Microsoft Security Bulletin MS03-050 - A security vulnerability exists in Microsoft Excel that could allow malicious code execution. This vulnerability exists because of the method Excel uses to check the spreadsheet before reading the macro instructions. If successfully exploited, an attacker could craft a malicious file that could bypass the macro security model. Another security vulnerability exists in Microsoft Word that could allow malicious code execution. This vulnerability exists due to to the way Word checks the length of a data value (Macro names) embedded in a document. If a specially crafted document were to be opened it could overflow a data value in Word and allow arbitrary code to be executed.
2e65329c134cc1472436bf1dfa5a13a48429afbcc0aa286c1a69fd0eec83e2c5
Microsoft Security Bulletin MS03-050
Print Print
Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary
Code to Run (831527)
Issued: November 11, 2003
Version: 1.0
See all Office bulletins released November, 2003
Summary
Who should read this document: Customers who are using Microsoft®
Excel or Microsoft Word
Impact of vulnerability: Run code of attackers choice
Maximum Severity Rating: Important
Recommendation: Customers who are using the affected versions of
Microsoft Excel or Microsoft Word should apply the appropriate
security update at the earliest opportunity.
Security Update Replacement Excel: This patch replaces the security
patches contained in the following bulletins: MS01-050, MS02-031
and MS02-059.
Security Update Replacement Word: This patch replaces the security
patches contained in the following bulletins: MS02-021, MS02-031,
MS02-059 and MS03-035.
Caveats: None
Tested Software and Security Update Download Locations:
Affected Software:
* Microsoft Excel 97 - Download the update
* Microsoft Excel 2000 - Download the update
* Microsoft Excel 2002 - Download the update
* Microsoft Word 97 - Download the update
* Microsoft Word 98(J) - Download the update
* Microsoft Word 2000 and Microsoft Works Suite 2001 - Download the
update
* Microsoft Word 2002, Microsoft Works Suite 2002, Microsoft Works
Suite 2003, and Microsoft Works Suite 2004 - Download the update
Non Affected Software:
* Microsoft Office Word 2003
* Microsoft Office Excel 2003
The software listed above has been tested to determine if the
versions are affected. Other versions are no longer supported, and
may or may not be affected.
[plus.gif] Technical Details
Technical description:
A security vulnerability exists in Microsoft Excel that could allow
malicious code execution. This vulnerability exists because of the
method Excel uses to check the spreadsheet before reading the macro
instructions. If successfully exploited, an attacker could craft a
malicious file that could bypass the macro security model. If an
affected spreadsheet was opened, this vulnerability could allow a
malicious macro embedded in the file to be executed automatically,
regardless of the level at which the macro security is set. The
malicious macro could then take the same actions that the user had
permissions to carry out, such as adding, changing or deleting data
or files, communicating with a web site or formatting the hard
drive.
A security vulnerability exists in Microsoft Word that could allow
malicious code execution. This vulnerability exists due to to the
way Word checks the length of a data value (Macro names) embedded
in a document. If a specially crafted document were to be opened it
could overflow a data value in Word and allow arbitrary code to be
executed. If successfully exploited, an attacker could then take
the same actions as the user had permissions to carry out, such as
adding, changing or deleting data or files, communicating with a
web site or formatting the hard drive.
Mitigating factors:
* If a user of Office 97 or Office 2000 has installed the Office
Documentation Open Confirm Tool, the user will always get a "file
open" warning dialog box when trying to open an Office document
using Internet Explorer. For Office XP and Office System 2003 this
"file open" warning dialog box is enabled by default.
* These vulnerabilities could only be exploited by an attacker who
persuaded a user to open a malicious file - there is no way for an
attacker to force a user to open a malicious file.
Severity Rating:
Microsoft Excel 97 Important
Microsoft Excel 2000 Important
Microsoft Excel 2002 Important
Microsoft Word 97 Important
Microsoft Word 98(J) Important
Microsoft Word 2000 Important
Microsoft Word 2002 Important
Microsoft Works Suite 2001 Important
Microsoft Works Suite 2002 Important
Microsoft Works Suite 2003 Important
Microsoft Works Suite 2004 Important
The above assessment is based on the types of systems affected by
the vulnerability, their typical deployment patterns, and the
effect that exploiting the vulnerability would have on them.
Vulnerability identifier Word: CAN-2003-0820
Vulnerability identifier Excel: CAN-2003-0821
[plus.gif] Workarounds
Due to the fact that this vulnerability bypasses the built-in macro
security, the best workaround if you are unable to deploy the
update is to not open documents from un-trusted sources.
[plus.gif] Frequently Asked Questions
What is a macro?
Generally, the term macro refers to a small program that automates
frequently-performed tasks in an operating system or in a program.
For example, many members of the Office family of products support
the use of macros. This allows companies to develop macros that
perform as sophisticated productivity tools that run in Word, in
Excel, or in other programs.
Like any computer program, macros can be misused. To combat this
threat, Office has a security model that is designed to make sure
that macros can only run when the user wants them to run.
What might an attacker use these vulnerabilities to do?
If successfully exploited, an attacker could cause code of their
choice to run with additional privileges on the system. This could
allow the attacker to add, delete or modify data on the system, or
take any other action of the attacker's choice.
Who could exploit these vulnerabilities?
Any user who could entice another user to open a specially-crafted
document can attempt to exploit these vulnerabilities.
How could an attacker exploit these vulnerabilities?
An attacker could seek to exploit either of these vulnerabilities
by creating a specially-crafted document that contains malicious
code. The attacker could then send this to a user, typically
through an e-mail message, and then persuade the user to open the
file. An attacker could also host the specially-crafted document on
a network share or on a Web site; however, the attacker would still
need to persuade the user to open the document.
