The following is tip #3 from "20 Tips on securing Outlook in 20 minutes," excerpted from a chapter in Paul Robichaux's book, Secure Messaging with Microsoft Exchange Server 2003 © 2004, published by Microsoft Press. Return
to the main page for more tips on this topic.
In Outlook 2002 and Outlook 2003, the default security zone setting is Restricted Sites, rather than Internet. Within the Restricted Sites zone, active scripting is also disabled by default. This security zone disables most automatic scripting and prevents Microsoft ActiveX controls from opening without permission. This change is designed to protect against malware that might be contained in HTML messages. As long as you leave the default Outlook zone set to Restricted Sites, Outlook won't run scripts in HTML messages, and ActiveX controls in those messages are deactivated. You should ensure that you always apply Internet Explorer patches to all machines running Outlook, because Outlook uses Internet Explorer to render HTML messages.
Get more "20 Tips on securing Outlook in 20 minutes!" Return to the main page.
About the author: Paul Robichaux is a partner at 3sharp LLC, author of several books on Exchange, Windows, and security, a Microsoft MVP for Exchange Server and a frequent speaker and presenter at IT industry conferences. He's written software for everyone from the U.S. National Security Agency to scientists flying their experiments aboard the Space Shuttle, fixed helicopters in the desert and spent way too much time playing video games.