Microsoft KB Archive/268654

= OFF2000: Administrative Update Available for HTML Script Vulnerability =

Article ID: 268654

Article Last Modified on 4/17/2006

-

APPLIES TO


 * Microsoft Excel 2000 Standard Edition
 * Microsoft PowerPoint 2000 Standard Edition

-



This article was previously published under Q268654



SUMMARY
To help you deploy the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update within your organization, Microsoft is providing an update for Office 2000 administrative installations. This update is contained in a self-extracting file available in the Microsoft Office Resource Kit Toolbox.

The &quot;More Information&quot; section of this article describes how to download and install this update on your administrative installation.



MORE INFORMATION
Before you apply the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update to your administrative installation, you must first apply the SR-1/SR-1a update to your administrative installation. Depending on whether you already installed SR-1/SR-1a on your network clients, please follow the steps in the appropriate section below.

For additional information about the difference between the Office 2000 SR-1 Update and the Office 2000 SR-1a Update, click the article number below to view the article in the Microsoft Knowledge Base:

261933 OFF2000: What Is the SR-1a Update?

Update an Administrative Installation with the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update
 Browse to following Microsoft Web site:

http://www.microsoft.com/office/ork/2000/appndx/toolbox.htm#xlpptaddin

 Click the download for Addin_a.exe. In the File Download dialog box, click Save this program to disk, and then click OK. Save the file to your desktop. In Windows Explorer, double-click the Addin_a.exe file. Type C:\Addinafiles in the Please type the location where you want to place the extracted files box, and then click OK. Click Yes when you are prompted to create the folder. Click Start, and then click Run. Type the following command in the Open box

msiexec /a \Data1.msi /p c:\Addinafiles\oqfe7779_admin.msp SHORTFILENAMES=1

where  is the path to your administrative installation point.</li> Click Next in the Microsoft Office 2000 Administrative Mode dialog box.

NOTE: You do not have to type your CD Key or company name in the Microsoft Office 2000 Administrative Mode dialog box.</li> Click I accept the terms in the License Agreement, and then click Next.</li> Click Install Now and then click OK when the installation is completed.</li> After the installation is completed, click Start, and then click Run. Type the following command in the Open box

msiexec /a \Data1.msi /p c:\Addinafiles\oqfe7752.msp SHORTFILENAMES=1

where  is the path to your administrative installation point.</li> Click Next in the Microsoft Office 2000 Administrative Mode dialog box.NOTE: You do not have to type your CD Key or company name in the Microsoft Office 2000 Administrative Mode dialog box.

</li> Click I accept the terms in the License Agreement, and then click Next.</li> Click Install Now and then click OK when the installation is completed.</li></ol>

Update Network Clients with the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update
You must follow these steps at each network client: <ol> Click Start, and then click Run. Type the following command in the Open box

msiexec /i \Data1.msi REINSTALL=EXCELFiles,PPTFiles REINSTALLMODE=vomus

where  is the path to your administrative installation point.</li> Click OK when the update is finished.</li> Click Yes if you are prompted to restart your computer.</li></ol>

Your network client is now configured with the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update.

Update the Administrative Installation to SR-1/SR-1a First
If you already updated your administrative installation with the SR-1/SR-1a Administrative update, skip this section, and continue with the steps in the &quot;Update an Administrative Installation with the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update&quot; section.

To update your administrative installation with the SR-1/SR-1a update, click the article number below to view the article in the Microsoft Knowledge Base:

257983 OFF2000: How to Obtain and Apply the SR-1/SR-1a Update to Administrative Installations

NOTE: After you update your administrative installation with the SR-1/SR-1a update, you do not yet need to update your network clients to SR-1/SR-1a. When you run the command line in the &quot;Update Network Clients with the SR-1/SR-1a and Excel/PowerPoint Updates&quot; section later in this article, your client is updated with both the SR-1/SR-1a and Excel 2000 and PowerPoint 2000 HTML Script Vulnerability updates.

After you perform the steps in article Q257983 to update your administrative installation with the SR-1/SR-1a update, continue with the steps below.

Update an Administrative Installation with the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update
<ol> Browse to following Microsoft Web site:

http://www.microsoft.com/office/ork/2000/appndx/toolbox.htm#xlpptaddin

</li> Click the download for Addin_a.exe.</li> In the File Download dialog box, click Save this program to disk, and then click OK.</li> Save the file to your desktop.</li> In Windows Explorer, double-click the Addin_a.exe file.</li> <li>Type C:\Addinafiles in the Please type the location where you want to place the extracted files box, and then click OK. Click Yes when you are prompted to create the folder.</li> <li>Click Start, and then click Run. Type the following command in the Open box

msiexec /a \Data1.msi /p c:\Addinafiles\oqfe7779_admin.msp SHORTFILENAMES=1

where  is the path to your administrative installation point.</li> <li>Click Next in the Microsoft Office 2000 Administrative Mode dialog box.

NOTE: You do not have to type your CD Key or company name in the Microsoft Office 2000 Administrative Mode dialog box.</li> <li>Click I accept the terms in the License Agreement, and then click Next.</li> <li>Click Install Now and then click OK when the installation is completed.</li> <li>Click Start, and then click Run. Type the following command in the Open box

msiexec /a \Data1.msi /p c:\Addinafiles\oqfe7752.msp SHORTFILENAMES=1

where  is the path to your administrative installation point.</li> <li>Click Next in the Microsoft Office 2000 Administrative Mode dialog box.

NOTE: You do not have to type your CD Key or company name in the Microsoft Office 2000 Administrative Mode dialog box.</li> <li>Click I accept the terms in the License Agreement, and then click Next.</li> <li>Click Install Now and then click OK when the installation is completed.</li></ol>

Update Network Clients with the SR-1/SR-1a and Excel/PowerPoint Updates
You must follow these steps at each network client: <ol> <li>Click Start, and then click Run. Type a command line similar to the following in the Open box

\Setup /qb

where  is the path to your administrative installation point.</li> <li>Click Yes if you are prompted to restart your computer.</li> <li>Click Yes if you are prompted again to restart your computer.</li></ol>

Your network client is now configured with the SR-1/SR-1a update and the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update.

NOTE: If you already updated your administrative installation with both SR-1/SR-1a and the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update, you can run Setup from the administrative installation on a network client that does not currently have Office installed. When Setup is finished, the network client is configured with SR-1/SR-1a and the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update. You do not have to perform any repair or reinstall procedures on this network client.

Confirming the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update Is Successfully Installed
For additional information about confirming that the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update is installed on your network clients, click the article numbers below to view the articles in the Microsoft Knowledge Base:

268365 XL2000: Update Available for HTML Script Vulnerability

268457 PPT2000: Update Available for HTML Script Vulnerability

Additional query words: XL2000 hole hack update OFF2000

Keywords: kbfix kbhowto KB268654

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.