Microsoft Works Suite is listed as a vulnerable product - why?
Microsoft Works Suite includes Microsoft Word. Microsoft Works
users should use Office Update at:
http://www.office.microsoft.com/ProductUpdates/default.aspx to
detect and to install the appropriate update.
CAN-2003-0821: Excel Macro Vulnerability
What's the scope of the vulnerability in Microsoft Excel?
The Excel vulnerability could enable an attacker to create a
spreadsheet that, when opened, could allow an XLM (Excel 4) macro
to run regardless of the macro security level. Macros can take any
action that the user can take, and as a result this vulnerability
could allow an attacker to take actions such as changing data,
communicating with Web sites, reformatting the hard disk, or
changing the security settings in the application.
What causes the vulnerability in Microsoft Excel?
This vulnerability exists because of the method Excel uses to check
the spreadsheet before reading the macro instructions. As a result
the user will not be prompted with a macro security warning even
when macros are present in the file.
What's wrong with the way Excel handles macro security?
Because of the way Excel reads and assesses macro security when a
file is opened, under certain circumstances, macro security checks
could be bypassed.
What does the update for Microsoft Excel do?
The update addresses the vulnerability by modifying the way that
Excel performs macro security checks before opening a file.
CAN-2003-0820: Word Buffer Overrun Vulnerability
What's the scope of the vulnerability in Microsoft Word?
The Word buffer overrun vulnerability could enable an attacker to
create a word document containing a Macro that, if successfully
exploited, could allow an attacker to then take the same actions as
the user had permissions to carry out - such as adding, changing or
deleting data or files, communicating with a web site or formatting
the hard drive.
What causes the vulnerability in Microsoft Word?
The vulnerability is the result of ithe way Word validates of the
length of a data value (Macro names) embedded in a document. If
successfully exploited an attacker could then take the same actions
as the user had permissions to carry out-- such as adding, changing
or deleting data or files, communicating with a web site or
formatting the hard drive.
What's wrong with the way Word handles input buffers?
Because of the way Word validates the length of an input buffer,
under certain circumstances, this validation could lead to a buffer
overrun.
What does the update for Microsoft Word do?
The update corrects the buffer overrun by properly validating the
input buffer before opening a file.
[plus.gif] Security Update Information
For information about the specific security update for your
platform, click the appropriate link:
* For Microsoft Works Suite 2001 use the Word 2000 section
* For Microsoft Works Suite 2002, 2003 and 2004 update use the Word
2002 section
[plus.gif] Microsoft Excel 97
Prerequisites Client Update
This security update requires Office 97 Service Release 2
Inclusion in future service packs:
This update will be included in any future service packs for Office
97
Installation Information for the Client Update:
This security update supports the following Setup switches:
These switches do not work with all update files. If a switch does
not work, the functionality is necessary for that package.
/q Specifies quiet mode, or suppresses prompts, when files are
being extracted.
/q:u Specifies user-quiet mode, which presents some dialog boxes to
the user.
/q:a Specifies administrator-quiet mode, which does not present any
dialog boxes to the user.
/t:path Specifies the target folder for extracting files.
/c Extracts the files without installing them. If /t: path is not
specified, you are prompted for a target folder.
/c:path Specifies the path and name of the Setup .inf or .exe file.
/r:n Never restarts the computer after installation.
/r:I Prompts the user to restart the computer if a restart is
required, except when used with /q:a.
/r:a Always restarts the computer after installation.
/r:s Restarts the computer after installation without prompting the
user.
/n:v No version checking - Install the program over any previous
version.
Note: The use of the /n:v switch is unsupported and may result in
an unbootable system. If the installation is unsuccessful, you
should consult your support professional to understand why it
fails.
For more information, see the Internet Explorer Administration Kit
(IEAK).
Deployment Information
1. Download the Excel 97 Security Update
2. Click Save to save the Office97-KB830356-ENU.exe file to the
selected folder.
3. In Windows Explorer, double-click Office97-KB830356-ENU.exe.
4. If you are prompted to install the update, click Yes.
5. Click Yes to accept the License Agreement.
6. Insert your Office 97 CD-ROM when you are prompted to do so, and
then click OK.
7. When you receive a message that indicates the installation was
successful, click OK.
Note: After you install the update, you cannot remove it. To revert
to an installation before the update was installed, you must remove
Office 97, and then install it again from the original CD-ROM.
Restart Requirement
No Restart required.
Removal Information
This security update can not be uninstalled
File Information
The English version of this update has the file attributes (or
later) that are listed in the following table.
File name Size Date File Version
Excel.exe 5,621,248 10/26/2003 8.0.1.9904
Scanload.dll 36,864 10/26/2003 8.2.0.9904
Verifying Update Installation
To determine the version of Excel that is installed on your
computer, follow these steps.
Note: Because there are several versions of Microsoft Windows, the
following steps may be different on your computer. If they are, see
your product documentation to complete these steps.
1. Click Start, and then click Search.
2. In the Search Results pane, click All files and folders under
Search Companion.
3. In the All or part of the file name box, type Excel.exe, and then
click Search.
4. In the list of files, right-click Excel.exe, and then click
Properties.
5. On the Version tab, determine the version of Excel that is
installed on your computer.
Note: If the Excel 97 Security Update: KB830356 is already
installed on your computer, you receive the following error
message when you try to install the Excel 97 Security Update:
KB830356:
This update has already been applied or is included in an update
that has already been applied.
The update contains updated versions of the following files:
File name Size Date File Version
Excel.exe 5,621,248 10/26/2003 8.00.01.9904
[plus.gif] Microsoft Excel 2000
Prerequisites Client Update
Important: Before you install this update, make sure that the
following requirements have been met:
* Microsoft Windows Installer 2.0
Before you install this update, you must install Windows Installer
2.0 or later. For additional information about this requirement,
see the "Windows Installer Update Requirements" section of this
bulletin.
