Microsoft KB Archive/812708

= Overview of the Office XP Web Services Security Patch: November 11, 2003 =

Article ID: 812708

Article Last Modified on 1/9/2007

-

APPLIES TO


 * Microsoft SharePoint Team Services
 * Microsoft Office XP Standard Edition

-



SUMMARY
Microsoft has released a security patch for Microsoft Office XP and for Microsoft SharePoint Team Services from Microsoft. This security patch offers the highest level of stability and the highest level of enhanced security that is available for Office XP and for SharePoint Team Services. This security patch helps to protect against a security vulnerability that could permit an attacker to send a specially-formed request to a server by using SharePoint Team Services. This could cause a temporary denial of service. The Office XP Web Services Security Patch: KB812708 is part of continued efforts by Microsoft to provide the latest product updates to customers.

This article describes how to download and how to install the Office XP Web Services Security Patch: KB812708.

This security patch was first included in Office XP Service Pack 3 (SP3) for SharePoint Team Services.

For more information about the latest service pack for Office XP Service Pack 3 for SharePoint Team Services, click the following article number to view the article in the Microsoft Knowledge Base:

833845 Overview of Office XP Service Pack 3 for SharePoint Team Services



How to download and how to install the security patch
Important Before you install the security patch, make sure that you meet both of the following conditions:  Microsoft Windows Installer 2.0

Before you install this patch, you must install Microsoft Windows Installer 2.0 or later. For additional information about this requirement, see the &quot;Windows Installer Patch Requirements&quot; section of this article. Microsoft Office XP Service Pack 2 (SP-2)

Before you install this patch, you must install Office XP SP-2. For more information about how to install Office XP Service Pack 2, click the following article number to view the article in the Microsoft Knowledge Base:

325671 Description of the Office XP Service Pack 2



Client security patch
If you installed Office from a CD, you have two options:
 * Use the Office Product Updates Web site to automatically install all the latest updates that include all available service packs and all public updates.
 * Install only the Office XP Web Services Patch: KB812708 by following the steps that are described in this article.

Note Microsoft recommends that you install the client security patch by using the Office Product Updates Web site. The Office Product Updates Web site detects your particular installation of Office and then prompts you to install exactly what you must have to make sure that your Office installation is completely up-to-date.

Use the Office Product Updates Web site
For additional information about how you can have the Office Product Updates Web site detect the required updates that you must install on your computer, visit the following Microsoft Web site:

http://office.microsoft.com/en-us/downloads/maincatalog.aspx

After the required updates are detected, you receive a list of recommended updates for your approval. Click Start Installation to complete the process.

Install only the Office XP Web Services Security Patch: KB812708
The following file is available for download from the Microsoft Download Center:

Download the client version of the Office XP Web Services Security Patch: KB812708 package now.

Release Date: November 11, 2003

For more information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

After you click the link to download the security patch, follow these steps:
 * 1) Click Save to save the Officexp-kb812708-client-Eng.exe file to the selected folder.
 * 2) In Microsoft Windows Explorer, double-click Officexp-kb812708-client-Eng.exe.
 * 3) If you are prompted to install the patch, click Yes.
 * 4) Click Yes to accept the License Agreement.
 * 5) Insert your Office XP CD when you are prompted, and then click OK.
 * 6) When you receive a message that indicates that the installation is successful, click OK.

Note After you install the patch, you cannot remove it.

Administrative security patch
If you installed Office XP from a server location, the server administrator must update the server location with the administrative patch and then deploy that update to your computer.

The following file is available for download from the Microsoft Download Center:

Download the administrative version of the Office XP Web Services Security Patch: KB812708 package now.

Release Date: November 11, 2003

For more information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

After you click the link to download the administrative patch, follow these steps if you are the server administrator:  Click Save to save the Officexp-kb812708-fullfile-Eng.exe file to the selected folder. In Windows Explorer, double-click Officexp-kb812708-fullfile-Eng.exe. If you are prompted to install the patch, click Yes. Click Yes to accept the License Agreement.</li> In the Type the location where you want to place the extracted files box, type C:\kb812708, and then click OK.</li> Click Yes when you are prompted to create the folder.</li> If you are familiar with the procedure to update your administrative installation, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, and then click Run.</li> In the Open box, type the following command:

msiexec /a \ /p C:\kb812708\  SHORTFILENAMES=TRUE

where  is the path of your administrative installation point for Office XP (for example, C:\OfficeXP), where   is the .msi database package for Office XP (for example, Proplus.msi), and where   is the name of the administrative patch (for example, Fp5autlff.msp).

