Microsoft KB Archive/312097

= OFF2000: Administrator's Guide to Office 2000 Security Bulletins =

PSS ID Number: 312097

Article Last Modified on 4/26/2002

-

The information in this article applies to:


 * Microsoft Office 2000 (Setup)

-



This article was previously published under Q312097



SUMMARY
Microsoft frequently releases security updates for Microsoft Office 2000. This article provides administrators with assistance in identifying which security bulletins to include in their Office 2000 infrastructure. This article identifies which updates are made obsolete by other updates and provides a means to identify whether the current executables contain a specific update.

NOTE: Updated Office 2000 files contain all previous updates. This article only references those Office 2000 updates that are described in Microsoft Security Bulletins. For administrative updates that are not security bulletins, please refer to the Microsoft Office Resource Kit Journal at the following Microsoft Web site:

http://www.microsoft.com/office/ork/xp/journ/adminup.htm#Off2000

For direct links to the client and administrative updates, see the &quot;References&quot; section later in this article.



Microsoft Security Bulletins for Office 2000
MS02-021: E-mail Editor Flaw Could Lead to Script Execution on Reply or Forward

The Word 2000 Update: April 25, 2002, contains a security fix that prevents Microsoft Word 2000 from running ActiveX controls without warning when the user is using Word to edit e-mail messages and has configured Microsoft Outlook to disable script.

a.k.a. Word 2000 Update: April 25, 2002

Distributed: April 2002

Supercedes: MS01-034, MS01-028, MS00-071/SP-2, SR-1/SR-1a

Is superceded by: n/a

Microsoft Knowledge Base article: Q320536

Installation/Verification

File versions: winword.exe:9.00.0000.6328

MSP files (client): WINWORD.msp

MSP files (admin): WINWORD_Admin.msp

FeatureList: WORDFiles

'''MS01-050: Malformed Excel or PowerPoint Document Can Bypass Macro Security

''' The Excel 2000 SR-1 Macro Modification Security update addresses a vulnerability that could allow malicious code to run in an Excel file without warning. Under normal circumstances, you see a warning in Microsoft Excel 2000 when you open a document containing macros. However, it is possible for a malicious user to modify the macros in such a way that a macro can run with no warning issued.

a.k.a. Excel 2000 SR-1 Macro Modification Security Update

Distributed: October 2001

Supercedes: SP-2, MS00-051, MS00-049, SR-1/SR-1a, MS99-044

Is superceded by: n/a

Microsoft Knowledge Base article: Q306604

Installation/Verification

File versions: excel.exe:9.00.0000.5519, msstko32.dll:2.00.4807.0000, msstko32.dll_KOR:2.00.4807.0000

MSP files (client): EXCEL.msp

MSP files (admin): EXCEL_Admin.msp

FeatureList: EXCELFiles

MS01-050: Malformed Excel or PowerPoint Document Can Bypass Macro Security

The PowerPoint 2000 SR-1 Macro Modification Security Update addresses a vulnerability that could allow malicious code to run in a Microsoft PowerPoint file without warning. Under normal circumstances, you see a warning in PowerPoint 2000 when you open a document containing macros. However, it is possible for a malicious user to modify the macros in such a way that a macro can run with no warning issued.

a.k.a. PowerPoint 2000 SR-1 Macro Modification Security Update

Distributed: October 2001

Supercedes: MS01-002 (except pp7x32.dll), SP-2, SR-1/SR-1a

Is superceded by: n/a

Microsoft Knowledge Base article: Q306603

Installation/Verification

File versions: powerpnt.exe:9.00.0000.5519

MSP files (client): POWERPNT.msp

MSP files (admin): POWERPNT_Admin.msp

FeatureList: PPTFiles, PPTNonBootFiles

MS01-038 : Outlook View Control Exposes Unsafe Functionality

The Outlook View Control is an ActiveX control that can be added to Microsoft Outlook 2000 to allow you to view Outlook e-mail folders on Web pages. The Outlook 2000 SR-1 View Control Security Update protects you from attackers who attempt to exploit the vulnerability in the Microsoft Outlook mail client.