* Office 2000 Service Pack 3 (SP-3)
Before you install this update, install Office 2000 SP-3. For
additional information about how to install Office 2000 Service
Pack 3, click the following article number to view the article in
the Microsoft Knowledge Base:
326585 OFF2000: Overview of Office 2000 Service Pack 3
Inclusion in future service packs:
This update will be included in any future service packs for Office
2000
Installation Information client:
This security update supports the following Setup switches:
These switches do not work with all update files. If a switch does
not work, the functionality is necessary for that package.
/q Specifies quiet mode, or suppresses prompts, when files are
being extracted.
/q:u Specifies user-quiet mode, which presents some dialog boxes to
the user.
/q:a Specifies administrator-quiet mode, which does not present any
dialog boxes to the user.
/t:path Specifies the target folder for extracting files.
/c Extracts the files without installing them. If /t: path is not
specified, you are prompted for a target folder.
/c:path Specifies the path and name of the Setup .inf or .exe file.
/r:n Never restarts the computer after installation.
/r:i Prompts the user to restart the computer if a restart is
required, except when used with /q:a.
/r:a Always restarts the computer after installation.
/r:s Restarts the computer after installation without prompting the
user.
/n:v No version checking - Install the program over any previous
version.
Note: The use of the /n:v switch is unsupported and may result in
an unbootable system. If the installation is unsuccessful, you
should consult your support professional to understand why it
fails.
For more information, see the Internet Explorer Administration Kit
(IEAK).
If you installed your Office 2000 product; from a CD-ROM, you have
the following two options:
Use the Office Product Updates Web site to automatically install
all the latest updates that include all available service packs and
public updates.
-or-
Install only the Microsoft Excel 2000 Security Update: KB830349 by
following the steps described later in this bulletin.
Note: Microsoft recommends that you install the client update by
using the Office Product Updates Web site. The Office Product
Updates Web site detects your particular installation of Microsoft
Office and prompts you to install exactly what you must have to
make sure that your Office installation is completely up-to-date.
Office Product Updates Web Site
To have the Office Product Updates Web site detect the required
updates that you must install on your computer, visit the following
Microsoft Web site:
http://office.microsoft.com/ProductUpdates/default.aspx
After detection is complete, you receive a list of recommended
updates for your approval. Click Start Installation to complete the
process.
Deployment Information client install
1. Download the client version of the Excel 2000 Security Update
Update
2. Click Save to save the Office2000-kb830349-client-enu.exe file to
the selected folder.
3. In Windows Explorer, double-click
Office2000-kb830349-client-enu.exe.
4. If you are prompted to install the update, click Yes.
5. Click Yes to accept the License Agreement.
6. Insert your Office 2000 CD-ROM when you are prompted to do so, and
then click OK.
7. When you receive a message that indicates the installation was
successful, click OK.
Note: After you install the update, you cannot remove it. To revert
to an installation before the update was installed, you must remove
Office 2000, and then install it again from the original CD-ROM.
Restart Requirement
No Restart required.
Removal Information
This security update can not be uninstalled
File Information
The English version of this update has the file attributes (or
later) that are listed in the following table.
File Name Size Date Version
excel.exe 6,997 KB 10/17/2003 9.0.08216
Verifying Update Installation
To determine the version of Excel that is installed on your
computer, follow these steps.
Note: Because there are several versions of Microsoft Windows, the
following steps may be different on your computer. If they are, see
your product documentation to complete these steps.
1. Click Start, and then click Search.
2. In the Search Results pane, click All files and folders under
Search Companion.
3. In the All or part of the file name box, type Excel.exe, and then
click Search.
4. In the list of files, right-click Excel.exe, and then click
Properties.
5. On the Version tab, determine the version of Excel that is
installed on your computer.
The update contains one of the updated versions of the following
files:
File Name Size Date File Version
excel.exe 6,997 KB 10/17/2003 9.0.08216
Installation Information Administrative Update
Prerequisites Administrative Update
Windows Installer Update Requirements
To install the update that is described in this bulletin requires
Windows Installer 2.0 or later. Both Microsoft Windows XP and
Microsoft Windows 2000 Service Pack 3 (SP3) include Windows
Installer 2.0 or later. To install the latest version of the
Windows Installer, visit one of the following Microsoft Web sites.
Windows Installer for Microsoft Windows 95, Microsoft Windows 98,
and Microsoft Windows Millennium Edition (Me):
http://www.microsoft.com/downloads/release.asp?releaseid=32831
Windows Installer for Microsoft Windows NT 4.0 and Windows 2000:
http://www.microsoft.com/downloads/release.asp?releaseid=32832
Inclusion in future service packs:
This update will be included in any future service packs for Office
2000
Deployment Information Administrative Install
If you installed your Office 2000 product from a server location,
the server administrator must update the server location with the
administrative update and deploy that update to your computer.
1. Download the administrative version of the Excel 2000 Security
update
If you are the server administrator, after you click the link to
download the administrative update follow these steps:
2. Click Save to save the Office2000-kb830349-fullfile-enu.exe file
to the selected folder.
3. In Windows Explorer, double-click
Office2000-kb830349-fullfile-enu.exe.
4. If you are prompted to install the update, click Yes.
5. Click Yes to accept the License Agreement.
6. In the Type the location where you want to place the extracted
files box, type c:\kb830349, and then click OK.
