Article ID: 269252
Article Last Modified on 6/27/2007
APPLIES TO
- Microsoft Excel 2000 Service Pack 1
- Microsoft Excel 2000 Standard Edition
This article was previously published under Q269252
SUMMARY
Microsoft has released an update that eliminates a security vulnerability in Microsoft Excel 2000. This update, the Microsoft Excel 2000 SR-1 REGISTER.ID Function Update, eliminates a security vulnerability that could allow certain types of executables to be run without a warning to the user.
To prevent unsafe macros from running, this update disables the REGISTER.ID worksheet function.
For additional information about the latest service pack for Microsoft Office 2000, click the article number below to view the article in the Microsoft Knowledge Base:
276367 OFF2000: How to Obtain the Latest Office 2000 Service Pack
To correct this problem, download and install the latest update for Excel 2000. The latest update includes this and all other Excel-specific updates that have been released since the latest service release (SR) of Office. The files included in this update will be included in any later SR or update. To upgrade to the latest Excel update or for more information about the history of Excel 2000 updates, please click the article number below to view the article in the Microsoft Knowledge Base:
269356 XL2000: Overview and History of Excel 2000 Updates
NOTE: To use the Excel 2000 SR-1 REGISTER.ID Function Update, you must first install Office 2000 SR-1 or Office 2000 Service Release 1a (SR-1a).
System administrators can find additional information and the administrator version of this update at the following Microsoft Web site:
To learn more about the Excel 2000 SR-1 REGISTER.ID Function Update, please see the Microsoft Security Bulletin MS00-051.
NOTE: This update includes only the Excel 2000 fix that is included with the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update, but it does not include the PowerPoint 2000 fix. Therefore, if you have not yet applied the Administrative Update for the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update to your administrative installation and to your network clients, please apply that update after you apply the Excel 2000 SR-1 Register.ID Function Vulnerability Update. For additional information about the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update, click the article numbers below to view the articles in the Microsoft Knowledge Base:
268654 OFF2000: Administrative Update Available for HTML Script Vulnerability
268365 XL2000: Update Available for HTML Script Vulnerability
268457 PPT2000: Update Available for HTML Script Vulnerability
MORE INFORMATION
How to Download and Install the Update
IMPORTANT:
To install the update, you must have access to your original Excel or Office compact disc. (One exception is if you installed from a "flat copy" of the compact disc stored on a network server. A "flat copy" is not the same as an administrative installation.)If you installed from a network administrative installation to your workstation, you should contact your administrator about obtaining this update. Do not attempt to apply this update to your workstation. For additional information about applying this update to an administrative installation, click the article number below to view the article in the Microsoft Knowledge Base:
269267 XL2000: Administrative Update Available for the Excel 2000 SR-1 REGISTER.ID Function Vulnerability
Quit all running programs, including Microsoft Office, Microsoft Project, and the Microsoft Office Shortcut Bar, before you begin the installation.
Follow these steps to download and install the update:
- Using your Web browser go to the following Web site:
- Click Download Now!. Click Save this program to disk, and then click OK.
- Click Save to save the Xl9p3pkg.exe file to the selected folder.
- In Windows Explorer, double-click xl9p3pkg.exe.
- If you are prompted to install the update, click Yes.
- Click Yes to accept the License Agreement.
- Insert the Office 2000 compact disc when you are prompted to do so, and then click OK.
- When you receive a message indicating installation was successful, click OK.
Files Contained in the Xl9p3pkg.exe Download
If you download Xl9p3pkg.exe and manually extract the files by using a command line similar to this
C:\Downloads\xl9p3pkg.exe /c /t:C:\xl9p3pkg
the following files will be listed in the C:\xl9p3pkg folder:
ohotfix9.exe
OQFE7797_Client.msp
Readme.txt
How to Verify That the Update Is Successful
To verify whether the installation of the update was successful, check that the last four digits of the version of the Excel.exe file on your system is equal to or later than 4317. By default, Excel.exe is in the following location on your computer:
C:\Program Files\Microsoft Office\Office
To check the last four digits, follow these steps:
- Click Start, point to Programs, and then click Windows Explorer.
- In Windows Explorer, right-click the file and then click Properties on the shortcut menu.
- Click the Version tab.
How to Get an Update Log File
By default, the Microsoft Excel 2000 SR-1 REGISTER.ID Function Update creates a log file during installation. The log file is created in your \Temp\OfficeHotFix folder and has a name similar to the following:
Office 2000 SR-1 Hotfix(0001)_MsiExec.log
REFERENCES
For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:
266134 OFF2000: Overview and History of Office 2000 Updates
248710 OFF97: Overview and History of Office 97 Patches
269267 XL2000: Administrative Update Available for the Excel 2000 SR-1 REGISTER.ID Function Vulnerability
269356 XL2000: Overview and History of Excel 2000 Updates
Additional query words: XL2000 hole hack patch
Keywords: kbdownload kbinfo kboffice2000presp2fix kboffice2000sp2fix KB269252
