By Ben Schoor
For those of you who dislike HTML mail, here's another reason to be perturbed. A Java and HTML vulnerability can be used to eavesdrop on an HTML message that is forwarded, determining who it was forwarded to as well as what text was added by the forwarding party.
Will you have Java with your e-mail?
The really unsettling part is that this exploit works in sort of a continuous cycle. For example, let's say you receive one of these messages, add your comments, and forward the e-mail to someone else; they reply to the e-mail and send it back to you. Now your comments and the comments of your correspondent can be sent to the originator.
Block those prying eyes
If you're not interested in downloading Outlook 2000 SP-2, then we recommend manually adjusting the security settings in Outlook.
- Go to Tools | Options.
- Click the Security tab and hit the Zone Settings button.
- Click OK when the message pops up.
- Select the Restricted Sites zone and hit the Custom Level button.
- Scroll down to the Active Scripting setting and select Disable. (Ensure that the Security Level is set on High.) (See Figure A.)
- Click OK three times.
A quick note
A word of warning
A vulnerability in Outlook 2000 could allow an HTML message to circumvent your Java security by opening an instance of Internet Explorer with lowered defenses. Microsoft's fix for this security problem is the Outlook 2000 SR-1 Java Permissions Security Update.
Have handy Outlook tips like these sent directly to your inbox
If you would like to read more tips like this one, sign up for the Outlook TechMail. Let us know what you think about this article and the Outlook TechMail by posting a comment or by sending us a note.