7. Click Yes when you are prompted to create the folder.
8. If you are familiar with the procedure for updating your
administrative installation, click Start, and then click Run. Type
the following command in the Open box
msiexec /a Admin Path\MSI File /p C:\kb830349\MSP File SHORTFile
NameS=TRUE
where Admin Path is the path to your administrative installation
point for Office 2000 (for example, C:\Office2000), MSI File is the
.msi database package for the Office 2000 product (for example,
Data1.msi), and MSP File is the name of the administrative update
(for example, EXCELff.msp).
Note: You can append /qb+ to the command line so that the Office
2000 Administrative Installation dialog box and the End User
License Agreementdialog box do not appear.
9. To deploy the update to the client workstations, click Start, and
then click Run. Type the following command in the Open box
msiexec /i Admin Path\MSI File REINSTALL=Feature List
REINSTALLMODE=vomu
where Admin Path is the path to your administrative installation
point for Office 2000 (for example, C:\Office2000), MSI File is the
MSI database package for the Office 2000 product (for example,
Data1.msi), and Feature List is the list of feature names (case
sensitive) that have to be reinstalled for the update. To install
all features, you can use REINSTALL=ALL , or you can install the
following feature:
EXCELFiles
For additional information about how to update your administrative
installation and deploy to client workstations, click the following
article number to view the article in the Microsoft Knowledge Base:
304165 OFF2000: How to Install a Public Update to an Administrative
Installation
This bulletin contains standard instructions for installing an
administrative public update. You can also see the following
article in the Microsoft Office Resource Kit:
http://www.microsoft.com/office/ork/2003/admin/97_2000/exc0904a.htm
Restart Requirement
No Restart required.
Removal Information
This security update can not be uninstalled
File Information
The English version of this update has the file attributes (or
later) that are listed in the following table.
File Name Size Date File Version
excel.exe 6,997 10/17/2003 9.0.0.8216
Verifying Update Installation
To determine the version of Excel that is installed on your
computer, follow these steps.
Note: Because there are several versions of Microsoft Windows, the
following steps may be different on your computer. If they are, see
your product documentation to complete these steps.
1. Click Start, and then click Search.
2. In the Search Results pane, click All files and folders under
Search Companion.
3. In the All or part of the file name box, type Excel.exe, and then
click Search.
4. In the list of files, right-click Excel.exe, and then click
Properties.
5. On the Version tab, determine the version of Excel that is
installed on your computer.
For additional information about how to determine the version of
Excel 2000 on your computer, click the following article number to
view the article in the Microsoft Knowledge Base:
255275 OFF2000: How to Determine the Version of Your Office Program
Note: If the Excel 2000 Security Update: KB830349 is already
installed on your computer, you receive the following error message
when you try to install the Excel 2000 Security Update: KB830349:
This update has already been applied or is included in an update
that has already been applied.
The update contains updated versions of the following files:
File Name Size Date File Version
excel.exe 6,997 10/17/2003 9.0.0.8216
[plus.gif] Microsoft Excel 2002
Prerequisites Client Update
Important: Before you install this update, make sure that the
following requirements have been met:
* Microsoft Windows Installer 2.0
Before you install this update, you must install Windows Installer
2.0 or later. For additional information about this requirement,
see the "Windows Installer Update Requirements" section of this
bulletin.
* Office XP Service Pack 2 (SP-2)
Before you install this update, install Office XP SP-2. For
additional information about how to install Office XP Service Pack
2, click the following article number to view the article in the
Microsoft Knowledge Base:
325671 OFFXP: Overview of the Office XP Service Pack 2
Inclusion in future service packs:
This update will be included in any future service packs for
Office XP
Installation Information client:
This security update supports the following Setup switches:
These switches do not work with all update files. If a switch does
not work, the functionality is necessary for that package.
/q Specifies quiet mode, or suppresses prompts, when files are
being extracted.
/q:u Specifies user-quiet mode, which presents some dialog boxes to
the user.
/q:a Specifies administrator-quiet mode, which does not present any
dialog boxes to the user.
/t:path Specifies the target folder for extracting files.
/c Extracts the files without installing them. If /t: path is not
specified, you areprompted for a target folder.
/c:path Specifies the path and name of the Setup .inf or .exe file.
/r:n Never restarts the computer after installation.
/r:i Prompts the user to restart the computer if a restart is
required, except when used with /q:a.
/r:a Always restarts the computer after installation.
/r:s Restarts the computer after installation without prompting the
user.
/n:v No version checking - Install the program over any previous
version.
Note: The use of the /n:v switch is unsupported and may result in
an unbootable system. If the installation is unsuccessful, you
should consult your support professional to understand why it
fails.
For more information, see the Internet Explorer Administration Kit
(IEAK).
If you installed you Office 2000 product; from a CD-ROM, you have
the following two options:
Use the Office Product Updates Web site to automatically install
all the latest updates that include all available service packs and
public updates.
-or-
Install only the Microsoft Excel 2000 Security Update: KB830349 by
following the steps described later in this bulletin.
Note: Microsoft recommends that you install the client update by
using the Office Product Updates Web site. The Office Product
Updates Web site detects your particular installation of Microsoft
Office and prompts you to install exactly what you must have to
make sure that your Office installation is completely up-to-date.
Office Product Updates Web Site
To have the Office Product Updates Web site detect the required
updates that you must install on your computer, visit the following
Microsoft Web site:
http://office.microsoft.com/ProductUpdates/default.aspx
After detection is complete, you receive a list of recommended
updates for your approval. Click Start Installation to complete the
process.
Deployment Information
1. Download the client version of the Excel 2002 Security Update
Update
2. Click Save to save the Officexp-kb830350-client-enu.exe file to
the selected folder. In Windows Explorer, double-click
Officexp-kb830350-client-enu.exe.
3. If you are prompted to install the update, click Yes.
4. Click Yes to accept the License Agreement.
5. Insert your Office XP CD-ROM when you are prompted to do so, and
then click OK.
