using Microsoft Outlook may not be able to open these attachments. Do you want to send anyway?"
You can choose
No. If you choose
the message will not be sent. However, you will be able to continue
editing the message. If you choose
Yes, the message will be
sent. If the recipient has the security update installed, the
attachment may be blocked.
You must save file types on the Level 2 security list to disk before you can open them; you cannot open the files directly from within Outlook. There are no file types on the Level 2 security list by default, but file types can be added to the list by system administrators; see Custom security settings.
If you receive email containing a Level 2 file as an attachment, the following message will appear if you try to open the attachment:
WARNING! The file may contain a virus that can be harmful to your computer. It is important to be VERY certain that this file is safe before you open it. You must save this file to disk before it can be opened."
You can choose either
Save to disk... or
Save to disk... , you will be prompted to
specify where on your computer you wish to save the file. You can
then scan the saved file for any known viruses before you open it.
File types on the Level 3 security list are considered to be safe. You can either open these files directly from within Outlook, or save them to disk. Any file that is not on the Level 1 or 2 list will automatically be Level 3.
Outlook object model guard security
The object model guard will notify you when an outside program tries any of the following:
- Sending mail on your behalf
- Accessing your address book
- Accessing email names from your messages
- Accessing email information from your contacts or other types of
- Saving your messages to the file system
- Searching your messages for content
- Using Simple Messaging Application Programming Interface (Simple MAPI) to send messages without your consent
Synchronization with handheld devices may also be affected if you are using older versions of your synchronization software. Check with the vendor of the software if you encounter problems.
Internet security zones
The security update changes settings for Outlook to Restricted. This will affect some of the functionality of HTML mail in Outlook. For more on the security zones, see article 174360 in Microsoft's knowledge base.
In addition, Common Messaging Calls will not function, and macro security in PowerPoint, Word, Outlook, and Excel will be increased to High.
Custom security settings
Exchange server administrators can implement custom security settings to change the default behavior of the Outlook E-mail Security Update. The custom security settings only work if you are running Outlook in Corporate or Workgroup mode.
For more detailed information on the Outlook E-mail Security Update, see:
- Information about the Outlook E-mail Security Update, article
- Known issues with the Outlook E-mail Security Update, article
- Known setup issues with the Outlook E-mail Security Update,
- Known interoperability issues with the Outlook E-mail Security Update, article 264128
Note: The Outlook 2000 E-mail Security Update does
not have an uninstall feature. To completely remove the security
update from Outlook 2000, you have to completely remove Office 2000
and then reinstall it, stopping at Office 2000 SR1a build. If you use
Outlook 98, you can uninstall the Outlook E-mail Security Update using
Add/Remove Programs from the Windows control panel. The
security update is a standard feature of Outlook 2002; you cannot
Last modified on August 27, 2012.