No Patch Yet for New HTML Mail Vulnerability

According to Microsoft Security Bulletin MS01-055, a newly discovered high-risk vulnerability lets malicious code gain unauthorized access to the cookies that store Web site information on a user's local system. The vulnerability affects Internet Explorer (IE) 6.0 and 5.5 users who view Web pages and HTML mail messages. Because no patch is yet available, Microsoft recommends that users disable active scripting for both Web pages and email messages (the FAQ for this bulletin describes both procedures). If you're using the Outlook Email Security Update, active scripting is already disabled for HTML messages. Otherwise, check your Outlook security zone settings under Tools, Options, Security.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.