6. When you receive a message that indicates the installation was
successful, click OK.
Note: After you install the update, you cannot remove it. To
revert to an installation before the update was installed, you
must remove Office XP, and then install it again from the original
CD-ROM.
Restart Requirement
No Restart required.
Removal Information
This security update can not be uninstalled
File Information
The English version of this update has the file attributes (or
later) that are listed in the following table.
File Name Size Date File Version
excel.exe 8,967 KB 10/16/03 10.0.5815.0
Verifying Update Installation
To determine the version of Excel that is installed on your
computer, follow these steps.
Note: Because there are several versions of Microsoft Windows, the
following steps may be different on your computer. If they are, see
your product documentation to complete these steps.
1. Click Start, and then click Search.
2. In the Search Results pane, click All files and folders under
Search Companion.
3. In the All or part of the file name box, type Excel.exe, and then
click Search.
4. In the list of files, right-click Excel.exe, and then click
Properties.
5. On the Version tab, determine the version of Excel that is
installed on your computer.
The update contains an updated version of the following file:
File Name Size Date File Version
excel.exe 8,967 KB 10/16/03 10.0.5815.0
Installation Information Administrative install
Prerequisites Administrative install
Windows Installer Update Requirements
To install the update that is described in this bulletin requires
Windows Installer 2.0 or later. Both Microsoft Windows XP and
Microsoft Windows 2000 Service Pack 3 (SP3) include Windows
Installer 2.0 or later. To install the latest version of the
Windows Installer, visit one of the following Microsoft Web sites.
Windows Installer for Microsoft Windows 95, Microsoft Windows 98,
and Microsoft Windows Millennium Edition (Me):
http://www.microsoft.com/downloads/release.asp?releaseid=32831
Windows Installer for Microsoft Windows NT 4.0 and Windows 2000:
http://www.microsoft.com/downloads/release.asp?releaseid=32832
Inclusion in future service packs:
This update will be included in any future service packs for Office
XP
Installation Information for the Administrative Update
If you installed your Office XP product from a server location, the
server administrator must update the server location with the
administrative update and deploy that update to your computer.
1. Download the administrative version of the Excel 2002 Security
Update Update
If you are the server administrator, after you click the link to
download the administrative update follow these steps:
2. Click Save to save the Officexp-kb830350-fullfile-enu.exe file to
the selected folder.
3. In Windows Explorer, double-click
Officexp-kb830350-fullfile-enu.exe.
4. If you are prompted to install the update, click Yes.
5. Click Yes to accept the License Agreement.
6. In the Type the location where you want to place the extracted
files box, type c:\KB830350, and then click OK.
7. Click Yes when you are prompted to create the folder.
8. If you are familiar with the procedure for updating your
administrative installation, click Start, and then click Run. Type
the following command in the Open box
msiexec /a Admin Path\MSI File /p C:\KB830350\MSP File SHORTFile
NameS=TRUE
where Admin Path is the path to your administrative installation
point for Office XP (for example, C:\OfficeXP), MSI File is the
.msi database package for the Office XP product (for example,
Data1.msi), and MSP File is the name of the administrative update
(for example, EXCELff.msp).
Note: You can append /qb+ to the command line so that the Office XP
Administrative Installation dialog box and the End User License
Agreement dialog box do not appear.
Deployment Information
To deploy the update to the client workstations, click Start, and
then click Run. Type the following command in the Open box
msiexec /i Admin Path\MSI File REINSTALL=Feature List
REINSTALLMODE=vomu
where Admin Path is the path to your administrative installation
point for Office XP (for example, C:\OfficeXP), MSI File is the MSI
database package for the Office XP product (for example,
Data1.msi), and Feature List is the list of feature names (case
sensitive) that have to be reinstalled for the update. To install
all features, you can use REINSTALL=ALL, or you can install the
following feature(s):
EXCELFiles, WORDNonBootFiles
For additional information about how to update your administrative
installation and deploy to client workstations, click the following
article number to view the article in the Microsoft Knowledge Base:
301348 OFFXP: How to Install a Public Update to an Administrative
Installation
Restart Requirement
No Restart required.
Removal Information
This security update can not be uninstalled
File Information
The English version of this update has the file attributes (or
later) that are listed in the following table.
File Name Size Date File Version
excel.exe 8,967 KB 10/16/03 10.0.5815.0
Verifying Update Installation
To determine the version of Excel that is installed on your
computer, follow these steps.
Note: Because there are several versions of Microsoft Windows, the
following steps may be different on your computer. If they are, see
your product documentation to complete these steps.
1. Click Start, and then click Search.
2. In the Search Results pane, click All files and folders under
Search Companion.
3. In the All or part of the file name box, type Excel.exe, and then
click Search.
4. In the list of files, right-click Excel.exe, and then click
Properties.
5. On the Version tab, determine the version of Excel that is
installed on your computer.
For additional information about how to determine the version of
Excel 2002 on your computer, click the following article number to
view the article in the Microsoft Knowledge Base:
291331 HOW TO: Check the Version of Office XP
Note: If the Excel 2002 Security Update: KB830350 is already
installed on your computer, you receive the following error message
when you try to install the Excel 2002 Security Update: KB830350:
This update has already been applied or is included in an update
that has already been applied.
The update contains an updated version of the following file:
File Name Size Date File Version
excel.exe 8,967 KB 10/16/03 10.0.5815.0
[plus.gif] Microsoft Word 97
Prerequisites Client Update
This security update requires Office 97 Service Release 2
Inclusion in future service packs:
This update will be included in any future service packs for Office
97
Installation Information for the Client Update:
This security update supports the following Setup switches:
These switches do not work with all update files. If a switch does
not work, the functionality is necessary for that package.
