Exchange & Outlook UPDATE, May 21, 2002

Exchange and Outlook UPDATE, Outlook Edition—brought to you by Exchange & Outlook Administrator, the print newsletter with practical advice, how-to articles, tips, and techniques to help you do your job today.
http://www.exchangeadmin.com


THIS ISSUE SPONSORED BY

VeriSign - The Value of Trust
http://www.verisign.com/cgi-bin/go.cgi?a=n203987300057000

Windows & .NET Magazine Webinars
http://www.winnetmag.com/seminars/veritas
(below COMMENTARY)


SPONSOR: VERISIGN - THE VALUE OF TRUST

FREE E-COMMERCE SECURITY GUIDE
Is your e-business built on a strong, secure foundation? Find out with VeriSign's FREE White Paper, "Building an E-Commerce Trust Infrastructure." Learn how to authenticate your site to customers, secure your web servers with 128-Bit SSL encryption, and accept secure payments online. Click here
http://www.verisign.com/cgi-bin/go.cgi?a=n203987300057000


May 21, 2002—In this issue:

1. COMMENTARY

  • New IE Update Blocks IFRAME in Outlook HTML Messages

2. ANNOUNCEMENT

  • Immediate Access to T-SQL Solutions!

3. RESOURCE

  • Tip: Inserting a Signature in Outlook 2002

4. NEW AND IMPROVED

  • Caelo Software Releases Nelson Email Organizer 2.5

5. CONTACT US

  • See this section for a list of ways to contact us.

1. COMMENTARY
(contributed by Sue Mosher, News Editor, [email protected])

  • NEW IE UPDATE BLOCKS IFRAME IN OUTLOOK HTML MESSAGES

  • Microsoft issued a critical update for Microsoft Internet Explorer (IE) last week in Microsoft Security Bulletin MS02-023 (15 May 2002 Cumulative Patch for Internet Explorer) that eliminates a longstanding vulnerability in HTML-format messages–-the ability of an <IFRAME> tag to use the Internet Sites security zone, rather than the Restricted Sites zone, to launch a file attached to a message or to open a Web page inside a message. This vulnerability has contributed to the spread of Klez and some other viruses that use an <IFRAME> tag to launch a file when the user previews or opens an HTML message. Depending on the attachment security in place on the user's machine, the attachment that the <IFRAME> tag launches might run automatically, thus setting up a situation in which the user might not know that a message has an attached file or that the file has already starting running.

    After you apply the update, which is available for IE 6.0, IE 5.5 Service Pack 1 (SP1) and SP2, and IE 5.0 SP2, Web pages from sites in the Restricted Sites zone will ignore <IFRAME> tags. Outlook 2002 and Outlook 2000 and Outlook 98 with the Outlook E-mail Security Update all use the Restricted Sites zone for HTML messages.

    If you haven't installed the Outlook E-mail Security Update, after you download and install the IE update, you must manually set Outlook to use the Restricted Sites zone if you want to get the benefit of the <IFRAME> blocking. You can do so on the Security tab of Outlook's Tools, Options dialog box. Forcing Outlook to operate in the Restricted Sites zone also eliminates other potential vulnerabilities related to script in HTML messages.

    Strangely enough, this IE update has some surprising consequences for Outlook 2002 and Outlook 2000 users. The appearance of the Organize pane in both versions and the Find pane in Outlook 2000 will no longer show white text links in the Tahoma font on a gray background. Instead, the links are the default underlined blue, which makes them difficult to see on the dark background, and the font is whatever font you have set as your default in IE.

    The change in behavior is because of another fix in the IE update (the update patches six new vulnerabilities as well as all previously acknowledged problems). As GreyMagic Software reported, one vulnerability related to Cascading Style Sheets (CSS) makes it possible to read data from local files on the user's machine. Microsoft appears to have fixed this problem by making it impossible for an HTML page to load a style sheet from a <LINK> tag that points to a locally stored .css file, unless the user has placed in the Trusted Sites zone the domain hosting the Web page.

    What does this fix have to do with Outlook? The content of the Find and Organize panes is stored in a DLL that's installed with Outlook. Also embedded in that resource DLL is the style sheet that changes the font settings for those panes. Because the style sheet is in a local file, the Find and Organize panes won't load it after you install the new IE update. To fix the problem, Microsoft will probably need to update the DLL to use inline styles instead of a style sheet.