NOTE: This control is not available as part of the Outlook 2000 installation. If you installed Office/Outlook 2000 from an administrative installation point with administrative updates applied, you can install this update on client workstations.

a.k.a. Outlook 2000 SR-1 Update: View Control Security

a.k.a. Outlook 2000 SR-1 View Control Security Update

Distributed: July 2001

Supercedes: n/a

Is superceded by: n/a

Microsoft Knowledge Base article: Q303833

Installation/Verification

File versions: outlctlx.dll:10.00.0000.3124

MSP files (client): n/a

MSP files (admin): n/a

FeatureList: n/a

MS01-034: Malformed Word Document Could Enable Macro to Run Automatically

The Word 2000 Security Update: Macro Vulnerability addresses a vulnerability that could allow malicious code to run in a Rich Text Format (RTF) document without warning. Under normal circumstances, you see a warning in Microsoft Word 2000 when you open a document attached to a template containing macros. However, it is possible for an RTF document to be linked to a template containing macros in such a way that a macro can run with no warning issued.

a.k.a. Word 2000 Security Update: Macro Vulnerability

a.k.a. Word 2000 SR-1a and Word 97 RTF Security Updates

Distributed: June 2001

Supercedes: MS00-071/SP-2, SR-1/SR-1a

Is superceded by: MS02-021

NOTE: For Word 2000, this is exactly the same as MS01-028. This bulletin was expanded to include a related fix to Word 2002.

Microsoft Knowledge Base article: Q288266

Installation/Verification

File versions: winword.exe:9.00.0000.5302

MSP files (client): WINWORD.msp

MSP files (admin): WINWORD_Admin.msp

FeatureList: WORDFiles

MS01-028: RTF Document Linked to Template Can Run Macros Without Warning

The Word 2000 Security Update: Macro Vulnerability addresses a vulnerability that could allow malicious code to run in a Rich Text Format (RTF) document without warning. Under normal circumstances, you see a warning in Word 2000 when you open a document attached to a template containing macros. However, it is possible for an RTF document to be linked to a template containing macros in such a way that a macro can run with no warning issued.

a.k.a. Word 2000 Security Update: Macro Vulnerability

a.k.a. Word 2000 SR-1a and Word 97 RTF Security Updates

Distributed: May 2001

Supercedes: MS00-071/SP-2, SR-1/SR-1a

Is superceded by: MS02-021.

NOTE: For Word 2000, this is exactly the same as MS01-034. This bulletin was expanded to include a related fix to Word 2002.

Microsoft Knowledge Base article: Q288266

Installation/Verification

File versions: winword.exe:9.00.0000.5302

MSP files (client): WINWORD.msp

MSP files (admin): WINWORD_Admin.msp

FeatureList: WORDFiles

MS01-002: PowerPoint 2000 File Parser Contains Unchecked Buffer

The PowerPoint security updates protect your organization against a vulnerability that could occur if a malicious hacker inserts special data into a PowerPoint file and then entices a user into opening the file on the user's computer. The vulnerability is exposed through a built-in parsing routine that contains an unchecked buffer.

a.k.a. PowerPoint 2000 SR-1 Update: Extended Parsing Vulnerability

a.k.a. Revised - PowerPoint 2000 SR-1 and PowerPoint 97 Security Updates

Distributed: Originally posted: January 21, 2001. Revised: May 22, 2001.

Supercedes: SP-2, SR-1/SR-1a

Is superceded by: MS01-050 (powerpnt.exe only)

Microsoft Knowledge Base article: Q285978

Installation/Verification

File versions: pp7x32.dll:9.00.0000.5121, powerpnt.exe:9.00.0000.5107

MSP files (client): POWERPNT.msp, PP7X32.msp

MSP files (admin): POWERPNT_Admin.msp, PP7X32_Admin.msp

FeatureList: PPTFiles,PPTNonBootFiles

MS01-001: Web Client Will Perform NTLM Authentication Regardless of Security Settings

The Web Client Security Update for Office 2000 protects you from a vulnerability in Office 2000 that can allow logon information to be sent over the Internet. Malicious Web site operators could deceive users into browsing to a Web page or server that captures logon information without permission or verification of credentials from the user. This update prevents user credentials from being sent unless users grant express permission consistent with their browser settings.