Note You can append /qb+ to the command line so that the Office XP Administrative Installation dialog box and the End User License Agreement dialog box do not appear.</li></ol> </li> To deploy the patch to the client workstations, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, and then click Run.</li> In the Open box, type the following command:

msiexec /i \  REINSTALL=  REINSTALLMODE=vomu

where  is the path of your administrative installation point for Office XP (for example, C:\OfficeXP), where   is the MSI database package for Office XP (for example, Proplus.msi), and where   is the list of feature names (case sensitive) that have to be reinstalled for the patch.

To install all features, you can use REINSTALL=ALL, or you can install the features that are listed in the following table:</li></ol> </li></ol>

For more information about how to update your administrative installation and how to deploy to client workstations, click the following article number to view the article in the Microsoft Knowledge Base:

301348 How to install public updates to administrative installations of Office XP

This article contains standard instructions for installing an administrative public update.

For additional information from the Microsoft Office Resource Kit about how to install an administrative public patch, visit the following Microsoft Web site:

http://www.microsoft.com/office/ork/2003/admin/xp/Ows1002a.htm

How to determine whether the security patch is installed
The client version of the security patch contains updated versions of the following files: <pre class="fixed_text">  File name      Version -  Fp5Awel.dll   10.0.4803.0 Fpeditax.dll 10.0.4622.0 Owssvr.dll   10.0.4921.0 Fp5Autl.dll  10.0.4406.0 Fp5Awec.dll  10.0.4406.0 Fp5amsft.dll 10.0.4803.0 The administrative version of the security patch contains updated versions of the following files: <pre class="fixed_text">  File name      Version -  Cfgwiz.exe    10.0.4205.0 Fpeditax.dll 10.0.4622.0 Fpmmc.dll    10.0.4205.0 Fp5Amsft.dll 10.0.4803.0 Fp5Areg.dll  10.0.4205.0 Fp5Autl.dll  10.0.4406.0 Fp5Awec.dll  10.0.4406.0 Fp5Awel.dll  10.0.4803.0 Fpadmdll.dll 10.0.4205.0 Owssvr.dll   10.0.4921.0 Owstimer.exe 10.0.4205.0

To determine whether the Office XP Web Services Security Patch: KB812708 is installed, follow these steps.

Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
 * 1) Click Start, and then click Search.
 * 2) In the Search Companion pane, click All files and folders.
 * 3) In the All or part of the file name box, type the file name of one of the files that was updated by the Office XP Web Services Security Patch: KB812708, and then click Search.
 * 4) In the list of files, right-click one of the files, and then click Properties.
 * 5) On the Version tab, determine the version of the file to confirm that the Office XP Web Services Security Patch: KB812708 is installed.

For more information about how to determine the version of Word 2002 on your computer, click the following article number to view the article in the Microsoft Knowledge Base:

291331 How to check the version of Office XP

Note If Office XP Web Services Security Patch: KB812708 is already installed on your computer, you receive the following message when you try to install the patch:

This update has already been applied or is included in an update that has already been applied.

List of issues that are fixed by the security patch
The Office XP Web Services Security Patch: KB812708 fixes the issues that are described in the following Microsoft Knowledge Base articles.

325769 Linked style sheet classes are not available in the 'Classes' list

329679 DHTML mouse over effect displays a broken image in NetScape Navigator

328189 List tag attribute is removed when a page is an Included Page

The Office XP Web Services Security Patch: KB812708 fixes the following issues that were previously not documented in the Microsoft Knowledge Base.

Security: Anonymous denial of service attack vulnerability
A form results but may be vulnerable to anonymous denial of service attacks.

Specially-formed request that is sent to a SharePoint Team Services-based server could cause a temporary denial of service
An attacker could send a specially-formed request to a server that is using SharePoint Team Services. This could cause a temporary denial of service.

Application error when you upgrade to Windows Server 2003 if SharePoint Team Services installed
When you install SharePoint Team Services on Microsoft Windows Server 2003, or when you upgrade from Microsoft Windows 2000 with SharePoint Team Server installed to FrontPage Server Extensions 2002 from Windows Server 2003, an error may occur.

Closing TABLE tag is added when HTML comment is present or when the file is saved as a template
When you add an opening  tag before the comment. This behavior occurs even if you click Preserve existing HTML in FrontPage. This behavior also occurs if an opening  tag is saved as a FrontPage template.

Cannot change NTFS file system permissions through the FrontPage Permissions dialog box
When SharePoint Team Services is started in Internet Service Provider (ISP) mode, you cannot use the FrontPage 2000 permissions dialog box or the FrontPage 98 permissions dialog box to directly apply NTFS permissions. You can do this by using SharePoint Administrator.

Additional query words: inf OFFXP fix list security_patch security_update update security bug context flaw vulnerability malicious attacker exploit registry unauthenticated specially-formed scope specially-crafted affected

Keywords: atdownload kbdownload kbsecurity kbupdate kbinfo KB812708

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.