/q Specifies quiet mode, or suppresses prompts, when files are
being extracted.
/q:u Specifies user-quiet mode, which presents some dialog boxes to
the user.
/q:a Specifies administrator-quiet mode, which does not present any
dialog boxes to the user.
/t:path Specifies the target folder for extracting files.
/c Extracts the files without installing them. If /t: path is not
specified, you are prompted for a target folder.
/c:path Specifies the path and name of the Setup .inf or .exe file.
/r:n Never restarts the computer after installation.
/r:i Prompts the user to restart the computer if a restart is
required, except when used with /q:a.
/r:a Always restarts the computer after installation.
/r:s Restarts the computer after installation without prompting the
user.
/n:v No version checking - Install the program over any previous
version.
Note: The use of the /n:v switch is unsupported and may result in
an unbootable system. If the installation is unsuccessful, you
should consult your support professional to understand why it
fails.
For more information, see the Internet Explorer Administration Kit
(IEAK).
Deployment Information
1. Download the Word 97 Security Update
2. Click Save to save the Office97-KB830354-ENU.exe file to the
selected folder.
3. In Windows Explorer, double-click Office97-KB830354-ENU.exe.
4. If you are prompted to install the update, click Yes.
5. Click Yes to accept the License Agreement.
6. Insert your Office 97 CD-ROM when you are prompted to do so, and
then click OK.
7. When you receive a message that indicates the installation was
successful, click OK.
Note: After you install the update, you cannot remove it. To
revert to an installation before the update was installed, you
must remove Office 97, and then install it again from the original
CD-ROM.
Restart Requirement
No Restart required.
Removal Information
This security update can not be uninstalled
File Information
The English version of this update has the file attributes (or
later) that are listed in the following table.
File Name Size Date File Version
Word.exe 5,212 KB 10/15/2003 8.0.0.9315
wwintl32.dll 1,132 KB 10/15/2003 8.0.0.9315
Verifying Update Installation
To determine the version of Excel that is installed on your
computer, follow these steps.
Note: Because there are several versions of Microsoft Windows, the
following steps may be different on your computer. If they are, see
your product documentation to complete these steps.
1. Click Start, and then click Search.
2. In the Search Results pane, click All files and folders under
Search Companion.
3. In the All or part of the file name box, type Excel.exe, and then
click Search.
4. In the list of files, right-click Word.exe, and then click
Properties.
5. On the Version tab, determine the version of Word that is
installed on your computer.
The update contains updated versions of the following files:
File Name Size Date File Version
winword.exe 8,826,932 10/20/2003 9.0.0.8216
Note: If the Word 97 Security Update: KB830354 is already installed
on your computer, you receive the following error message when you
try to install the Word 97 Security Update: KB830354:
This update has already been applied or is included in an update
that has already been applied.
[plus.gif] Microsoft Word 98(J)
Prerequisites Client Update
This security update requires Office 97 Service Release 2
Inclusion in future service packs:
This update will be included in any future service packs for Office
97
Installation Information for the Client Update:
This security update supports the following Setup switches:
These switches do not work with all update files. If a switch does
not work, the functionality is necessary for that package.
/q Specifies quiet mode, or suppresses prompts, when files are
being extracted.
/q:u Specifies user-quiet mode, which presents some dialog boxes to
the user.
/q:a Specifies administrator-quiet mode, which does not present any
dialog boxes to the user.
/t:path Specifies the target folder for extracting files.
/c Extracts the files without installing them. If /t: path is not
specified, you are prompted for a target folder.
/c:path Specifies the path and name of the Setup .inf or .exe file.
/r:n Never restarts the computer after installation.
/r:i Prompts the user to restart the computer if a restart is
required, except when used with /q:a.
/r:a Always restarts the computer after installation.
/r:s Restarts the computer after installation without prompting the
user.
/n:v No version checking - Install the program over any previous
version.
Note: The use of the /n:v switch is unsupported and may result in
an unbootable system. If the installation is unsuccessful, you
should consult your support professional to understand why it
fails.
For more information, see the Internet Explorer Administration Kit
(IEAK).
Deployment Information
1. Download the Word 98 Security Update
2. Click Save to save the Office98-KB830357-JPN.exe file to the
selected folder.
3. In Windows Explorer, double-click Office98-KB830357-JPN.exe.
4. If you are prompted to install the update, click Yes.
5. Click Yes to accept the License Agreement.
6. Insert your Office 98 CD-ROM when you are prompted to do so, and
then click OK.
7. When you receive a message that indicates the installation was
successful, click OK.
Note: After you install the update, you cannot remove it. To
revert to an installation before the update was installed, you
must remove Office 98, and then install it again from the original
CD-ROM.
Restart Requirement
No Restart required.
Removal Information
This security update can not be uninstalled
File Information
The English version of this update has the file attributes (or
later) that are listed in the following table.
File Name Size Date File Version
wwintl32.dll 2,313 KB 10/16/2003
WinWord.exe 5,499 KB 10/16/2003 8.0.0.9716
Verifying Update Installation
To determine the version of Word that is installed on your
computer, follow these steps.
Note: Because there are several versions of Microsoft Windows, the
following steps may be different on your computer. If they are, see
your product documentation to complete these steps.
1. Click Start, and then click Search.
2. In the Search Results pane, click All files and folders under
Search Companion.
3. In the All or part of the file name box, type Winword.exe, and
then click Search.
4. In the list of files, right-click Winword.exe, and then click
Properties.
5. On the Version tab, determine the version of Word that is
installed on your computer.
Note: If the Word 98 Security Update: KB830357 is already installed
on your computer, you receive the following error message when you
try to install the Word 98 Security Update: KB830357:
This update has already been applied or is included in an update
that has already been applied.