NOTE: The updated component, Web Extender Client (WEC), is a component that also is included with Microsoft Windows 2000 and Microsoft Windows Millennium Edition (Me). On those operating systems, Microsoft Office cannot update the affected files. See the Security Bulletin for the updates available for those operating systems.

a.k.a. Office 2000 SR-1 Update: Web Client Security

a.k.a. Microsoft Web Client Security Update

Distributed: January 2001

Supercedes: SP-2, SR-1/SR-1a

Is superceded by: n/a

Microsoft Knowledge Base article: Q282132

Installation/Verification

File versions: fp4awec.dll:4.00.0002.4715, fpeditax.dll:4.00.0002.4426, frontpg.exe:4.00.0002.4426

MSP files (client): FRONTPG.msp

MSP files (admin): FRONTPG_Admin.msp

FeatureList: FPWecCom, WebPublFiles, FPClientFiles, ProductNonBootFiles

MS00-071: Word Mail Merge Vulnerability

The Word 2000 Mail Merge Security Update protects you from a vulnerability in the mail-merge function in Word with Access databases as a data source. Because the mail-merge function in Word can allow an Access database to run macro code automatically, with no macro protection warnings turned on, malicious users could entice you to open a specially constructed mail-merge Word document (from an e-mail attachment or a link on a hostile Web site) that might cause arbitrary code to run on your computer.

a.k.a. Word 2000 Update: Mail Merge Security

a.k.a. Word Mail Merge Security Update

Distributed: October 2000

Supercedes: SP-2 (same as), SR-1/SR-1a

Is superceded by: MS01-028/MS01-034

Microsoft Knowledge Base article: Q274226

Installation/Verification

File versions: winword.exe:9.00.0000.4527

MSP files (client): WINWORD.msp

MSP files (admin): WINWORD_Admin.msp

FeatureList: WORDFiles

MS00-056: Microsoft Office HTML Object Tag Vulnerability

The Microsoft Office 2000 Security Update: HTML Data eliminates a security vulnerability in Word 2000, Excel 2000, and PowerPoint 2000. This vulnerability could allow a Hypertext Markup Language (HTML) file to shut down one of these programs and potentially run malicious code.

a.k.a. Office 2000 Security Update: HTML Data

a.k.a. Deploying the Office 2000 HTML Data Security Update

Distributed: August 2000

Supercedes: SP-2, SR-1/SR-1a

Is superceded by: n/a

Microsoft Knowledge Base article: Q269880

Installation/Verification

File versions: mso9.dll:9.00.0000.4402

MSP files (client): OQFE7838_Client.msp

MSP files (admin): OQFE7838_Admin.msp

FeatureList: ProductFiles, OUTLOOKNonBootFiles, WORDNonBootFiles, ACCESSNonBootFiles, EXCELNonBootFiles, FPClientNonBootFiles, PPTNonBootFiles, ProductNonBootFiles

MS00-051: Excel REGISTER.ID Function Vulnerability

The Microsoft Excel REGISTER.ID Security Update eliminates the vulnerability that could be exploited by using the worksheet tools of Excel 2000 to do malicious acts, such as deleting and overwriting files without the user's input or verification. This update protects against harmful code that could be run from a worksheet by disabling the REGISTER.ID function.

a.k.a. Excel 2000 Security Update: REGISTER.ID

a.k.a. Deploying the Microsoft Excel 2000 and Microsoft Excel 97 Register.ID Function Updates

Distributed: July 2000

Supercedes: MS00-049, SR-1/SR-1a, MS99-044

Is superceded by: MS01-050, SP2

Microsoft Knowledge Base article: Q269252

Installation/Verification

File versions: excel.exe:9.00.0000.4317

MSP files (client): OQFE7797_Client.msp

MSP files (admin): OQFE7797_Admin.msp

FeatureList: EXCELFiles

MS00-049: Office HTML Script and Microsoft Internet Explorer Script Vulnerabilities

The Excel 2000 and PowerPoint 2000 SR-1 HTML Script Vulnerability Update eliminates a security vulnerability in the Excel 2000 and PowerPoint 2000 object models that could expose them to unsafe scripts when a user views a Web page or HTML e-mail message.

a.k.a. Excel/PowerPoint 2000 SR-1 Update: HTML Script Vulnerability

a.k.a. Deploying the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Updates

Distributed: July 2000

Supercedes: SR-1/SR-1a, MS99-044

Is superceded by: MS01-050, SP2, MS00-051

Microsoft Knowledge Base article: Q268365 (Excel 2000), Q268457 (PowerPoint 2000)

Installation/Verification

File versions: excel.exe:9.00.0000.4307 (The PowerPoint portion is a registry change only.)

