You've explained that you can easily protect Outlook's preview pane from malicious code attacks. As a result, can you safely just download or preview messages?
In my August 2000 column, I described changes in Microsoft Internet Explorer (IE) security zones that you can make to secure Outlook against malicious code that might arrive in HTML messages, if you haven't installed the Outlook E-mail Security Update. These changes ensure that no code or ActiveX components can run when you just look at a message in Outlook's preview pane.
Unfortunately, the latest vulnerability in Outlook isn't related to these easy-to-adjust HTML mail settings and is potentially much more serious. The "Malformed Email Header" weakness exposes a chink in Outlook's defenses that can let malicious code enter your system—just by downloading a message. The attack can affect any copy of Outlook—even Outlook 97—that you use to retrieve Internet mail from a POP3 account. (You aren't at risk if you use Outlook only to access an Exchange Server mailbox through the Microsoft Exchange Server service.) You can read about this problem in Microsoft Security Bulletin (MS00-043), "Patch Available for 'Malformed E-mail Header' Vulnerability" (http://www.microsoft.com/technet/security/bulletin/ms00-043.asp).
To fix this vulnerability, perform one of the following preventive actions:
- On OSs other than Windows 2000, install IE 5.5 from http://www
.microsoft.com/windows/ie/
download/ie55.htm.
- On Win2K, install Win2K Service Pack 1 (SP1) or IE 5.01 SP1. Both are available at the Windows Update site at http://windowsupdate.microsoft
.com/.
- If you're already using Outlook Express 5.01 with any OS, install the separate security update from http://
www.microsoft.com/windows/ie/
download/critical/patch9.htm. To check your Outlook Express version, start Outlook Express, and choose Help, About Microsoft Outlook Express. If the version is 5.00.2919.6600 or, for Win2K, 5.00.2919.6700, you have Outlook Express 5.01.
The Outlook Express version is relevant because Outlook shares components, such as the HTML rendering engine and Internet account management, with Outlook Express.
What fields does Outlook search when I use the Find a Contact box on the Standard toolbar?
When you type a name or part of a name in the Find a Contact box, then press Enter, Outlook searches the Full Name and Subject fields in your default Contacts folder. Outlook also searches the name portion of SMTP addresses by using the name@domain format, but not the domain name. In other words, a search for exadmin would find a contact with the address exadmin@slipstick.com, but not one with the address slipstick@exadmin.com.
For a shortcut to frequently used contacts, click the small arrow to the right of the Find a Contact box to see a list of names. When you use the Find a Contact box to locate a particular person's records, Outlook adds your search term to this list.
Why does Find a Contact sometimes overlook contacts that I know are in my Contacts folder?
Find a Contact uses the same functionality as the Check Names feature, which users can invoke by pressing Ctrl+K, that resolves names in the To, Cc, and Bcc fields to the email addresses. For Find a Contact to locate an entry in the Contacts folder, the default Contacts folder must be available as an address book for name resolution and the contact must have an email address or fax number.
If Find a Contact doesn't work at all, check Tools, Services for the Outlook Address Book service. Add the Outlook Address Book if the Services dialog box doesn't list it as a service in the current mail profile. Restart Outlook. Right-click your Contacts folder, choose Properties, then switch to the Outlook Address Book tab. If the Show this folder as an e-mail Address Book check box is clear, select that option. If Find a Contact doesn't locate certain contacts, check those contacts to make sure that they have either an email address or a fax number.
What fields does Outlook search when I use the Find button on the Standard toolbar?
When you click Find and enter text in the panel that appears in the Contacts folder, Outlook searches the various name fields, the Company and Category fields, and the address and email address fields to locate all matching items. Outlook also searches the Subject field and, if you select the Search all text in the contact check box, the large notes area for the contact. The search runs faster if you don't select the Search all text in the contact check box.