The update contains updated versions of the following files:
File Name Size Date File Version
WinWord.exe 5,499 KB 10/16/2003 8.0.0.9716
[plus.gif] Microsoft Word 2000
Prerequisites Client Update
Important Before you install this update, make sure that the
following requirements have been met:
* Microsoft Windows Installer 2.0
Before you install this update, you must install Windows Installer
2.0 or later. For additional information about this requirement,
see the "Windows Installer Update Requirements" section of this
bulletin.
* Office 2000 Service Pack 3 (SP-3)
Before you install this update, install Office 2000 SP-3. For
additional information about how to install Office 2000 Service
Pack 3, click the following article number to view the article in
the Microsoft Knowledge Base:
326585 OFF2000: Overview of Office 2000 Service Pack 3
Inclusion in future service packs:
This update will be included in any future service packs for Office
2000
Installation Information client:
This security update supports the following Setup switches:
These switches do not work with all update files. If a switch does
not work, the functionality is necessary for that package.
/q Specifies quiet mode, or suppresses prompts, when files are
being extracted.
/q:u Specifies user-quiet mode, which presents some dialog boxes to
the user.
/q:a Specifies administrator-quiet mode, which does not present any
dialog boxes to the user.
/t:path Specifies the target folder for extracting files.
/c Extracts the files without installing them. If /t: path is not
specified, you are prompted for a target folder.
/c:path Specifies the path and name of the Setup .inf or .exe file.
/r:n Never restarts the computer after installation.
/r:i Prompts the user to restart the computer if a restart is
required, except when used with /q:a.
/r:a Always restarts the computer after installation.
/r:s Restarts the computer after installation without prompting the
user.
/n:v No version checking - Install the program over any previous
version.
Note: The use of the /n:v switch is unsupported and may result in
an unbootable system. If the installation is unsuccessful, you
should consult your support professional to understand why it
fails.
For more information, see the Internet Explorer Administration Kit
(IEAK).
If you installed your Office 2000 product from a CD-ROM, you have
the following two options:
* Use the Office Product Updates Web site to automatically install
all the latest updates that include all available service packs
and public updates.
-or-
* Install only the Microsoft Word 2000 Security Update: KB830347 by
following the steps described later in this bulletin.
Note: Microsoft recommends that you install the client update by
using the Office Product Updates Web site. The Office Product
Updates Web site detects your particular installation of Microsoft
Office and prompts you to install exactly what you must have to
make sure that your Office installation is completely up-to-date.
Office Product Updates Web Site
To have the Office Product Updates Web site detect the required
updates that you must install on your computer, visit the following
Microsoft Web site:
http://office.microsoft.com/ProductUpdates/default.aspx
After detection is complete, you receive a list of recommended
updates for your approval. Click Start Installation to complete the
process.
Deployment Information
1. Download the client version of the Word 2000 Security Update
2. Click Save to save the Office2000-kb830347-client-enu.exe file to
the selected folder.
3. In Windows Explorer, double-click
Office2000-kb830347-client-enu.exe.
4. If you are prompted to install the update, click Yes.
5. Click Yes to accept the License Agreement.
6. Insert your Office 2000 CD-ROM when you are prompted to do so, and
then click OK.
7. When you receive a message that indicates the installation was
successful, click OK.
Note: After you install the update, you cannot remove it. To revert
to an installation before the update was installed, you must remove
Office 2000, and then install it again from the original CD-ROM.
Restart Requirement
No Restart required.
Removal Information
This security update can not be uninstalled
How to Determine Whether the Update Is Installed
To determine the version of Word that is installed on your
computer, follow these steps.
Note: Because there are several versions of Microsoft Windows, the
following steps may be different on your computer. If they are, see
your product documentation to complete these steps.
1. Click Start, and then click Search.
2. In the Search Results pane, click All files and folders under
Search Companion.
3. In the All or part of the file name box, type Winword.exe, and
then click Search.
4. In the list of files, right-click Winword.exe, and then click
Properties.
5. On the Version tab, determine the version of Word that is
installed on your computer.
The English version of this update contains the following files:
File Name Size Date File Version
winword.exe 8,826,932 10/20/2003 9.0.0.8216
Installation Information Administrative Update
Prerequisites Administrative Update
Windows Installer Update Requirements
To install the update that is described in this bulletin requires
Windows Installer 2.0 or later. Both Microsoft Windows XP and
Microsoft Windows 2000 Service Pack 3 (SP3) include Windows
Installer 2.0 or later. To install the latest version of the
Windows Installer, visit one of the following Microsoft Web sites.
Windows Installer for Microsoft Windows 95, Microsoft Windows 98,
and Microsoft Windows Millennium Edition (Me):
http://www.microsoft.com/downloads/release.asp?releaseid=32831
Windows Installer for Microsoft Windows NT 4.0 and Windows 2000:
http://www.microsoft.com/downloads/release.asp?releaseid=32832
Inclusion in future service packs:
This update will be included in any future service packs for Office
2000
Installation Information for the Administrative Update
If you installed your Office 2000 product from a server location,
the server administrator must update the server location with the
administrative update and deploy that update to your computer.
1. Download the administrative version of the Word 2000 Security
Update
2. Click Save to save the office2000-kb830347-fullfile-enu.exe file
to the selected folder.
3. In Windows Explorer, double-click
office2000-kb830347-fullfile-enu.exe.
4. If you are prompted to install the update, click Yes.
5. Click Yes to accept the License Agreement.
6. In the Type the location where you want to place the extracted
files box, type c:\kb830347, and then click OK.