MSP files (client): OQFE7752.msp, OQFE7779.msp

MSP files (admin): OQFE7752.msp, OQFE7779_Admin.msp

FeatureList: EXCELFiles, PPTFiles

MS00-034: Office 2000 UA Control Vulnerability

This update eliminates a security vulnerability in Office 2000 and Office 2000 family members. An ActiveX control that is included as part of Office 2000 is incorrectly marked as &quot;safe for scripting&quot;. This control, the Office 2000 UA Control, is used by the &quot;Show Me&quot; function in Office Help and allows Office functions to be scripted. The vulnerability could allow a malicious Web site operator to take inappropriate action on the computer of a user who visited the Web site operator's Web site. Other Office 2000 family products that are affected include Microsoft PhotoDraw 2000, Microsoft Publisher 2000, Microsoft Project 2000, and Microsoft FrontPage 2000.

a.k.a. Office 2000 Security Update: UA Control Vulnerability

Distributed: May 2000

Supercedes: n/a

Is superceded by: n/a

Microsoft Knowledge Base article: Q262767

Installation/Verification

File versions: OUACtrl.ocx:2.00.0000.0000

MSP files (client): n/a

MSP files (admin): n/a

FeatureList: ProductNonBootFiles (and a REINSTALLMODE=e)

MS00-015 : Clip Art Buffer Overrun Vulnerability

This update eliminates a security vulnerability in the Microsoft Clip Art Gallery. The vulnerability could allow a malicious party to cause hostile code to run on the computer of a user of the Clip Art Gallery. Under certain circumstances, a very long field embedded in a clip art CIL file could cause a buffer overrun in the Clip Art Gallery software. The buffer overrun could cause the software to crash or, under certain circumstances, could cause hostile code to run on the computer where the Clip Art Gallery software was running.

a.k.a. Microsoft Clip Gallery Buffer Overrun Vulnerability Patch

Distributed: March 2000

Supercedes: n/a

Is superceded by: SP2, SR-1/SR-1a

Microsoft Knowledge Base article: Q256167

Installation/Verification

File versions: cag.exe:5.2.1.0223

MSP files (client): n/a

MSP files (admin): n/a

FeatureList: ClipGalleryFiles (and a REINSTALLMODE=e)

MS00-002 : Malformed Conversion Data Vulnerability

The Malformed Conversion Data Vulnerability Update eliminates a security vulnerability in a utility that converts Microsoft Word 5.0 documents to Word 2000 format and is included with the East Asian versions of Word 2000. The vulnerability could allow arbitrary code to be run on a computer when a specially modified Word document is opened. By providing a specially modified Word 5.0 document, a user could run malicious code by using a classic buffer overrun technique when the conversion utility processed it.

a.k.a. Word 2000 Patch: Malformed Conversion Data Vulnerability

Distributed: January 2000

Supercedes: n/a

Is superceded by: n/a

Microsoft Knowledge Base article: Q249881

Installation/Verification

File versions: ww5_CHS.cnv:1999.12.0021.0000, ww5_CHT.cnv:1999.12.0021.0000, ww5_JPN.cnv:1999.12.0021.0000, ww5_KOR.cnv:1999.12.0021.0000

MSP files (client): OQFE4023.msp

MSP files (admin): OQFE4023.msp

FeatureList: n/a

MS99-044 : Excel SYLK Vulnerability

This update corrects a potential Excel SYLK file security vulnerability. When symbolic link (SYLK) files that contain macros are opened in Excel 2000, users do not receive the usual macro warning dialog box. These macros could potentially delete files or perform other malicious acts on a computer. You could encounter this problem by opening a SYLK file that contains an Excel macro sheet that is attached to an e-mail message or is linked to from a Web site. This update corrects the SYLK file vulnerability by displaying the macro warning dialog box whenever you open a SYLK file that contains macros.

a.k.a. Microsoft Excel 2000 SYLK File Security Update

Distributed: October 1999

Supercedes: n/a

Is superceded by: Contained in Microsoft Office 2000 Service Release 1/1a (SR-1/SR-1a).

Microsoft Knowledge Base article: Q241901, Q242144

Installation/Verification

File versions: excel.exe:9.00.0000.3610

MSP files (client): OQFE4003.msp

MSP files (admin): OQFE4003.msp

FeatureList: EXCELFiles

MS99-030 : Office ODBC Vulnerabilities

Microsoft previously released a security update for ODBC that addressed the vulnerability in the ODBC database driver that affected Excel 2000 users. This vulnerability is related to the IISAM component of the ODBC database driver and could be exploited by using an Excel 2000 query to do malicious acts similar to those described in the Office ODBC Driver Vulnerability. Microsoft produced a solution to this specific vulnerability and has now included additional IISAM files in the update.

