Microsoft KB Archive/240770

= OFF: Frequently Asked Questions About the ODBC Driver Security Vulnerability Update =

Article ID: 240770

Article Last Modified on 1/25/2007

-

APPLIES TO


 * Microsoft Office 2000 Premium Edition
 * Microsoft Office 2000 Professional Edition
 * Microsoft Office 2000 Small Business Edition
 * Microsoft Office 2000 Standard Edition
 * Microsoft Office 2000 Developer Edition
 * Microsoft Office 97 Standard Edition

-



This article was previously published under Q240770



SUMMARY
This article addresses some of the most frequently asked questions about the Open Database Connectivity (ODBC) Driver Security Vulnerability Update.

For additional information about this update, click the following article numbers to view the articles in the Microsoft Knowledge Base:

240159 OFF2000: Office 2000 ODBC Driver Vulnerability Security Update

238445 OFF97: Office 97 ODBC Driver Vulnerability Security Update

Note It is not necessary to install this patch on Microsoft Windows 2000.



How Do I Apply This Update to My Computer?
For additional information about how to apply this update to your computer, click the following article number to view the article in the Microsoft Knowledge Base:

240159 OFF2000: Office 2000 ODBC Driver Vulnerability Security Update

Can I Update My Administrative Installation Point for Office to Include This Update When I Perform Client Installations?
For additional information about how to update your administrative installation of Office 2000 with the ODBC Driver Vulnerability Security Update, click the following article number to view the article in the Microsoft Knowledge Base:

243400 OFF2000: How to Update an Administrative Installation with the ODBC Vulnerability Patch

For additional information about how to update your administrative installation of Office 97 with the ODBC Driver Vulnerability Security Update, click the following article number to view the article in the Microsoft Knowledge Base:

243689 OFF97: How to Update an Administrative Installation with the ODBC Vulnerability Patch

Files
The following Microsoft Knowledge Base articles contain a list of the files the ODBC Security Update replaces:

239114 ACC2000: Updated Version of Microsoft Jet 4.0 Available on MSL

172733 Updated Version of Microsoft Jet 3.5 Available on MSL

Note The files that are listed in these articles are installed only if an earlier version of the file is present on your computer.

Registry Entries
The update sets the SandboxMode registry entries in the following subkeys to a value of 2:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Jet\4.0\Engines

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Jet\3.5\Engines

The update sets the DisabledExtensions registry entries in the following subkeys to a value of

!txt,csv,tab,asc,htm,html :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Jet\4.0\Engines\Text

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Jet\3.5\Engines\Text

For additional information about the registry entries that are listed earlier, click the following article numbers to view the articles in the Microsoft Knowledge Base:

239471 Jet 4.0 Text IISAM Allows User to Append Lines to System Files

239105 Jet 3.5 Text ISAM Allows User to Append Lines to System Files

239482 ACC2000: Jet 4.0 Expression Can Execute Unsafe Visual Basic for Applications Functions

239104 Jet Expression Can Execute Unsafe Visual Basic for Applications Functions

How Do I Know If the Update Has Been Installed Correctly?
  If you have this file...  The version number should be... -  MSJET35.DLL               3.51.3203.0 MSJET40.DLL              4.00.2927.4

I Have Just Used Office Setup to Add More Features to My Office Installation. Do I Need to Reapply This Update?
Yes. In fact, any time that you install a program that installs components of the Microsoft Jet database engine, you may need to reapply this update.

I Am Running Office 97. Do I Need to Install Service Release 2 (SR-2) Before I Install This Update?
SR-2 is not required in order to install this update. However, Microsoft strongly recommends that you upgrade to SR-2 before you install this update. If you do not install SR-2 before installing this update, some Jet 3.5 components may not be updated correctly. This may result in damage to your database products or may result in data corruption.

How Can I Roll Out the Update to My Users in Quiet Mode?
Use the following syntax on the command line that you use to install the update

\JetCopkg.exe /q

where  is the path to the JetCopkg.exe file.

What Command-Line Switches Can I Use When I Install the Update?
The following table lists the command-line switches that you can use with this update.

Note The following switches apply to the JetCoUpd.exe file, which is contained within the JetCopkg.exe file. For example, if you want to deploy this update in quiet mode while setting the Jet's Sandbox Mode to a value of 3, then your command line would be the following

\JetCopkg.exe /q /c:"jetcoupd.exe /q /m:3"

where  is the path to the Jetcopkg.exe file.   Switch   Description ---

/q      Quiet Mode /s      Silent Mode (same as Quiet Mode) /d      Disables the "Confirm Open After Download" flag for the following Office file types:

MS_ClipArt_Gallery.2 Excel.Chart.5 Excel.Chart.8 Excel.Sheet.5 Excel.Sheet.8 iqyfile rqyfile Outlook.Template msgfile vcsfile vcffile icsfile PowerPoint.Slide.8 PowerPoint.Show.8 PowerPoint.SlideShow.8 PowerPoint.Template.8 Word.Template.8 Word.Wizard.8 Word.Backup.8 Word.Document.8 Word.RTF.8

/m:  Sets the Jet Sandbox Mode.  can be set to 0, 1, 2, or 3.

I Have Developed Custom Applications That Use Microsoft Access Run Time (ART). How Does This Update Affect My ART Applications?
For ART solutions that are already installed onto your client's computer, you need to apply the patch at your client's computer.

To update the installation routine for your ART solution, use the appropriate method for your version of Access:
 * Access 97: Install the patch onto your development computer and then repackage your solution using the Setup wizard.
 * Access 2000: Using the Package and Deployment Wizard, add the Jet40sp3.exe file to your package and set the options to run that file at the end of the regular install.

