XCLN: More Secure Launching of Attachments, Freedocs and URL'sLast reviewed: July 15, 1997Article ID: Q166557 |
The information in this article applies to:
SYMPTOMSMicrosoft Exchange Client does not warn users about opening potentially dangerous files and OLE attachments that arrive in e-mail messages.
STATUSMicrosoft has confirmed this to be a problem in Microsoft Exchange Server version 5.0. This problem was corrected in the latest Microsoft Exchange Server 5.0 U.S. Service Pack. For information on obtaining the service pack, query on the following word in the Microsoft Knowledge Base (without the spaces):
S E R V P A C K MORE INFORMATIONThe following change is planned for Microsoft Exchange Client 5.0 Service Pack 1. The client behaves like Microsoft Internet Explorer 3.02 when receiving a file attachment or OLE embedding from an external source. To effect the change, set attachment security setting to High (on the Tools menu, click Options, and click the Attachment). When you receive a file attachment, you are warned about the dangers of files from external sources and asked if you want to continue the operation. For all non-executable/non-scriptable attachment types (that is, types other than .exe, .cmd, .bat, .zip, and similar types) you are also presented with the option to not be notified when this type of file is opened again. You are able to either save the file to another destination or continue and open this file as is. NOTE: No virus scanning is performed on this file. You are responsible for performing such operations. When Windows users receive a URL attachment, the above file attachment semantics are applied. All Macintosh URLs and other URL types on Windows are "safe" from the Microsoft Exchange Client perspective because the Internet agent (browser, WinInet, and so on) is responsible for parsing and warning you of potential problems. When you receive a message containing an embedded OLE object, you are warned before the message is displayed if it contains potentially harmful objects, and you are given the choice of removing the object (leaving the message marked as dirty) or using the object as is. An object is considered safe to display if it uses only the default OLE server or handler for in- process operations. You will also be warned about the safety of the OLE object when you attempt to activate it (for example, when you double-click or choose another operation from the object's context menu) unless you have marked all objects as safe. You can also indicate on the warning dialog box (in either case) whether to be warned about this type of object in the future. |
Keywords : kbbug5.00 kbfix5.00.sp1 kbusage XCLN
© 1998 Microsoft Corporation. All rights reserved. Terms of Use. |