All A security friend has advised me that the listed patch for outlook express also fixes the issue for outlook versions as well. I think he is probably correct in thinking that MHTML is only implemented in one spot and used by all three components (OE,IE,outlook) but the advisory just isn't all that clear. The passage in question is: MHTML is a standard for exchanging HTML content in e-mail and as a result the MHTML URL Handler function has been implemented in Outlook Express. Internet Explorer can also render MHTML content, however the MHTML function has not been implemented separately in Internet Explorer - it simply uses Outlook Express to render the MHTML content. If I get time I will try to do a file trace when installing the patch and see what we get. Has anyone else had advice regarding this patching issue? Jamie.