• Microsoft Outlook Express 5.5 Service Pack 2
• Microsoft Outlook Express 6.0 (Microsoft Windows Server 2003 for Itanium-based Systems)
• Microsoft Outlook Express 6.0 (Microsoft Windows Server 2003 Service Pack 1)
• Microsoft Outlook Express 6.0 (Microsoft Windows Server 2003 Service Pack 2)
• Microsoft Outlook Express 6.0 (Microsoft Windows Server 2003 with SP1 for Itanium-based Systems)
• Microsoft Outlook Express 6.0 (Microsoft Windows Server 2003 x64 Edition Service Pack 2)
• Microsoft Outlook Express 6.0 (Microsoft Windows Server 2003 x64 Edition)
• Microsoft Outlook Express 6.0 (Microsoft Windows XP Professional x64 Edition Service Pack 2)
• Microsoft Outlook Express 6.0 (Microsoft Windows XP Professional x64 Edition)
• Microsoft Outlook Express 6.0 Service Pack 1
• Windows Mail (Microsoft Windows Server 2008 for 32-bit Systems)
• Windows Mail (Microsoft Windows Server 2008 for Itanium-based Systems)
• Windows Mail (Microsoft Windows Server 2008 for x64-based Systems)
• Windows Mail (Microsoft Windows Vista Service Pack 1)
• Windows Mail (Microsoft Windows Vista x64 Edition Service Pack 1)
• Windows Mail (Microsoft Windows Vista x64 Edition)
• Windows Mail (Windows Vista)

This security update resolves an Outlook Express and Windows Mail vulnerability which could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer. Users configured to have fewer administrative privileges could be less impacted than users who operate with full administrative user rights.

This security update changes the MHTML protocol handler in Windows so that it securely handles MHTML URLs in redirection scenarios.

Patches for this vulnerability can be downloaded on this Microsoft Web page.

Microsoft recommends to configure Internet Explorer to lock down HTML content from particular network protocols in additional zones besides the Local Machine zone. More details regarding this workaround may be found on this Microsoft Web page.