NOTE: If you are running Windows 2000 or later, you do not need to install this update.

a.k.a. Office 2000 ODBC Driver Vulnerability Security Update

Distributed: August 1999

Supercedes: NOTE: If you installed the original update, the &quot;Excel ODBC Driver Vulnerability&quot;, before October 7, 1999, you should install this update on top of the original update.

Is superceded by: Contained in Microsoft Office 2000 Service Release 1/1a (SR-1/SR-1a).

Microsoft Knowledge Base article: Q239471, Q239482

Installation/Verification

File versions: msrpfs35.dll:3.51.2826.0000, mspdox35.dll:3.51.3007.0000, msrepl35.dll:3.51.3225.0000, msexcl35.dll:3.51.3227.0002, msltus35.dll:3.51.3227.0002, msjet35.dll:3.51.3328.0000, mstext35.dll:3.51.3330.0000, msjt4jlt.dll:3.52.3328.0000, dao360.dll:3.60.2927.0004, msjetole.dll:4.00.2927.0002, msrepl40.dll:4.00.2927.0002, msjet40.dll:4.00.2927.0004, msrd3x40.dll:4.00.2927.0004, msjtes40.dll:4.00.2927.0008, msexcl40.dll:4.00.2927.0009, msltus40.dll:4.00.2927.0009, mstext40.dll:4.00.2927.0011

MSP files (client): OQFE3821.msp

MSP files (admin): OQFE3821.msp

FeatureList: ProductNonBootFiles



Direct Links to the Client and Administrative Updates
MS02-021: E-mail Editor Flaw Could Lead to Script Execution on Reply or Forward

Link to bulletin: http://www.microsoft.com/technet/security/bulletin/MS02-021.asp

Link to client update: http://download.microsoft.com/download/word2000/Patch/wrd0901/WIN98MeXP/EN-US/wrd0901.exe

Link to administrative update: http://download.microsoft.com/download/word2000/Patch/wrd0901/WIN98MeXP/EN-US/wrd0901a.exe

MS01-050: Malformed Excel or PowerPoint Document Can Bypass Macro Security

Link to bulletin: http://www.microsoft.com/technet/security/bulletin/MS01-050.asp

Link to client update: http://download.microsoft.com/download/excel2000/e2kmac/1/w98nt42kme/en-us/e2kmac.exe

Link to administrative update: http://download.microsoft.com/download/excel2000/e2kmac/1/w98nt42kme/en-us/e2kmac_a.exe

MS01-050: Malformed Excel or PowerPoint Document Can Bypass Macro Security

Link to bulletin: http://www.microsoft.com/technet/security/bulletin/MS01-050.asp

Link to client update: http://download.microsoft.com/download/powerpoint2000/p2kmac/1/w98nt42kme/en-us/p2kmac.exe

Link to administrative update: http://download.microsoft.com/download/powerpoint2000/p2kmac/1/w98nt42kme/en-us/p2kmac_a.exe

MS01-038: Outlook View Control Exposes Unsafe Functionality

Link to bulletin: http://www.microsoft.com/technet/security/bulletin/MS01-038.asp

Link to client update: http://download.microsoft.com/download/outlook2000/outlctlx/1/WIN98Me/EN-US/outlctlx.exe

Link to administrative update: There is no administrative version of this update.

MS01-034: Malformed Word Document Could Enable Macro to Run Automatically

Link to bulletin: http://www.microsoft.com/technet/security/bulletin/MS01-034.asp

Link to client update: http://download.microsoft.com/download/word2000/wd2kmse/1/WIN98Me/EN-US/wd2kmsec.exe

Link to administrative update: http://download.microsoft.com/download/office2000pro/Patch/5.0.2919.6304/W9x2kmexp/EN-US/Wd2kmc_a.exe

MS01-028: RTF Document Linked to Template Can Run Macros Without Warning

Link to bulletin: http://www.microsoft.com/technet/security/bulletin/MS01-028.asp

Link to client update: http://download.microsoft.com/download/word2000/wd2kmse/1/WIN98Me/EN-US/wd2kmsec.exe

Link to administrative update: http://download.microsoft.com/download/office2000pro/Patch/5.0.2919.6304/W9x2kmexp/EN-US/Wd2kmc_a.exe

MS01-002: PowerPoint 2000 File Parser Contains Unchecked Buffer

Link to bulletin: http://www.microsoft.com/technet/security/bulletin/MS01-002.asp

Link to client update: http://download.microsoft.com/download/powerpoint2000/update/sr-1a/win98me/en-us/ppt2ksec.exe

