Please note: This page references older,
outdated technology and is no longer maintained. As a result, links may point to documents no longer available or
redirect to articles referencing newer versions. We've left it published for
historical reasons and in the hope that it will benefit the few sites stilling using the older technology.
Microsoft has released additional patches
for Outlook 2000 and Outlook 98 that work with the
Outlook E-mail Security Update to provide the same level of
security to the Collaboration Data
Objects (CDO) programming interface, which is often used in Outlook client
applications. This update has the same effect on applications using
CDO as the Outlook E-mail Security Update had on applications using
the Outlook object model. It blocks these functions:
Saving .exe, .com, .mdb and other types of file attachments
that Microsoft considers dangerous
Accessing address information
Sending messages programmatically
Any program that tries to use CDO to get to address information
or send a message will pop up a prompt that the user must respond to
before the program can continue its work. A system running this
patch will not be able to save "dangerous" attachments
with CDO code.
As with the Outlook E-mail Security Update, administrators can
customize the effects of the CDO patch with the security settings
form. See Customizing
the Outlook 98/2000 E-mail Security Update. This is the
only way to override the security settings in the update. Standalone
users and users in other mail environments cannot customize the
features of the update in any way.
Facts and Download | Should you install this patch?
| Installation | Removing the Patch | Attachment Security |
Automation Security | More Information
Should you install this patch?
CDO is not installed with Outlook 2000 by default. If the Cdo.dll
file is not on your system, then you don't need this patch. The patch
will say that it installs successfully, but it won't actually do
anything to your system.
On Outlook 98, installing the Outlook E-mail Security Update
automatically removes CDO. The patch listed above restores CDO with a
Under no circumstances should you install the CDO update on a
server! This is strictly a client update. If you successfully
install it on a server, your Exchange Server scripts, Outlook Web
Access and any other ASP pages that use CDO may stop working.
On Outlook 98, the CDO patch works only if
the Outlook E-mail Security Update is in place.
On Outlook 2000, the CDO patch works only if
the Outlook E-mail Security Update is in place and you included CDO as a
component installed through Office 2000 setup (rather than through a
separate setup program). Before installing the CDO patch, you should
The version number for Outlook 2000 -- Click Help | About
Microsoft Outlook. The About dialog should give the
version number as 126.96.36.19901 or later and include the phrase
"Security Update."Whether CDO is installed on your system -- Use the Start |
Find or Start | Search command to locate the cdo.dll
file. The copy that Outlook 2000 installs should be in a subfolder
such as under the \Program Files\Common Files\System\Mapi\1033
folder. (1033 is for U.S. English. If you have a different
language version of Outlook, you'll see a different number.) The
subfolder is 95 for Windows 95 and 98 users, NT for Windows NT and
Windows 2000 users.
If you do not see a copy of Cdo.dll, your installation of Outlook
2000 does not include the Collaboration Data Objects component, and
you do not need to install the CDO patch. CDO is not included in a
default Outlook 2000 installation, so there's a very good chance that
it is not present on your system.
On Windows NT and Windows 2000 systems, you must have Administrator
rights to install the patch.
Do not install the Outlook 2000 CDO patch through the link on the OfficeUpdate
Product Updates page. This page automatically checks your system
for installed updates. However, it does not install the CDO update
correctly, nor does it accurately report whether you have already
installed the CDO update. Instead, download the patch from Outlook 2000 Collaboration Data Objects (CDO) Update Security
and run the Cdoupdt.exe file. You should restart Windows after
installing the patch.
The date on the updated version should be June 19, 2000, and the
properties for the file should give its description as
"Collaboration Data Objects 1.21s." The "s" stands
for security, of course.
If you installed the update, but the date on Cdo.dll did not
change, that probably means that the CDO component was installed by
some method other than Office 2000 setup. You should go to Control
Panel, start Add/Remove Programs, and choose Office 2000 SR-1 (or
Outlook 2000, depending on which you have installed). Click Add or
Remove Features and then select Collaboration Data Objects under the
Outlook components, setting it to Run from My Computer. Click Finish to complete
installation of CDO via Office/Outlook setup. After setup completes,
install the CDO patch again. This time, the date and description on
the Cdo.dll file should show that it's the updated version.