Microsoft warns against harmful script attacks for users of Outlook with Word as the default editor.

Summary: Malicious scripts embedded in HTML or rich-text e-mail may execute in Outlook 2000 and 2002.

By Robert Vamosi | April 26, 2002 -- 00:00 GMT (17:00 PDT)

On April 26, Microsoft released a new security bulletin, MS02-021, for anyone running Microsoft Word as the default e-mail editor for Microsoft Outlook 2000a> and 2002. (The Word option is enabled or disabled by clicking Tools > Options > Mail Format.) Users editing or creating e-mail in rich text or HTML formats with the Word option could be vulnerable to harmful scripts sent from malicious users.

How it works
Users who only read their e-mail via Word are not vulnerable; HTML e-mail in Outlook uses Internet Explorer's security settings and will not run malicious scripts sent via e-mail. However, users who reply or forward e-mail using Word are at risk because Word does not have script-blocking capabilities.

Prevention
A patch is available from Microsoft. Outlook 2002 users who have enabled the "Read HTML e-mail as plain text" feature in Office XP SP1 will not need to apply this patch.

Have you been hit this script attack? TalkBack below or e-mail us with your comments.

Topics: Collaboration, Microsoft, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.