Link to administrative update:http://download.microsoft.com/download/office2000pro/Patch/5.0.2919.6304/W982KMeXP/EN-US/ppt2ksec_a.exe

MS01-001: Web Client Will Perform NTLM Authentication Regardless of Security Settings

Link to bulletin: http://www.microsoft.com/technet/security/bulletin/MS01-001.asp

Link to client update: http://download.microsoft.com/download/office2000pro/fpwec2/2000/W98NT42KMe/EN-US/fpwec.exe

Link to administrative update: http://download.microsoft.com/download/office2000pro/Patch/5.0.2919.6304/WIN98Me/EN-US/fpwec_a.exe

MS00-071: Word Mail Merge Vulnerability

Link to bulletin: http://www.microsoft.com/technet/security/bulletin/MS00-071.asp

Link to client update: http://download.microsoft.com/download/word2000/wrdacc/2000/WIN98/EN-US/wrdacc.exe

Link to administrative update: http://download.microsoft.com/download/word2000/Patch/5.0.2919.6304/WIN98Me/EN-US/Wrdacc_a.exe

MS00-056: Microsoft Office HTML Object Tag Vulnerability

Link to bulletin: http://www.microsoft.com/technet/security/bulletin/MS00-056.asp

Link to client update: http://download.microsoft.com/download/office2000prem/of9data/2000/WIN98/EN-US/Of9data.exe

Link to administrative update: http://download.microsoft.com/download/office2000pro/Patch/4.71.1015.0/WIN98/EN-US/OF9DAT_a.exe

MS00-051: Excel REGISTER.ID Function Vulnerability

Link to bulletin: http://www.microsoft.com/technet/security/bulletin/MS00-051.asp

Link to client update: http://download.microsoft.com/download/excel2000/xl9p3pkg/2000/WIN98/EN-US/xl9p3pkg.exe

Link to administrative update: http://download.microsoft.com/download/excel2000/Patch/4.71.1015.0/WIN98/EN-US/xl9p3_a.exe

MS00-049: Office HTML Script and Internet Explorer Script Vulnerabilities

Link to bulletin: http://www.microsoft.com/technet/security/bulletin/MS00-049.asp

Link to client update: http://download.microsoft.com/download/office2000prem/Addinsec/2000/WIN98/EN-US/Addinsec.exe

Link to administrative update: http://download.microsoft.com/download/office2000prem/Patch/4.71.1015.0/WIN98/EN-US/addin_a.exe

MS00-034: Office 2000 UA Control Vulnerability

Link to bulletin: http://www.microsoft.com/technet/security/bulletin/MS00-034.asp

Link to client update: http://download.microsoft.com/download/office2000pro/Uactlsec/2000/WIN98/EN-US/Uactlsec.exe

Link to administrative update: There is no administrative version of this update.

MS00-015: Clip Art Buffer Overrun Vulnerability

Link to bulletin: http://www.microsoft.com/technet/security/bulletin/MS00-015.asp

Link to client update: http://download.microsoft.com/download/office2000/Patch/4.71.1015.0/WIN98/EN-US/cilupdt.exe

Link to administrative update: There is no administrative version of this update.

MS00-002: Malformed Conversion Data Vulnerability

Link to bulletin: http://www.microsoft.com/technet/security/bulletin/MS00-002.asp

Link to client update: http://download.microsoft.com/download/word2000/WW5Pkg/2000/WIN98/EN-US/WW5Pkg.exe

Link to administrative update: There is no administrative version of this update.

MS99-044: Excel SYLK Vulnerability

Link to bulletin: http://www.microsoft.com/technet/security/bulletin/MS99-044.asp

Link to client update: http://download.microsoft.com/download/excel2000/xl9p2pk/2000/WIN98/EN-US/xl9p2pkg.exe

Link to administrative update: There is no administrative version of this update.

MS99-030: Office ODBC Vulnerabilities

Link to bulletin: http://www.microsoft.com/technet/security/bulletin/MS99-030.asp

Link to client update: http://download.microsoft.com/download/office2000pro/JetCopk/2000/WIN98/EN-US/JetCoPkg.exe

Link to administrative update: There is no administrative version of this update.

Additional query words: OFF2000 patch patches

Keywords: kbinfo KB312097

Technology: _IKkbZNotKeyword4 kbOffice2000Search kbOffice2000SetupSearch kbOfficeSearch kbZNotKeyword5 kbZNotKeyword6

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.