    Yes, this new CSS limitation is annoying (and will affect other applications that use .css files on local systems or in resource .dll files), but it's no reason not to install the IE patch. The benefits of greater security for HTML-format messages far outweigh the aggravation of this display issue.

    15 May 2002 Cumulative Patch for Internet Explorer
    http://www.microsoft.com/technet/security/bulletin/ms02-023.asp

    GreyMagic Security Advisory GM#004-IE
    http://sec.greymagic.com/adv/gm004-ie


    SPONSOR: WINDOWS & .NET MAGAZINE WEBINARS

    RAISING WINDOWS 2000 AVAILABILITY - FREE WEBINAR
    How can you reduce (or eliminate) data loss and downtime in the event of a site-wide disaster? Attend the latest free Webinar from Windows & .NET Magazine and get the answers, including what kind of fault-tolerant disk setup to use, what clustering is (and isn't) good at, and best practices for boosting SQL Server and Exchange 2000 Server availability. Register (for FREE) today!
    http://www.winnetmag.com/seminars/veritas


    2. ANNOUNCEMENT
    (brought to you by Windows & .NET Magazine and its partners)

  • IMMEDIATE ACCESS TO T-SQL SOLUTIONS!

  • Exclusive in-depth articles, tips, tricks, and code samples all at your fingertips. Content you can't get anywhere else—brought to you by the SQL Server experts you trust, such as Kalen Delaney, Itzik Ben-Gan, and others. Increase your productivity today! Go to the following URL.
    http://secure.duke.com/nt/tsql/index.cfm?action=freeIssueform&code=&pc=ftap2etu

    3. RESOURCE
    (contributed by Sue Mosher, [email protected])

  • TIP: INSERTING A SIGNATURE IN OUTLOOK 2002

  • Q: I like Microsoft Office XP's improvements in WordMail but miss the ability to insert a signature on demand. Can I get that feature back?

    A: When you use Microsoft Word as your editor in Outlook 2000, Word stores signatures as AutoText entries. You can use the Insert, AutoText command to choose any signature.

    Office XP uses a different mechanism to store WordMail signatures, so you no longer see an E-mail Signature list on the AutoText menu. You can, of course, create your own AutoText entries. The easiest method is to create the formatted text that you want to use as your signature; select it; choose Insert, AutoText, New; then give the new AutoText entry a name.

    You can also add this AutoText signature to your Word toolbars. The trick is that you must click in the body of the message before you choose View, Toolbars, Customize. On the Customize dialog box's Commands tab, look under AutoText for the entry you created, then drag it to one of the toolbars.

    WordMail also makes it easy to switch between signatures when you've set WordMail to insert your signature automatically and you've created more than one WordMail signature. (In Word or a WordMail message, choose Tools, Options, General, E-mail Options to access these features.) Simply right-click the signature that WordMail inserted automatically to see a list of other available signatures. For example, I have a signature named "none" that consists of just the "-" text that Word inserts by default. When WordMail inserts my signature on a reply but I prefer not to send a signature, I right-click the signature text and choose "none." For me, that technique is faster than selecting the text and deleting the signature. This technique works in both Outlook 2002 and Outlook 2000.

    See the Exchange & Outlook Administrator Web site for more great tips from Sue Mosher.

    4. NEW AND IMPROVED
    (contributed by Bob Kretschman, [email protected])

  • CAELO SOFTWARE RELEASES NELSON EMAIL ORGANIZER 2.5

  • Caelo Software released Nelson Email Organizer (NEO) 2.5, which automatically organizes email on systems running Outlook. For example, NEO automatically separates "bulk mail" messages from messages that a user's correspondents send. NEO works with Outlook message stores and Exchange Server mailboxes. Users can compose, reply, forward, send, and receive email messages from within NEO and can switch easily to Outlook. The product costs $29.95 for one license. For more information, visit Caelo Software's Web site.
    http://www.emailorganizer.com

    5. CONTACT US
    Here's how to reach us with your comments and questions:

    (please mention the newsletter name in the subject line)

    Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
    http://www.winnetmag.net/email

    Hide comments

    Comments

    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.
    Publish