Exchange and Outlook UPDATE, Outlook Edition—brought to you by Exchange & Outlook Administrator, a print newsletter from Windows & .NET Magazine that contains practical advice, how-to articles, tips, and techniques to help you do your job today.
THIS ISSUE SPONSORED BY
NEW! PROMODAG Reports for Exchange Server V5.2
PacWest Security Road Show
SPONSOR: NEW! PROMODAG REPORTS FOR EXCHANGE SERVER V5.2
Analyze, Report, Strategize and Optimize your messaging system with V5.2 of the #1 reporting tool.
How will you know how your messaging system is used and/or abused? Sure, you could spend time searching through the raw Exchange logs . . . But why waste time when you can easily retrieve vital information with PROMODAG Reports!? New reports on mailbox content: unread messages; size, attachments by type; number of elements of more than n days and unused mailboxes. We guarantee your first report within minutes. It's that simple! But don't take our word for it. Try it out for yourself!
FREE EVALUATION: http://www.promodag.com/indexwinnetmag280103.asp
January 28, 2003 — In this issue:
- New Patch Fixes Outlook Flaws
- Windows & .NET Magazine Connections: Real-World Technical Tips Here for You
- Catch the Microsoft Mobility Tour—Time Is Running Out!
- Tip: Adding a Recipient to the Send To Menu
4. NEW AND IMPROVED
- Protect Your Inbox Against Spam
5. CONTACT US
See this section for a list of ways to contact us.
(contributed by Paul Robichaux, News Editor, [email protected])
Exchange Server administrators who use X.509 V1 Exchange Server Security certificates for encryption within their organizations might want to deploy the latest update for Outlook 2002. Microsoft Security Bulletin 03-003 ("Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure") explains that Outlook 2002 doesn't correctly handle X.509 V1 security certificates generated by the Exchange Key Management Server. Instead of encrypting a message sent between users who have such certificates, Outlook 2002 sends the message unencrypted. The problem isn't a security threat to a computer but rather the danger that unintended recipients might gain access to the confidential contents of the message.
Microsoft rates this vulnerability as moderate, noting that Secure MIME (S/MIME) certificates are more widely used than V1 Exchange Server Security certificates and that the problem doesn't affect S/MIME encryption. The problem occurs on the client, not the server, and affects only Outlook 2002, not Outlook 2000 or Outlook 98.
A patch issued by Microsoft this week fixes the flaw. It also includes a hotfix previously available only from Microsoft Product Support Services (PSS) and resolves some other problems for a wide range of environments, not just for Exchange clients. This patch is the second public update Microsoft has issued since Office XP Service Pack 2 (SP2). The Microsoft article "OL2002: Overview of the Outlook 2002 Update: January 22, 2003" describes the problems that the patch addresses and gives download details. The administrative version of the patch requires either Office XP SP2 or SP1; the end-user patch requires SP2.
The update also fixes two problems that can cause a system to crash or hang. The first problem fixed is that the mso.dll file can crash in certain situations when the user switches between two custom forms while the preview pane is on. The second is that the system can crash or hang when you use Data Access Object (DAO) code with forms that have calculated fields.
Another fix lets you find an item in another user's large shared mailbox folder by displaying the folder, then pressing a key to go to items that begin with that letter. This "quick key" search didn't always behave as expected in other users' folders before the fix. Three more fixes for users collaborating with Exchange let you recall a message sent by someone for whom you are a delegate, list a resource properly in the Location field when meeting requests include an invitation to the resource, and display reminders that weren't appearing in some Windows 2000 Server Terminal Services configurations.
For IMAP users, the January update solves an annoying problem with usernames that contain spaces. Some IMAP servers let account names have spaces, but Outlook formerly stripped the spaces, turning "Evelyn Montez" into "EvelynMontez." Another IMAP fix makes the default print style in mail folders the same as it is in an Exchange mailbox or Personal Folders (.pst) file-–the memo style, for printing individual messages, instead of the table style, which prints a line for each message.
Also posted in the Microsoft Office Download Center this week is another corrected version of the outlhol.exe file, dated January 22, that Outlook 2000 clients can use to extend the holidays on their Outlook Calendar from 2003 through 2007. If you're an administrator thinking of providing users with this update, you might want to review the holidays for the countries and religions your users are most likely to import and correct any remaining errors.
Microsoft Security Bulletin 03-003
("Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure")
"OL2002: Overview of the Outlook 2002 Update: January 22, 2003"
SPONSOR: PACWEST SECURITY ROAD SHOW
BACK BY POPULAR DEMAND - DON'T MISS OUR SECURITY ROAD SHOW EVENT!
If you missed last year's popular security Road Show event, now's your chance to catch it again in Portland and Redmond. Learn from experts Mark Minasi and Paul Thurrott about how to shore up your system's security and what desktop security features are planned for Microsoft .NET and beyond. Registration is free so sign up now!
(brought to you by Windows & .NET Magazine and its partners)
Chock-full of "been there, done that" information from experts who use Microsoft technologies in the real world. Get the latest updates on security, Microsoft Exchange Server, wireless, Microsoft .NET, Windows XP, Windows Server 2003, Windows 2000, and more. Exclusive opportunity to interact firsthand with Windows & .NET Magazine writers. Go to
This outstanding seven-city event will help you support your growing mobile workforce. Industry guru Paul Thurrott discusses the coolest mobility hardware solutions around, demonstrates how to increase the productivity of your "road warriors" with the unique features of Windows XP and Office XP, and much more. You could also win an HP iPAQ Pocket PC. There is no charge for these live events, but space is limited, so register today! Sponsored by Microsoft, HP, and Toshiba.
(contributed by Sue Mosher, [email protected])
Q: How can I add a shortcut on my Send To menu so that I can right-click a file and send it as an email attachment to a particular person?
A: As you probably know, Windows generates the Send To menu from a group of shortcuts in the user's SendTo folder, which typically is in the user's Windows profile folder. To create a Send To shortcut that points to a particular person, create a Windows shortcut in the SendTo folder that uses as the target the command
"C:\program files\microsoft officeoffice\outlook.exe" /c ipm.note /m [email protected]
The path to outlook.exe should reflect that file's location on your system, and [email protected] is the name or address of the person for whom you want to add a shortcut. If the name or address contains spaces, enclose it with quotation marks. You can then right-click any file, choose the recipient's name from the Send To menu, and send the file to that person.
See the Exchange & Outlook Administrator Web site for more great tips from Sue Mosher.
4. NEW AND IMPROVED
(contributed by Carolyn Mader, [email protected])
BorderWare Technologies released MXtreme Mail Firewall, an appliance that you deploy between your internal mail servers and the Internet to filter out spam. The appliance uses adaptive learning techniques to learn over time which words might signal spam in your environment. MXtreme automatically adjusts spam detection rules and uses a technology based on an advanced lexical analysis algorithm. You can choose from three MXtreme models, depending on the size of your environment. The device features virus scanning, encryption, and content-filtering capabilities. For pricing, contact BorderWare Technologies at 877-814-7900.
5. CONTACT US
Here's how to reach us with your comments and questions:
- ABOUT THE COMMENTARY — [email protected]
- ABOUT THE NEWSLETTER IN GENERAL — [email protected]
(please mention the newsletter name in the subject line)
- TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
- PRODUCT NEWS — [email protected]
- QUESTIONS ABOUT YOUR Exchange and Outlook UPDATE SUBSCRIPTION?
Customer Support — [email protected]
- WANT TO SPONSOR Exchange and Outlook UPDATE?