7. Click Yes when you are prompted to create the folder.
8. If you are familiar with the procedure for updating your
administrative installation, click Start, and then click Run. Type
the following command in the Open box
msiexec /a Admin Path\MSI File /p C:\kb830347\MSP File SHORTFile
NameS=TRUE
where Admin Path is the path to your administrative installation
point for Office 2000 (for example, C:\Office2000), MSI File is the
.msi database package for the Office 2000 product (for example,
Data1.msi), and MSP File is the name of the administrative update
(for example, WINWORDff.msp).
Note: You can append /qb+ to the command line so that the Office
2000 Administrative Installation dialog box and the End User
License Agreement dialog box do not appear.
Deployment Information
To deploy the update to the client workstations, click Start, and
then click Run. Type the following command in the Open box
msiexec /i Admin Path\MSI File REINSTALL=Feature List
REINSTALLMODE=vomu
where Admin Path is the path to your administrative installation
point for Office 2000 (for example, C:\Office2000), MSI File is the
MSI database package for the Office 2000 product (for example,
Data1.msi), and Feature List is the list of feature names (case
sensitive) that have to be reinstalled for the update. To install
all features, you can use REINSTALL=ALL, or you can install the
following feature(s):
WORDFiles
For additional information about how to update your administrative
installation and deploy to client workstations, click the following
article number to view the article in the Microsoft Knowledge Base:
304165 OFF2000: How to Install a Public Update to an Administrative
Installation
Restart Requirement
No Restart required.
Removal Information
This security update can not be uninstalled
File Information
The English version of this update contains the following files:
File Name Size Date File Version
winword.exe 8,826,932 10/20/2003 9.0.0.8216
To determine the version of Word that is installed on your
computer, follow these steps.
Note: Because there are several versions of Microsoft Windows, the
following steps may be different on your computer. If they are, see
your product documentation to complete these steps.
1. Click Start, and then click Search.
2. In the Search Results pane, click All files and folders under
Search Companion.
3. In the All or part of the file name box, type Winword.exe, and
then click Search.
4. In the list of files, right-click Winword.exe, and then click
Properties.
5. On the Version tab, determine the version of Word that is
installed on your computer.
For additional information about how to determine the version of
Word 2000 on your computer, click the following article number to
view the article in the Microsoft Knowledge Base:
255275 OFF2000: How to Determine the Version of Your Office Program
Note: If the Word 2000 Security Update: KB830347 is already
installed on your computer, you receive the following error message
when you try to install the Word 2000 Security Update: KB830347:
This update has already been applied or is included in an update
that has already been applied.
The update contains updated versions of the following files:
File Name Size Date File Version
winword.exe 8,826,932 10/20/2003 9.0.0.8216
[plus.gif] Microsoft Word 2002
Prerequisites Client Update
Important Before you install this update, make sure that the
following requirements have been met:
* Microsoft Windows Installer 2.0
Before you install this update, you must install Windows Installer
2.0 or later. For additional information about this requirement,
see the "Windows Installer Update Requirements" section of this
bulletin.
* Office XP Service Pack 2 (SP-2)
Before you install this update, install Office XP SP-2. For
additional information about how to install Office XP Service Pack
2, click the following article number to view the article in the
Microsoft Knowledge Base:
325671 OFFXP: Overview of the Office XP Service Pack 2
Inclusion in future service packs:
This update will be included in any future service packs for Office
XP
Installation Information Client:
This security update supports the following Setup switches:
These switches do not work with all update files. If a switch does
not work, the functionality is necessary for that package.
/q Specifies quiet mode, or suppresses prompts, when files are
being extracted.
/q:u Specifies user-quiet mode, which presents some dialog boxes to
the user.
/q:a Specifies administrator-quiet mode, which does not present any
dialog boxes to the user.
/t:path Specifies the target folder for extracting files.
/c Extracts the files without installing them. If /t: path is not
specified, you are prompted for a target folder.
/c:path Specifies the path and name of the Setup .inf or .exe file.
/r:n Never restarts the computer after installation.
/r:i Prompts the user to restart the computer if a restart is
required, except when used with /q:a.
/r:a Always restarts the computer after installation.
/r:s Restarts the computer after installation without prompting the
user.
/n:v No version checking - Install the program over any previous
version.
Note: The use of the /n:v switch is unsupported and may result in
an unbootable system. If the installation is unsuccessful, you
should consult your support professional to understand why it
fails.
For more information, see the Internet Explorer Administration Kit
(IEAK).
If you installed Word from a CD-ROM, you have the following two
options:
* Use the Office Product Updates Web site to automatically install
all the latest updates that include all available service packs
and public updates.
-or-
* Install only the Microsoft Word 2002 Security Update: KB830346 by
following the steps described later in this bulletin.
Note: Microsoft recommends that you install the client update by
using the Office Product Updates Web site. The Office Product
Updates Web site detects your particular installation of Microsoft
Office and prompts you to install exactly what you must have to
make sure that your Office installation is completely up-to-date.
Office Product Updates Web Site
To have the Office Product Updates Web site detect the required
updates that you must install on your computer, visit the following
Microsoft Web site:
http://office.microsoft.com/ProductUpdates/default.aspx
After detection is complete, you receive a list of recommended
updates for your approval. Click Start Installation to complete the
process.
Deployment Information
1. Download the client version of the Word 2002 Security Update
2. Click Save to save the officexp-kb830346-client-enu.exe file to
the selected folder.
3. In Windows Explorer, double-click
officexp-kb830346-client-enu.exe.
4. If you are prompted to install the update, click Yes.
5. Click Yes to accept the License Agreement.
6. Insert your Office XP CD-ROM when you are prompted to do so, and
then click OK.
7. When you receive a message that indicates the installation was
successful, click OK.
Note: After you install the update, you cannot remove it. To revert
to an installation before the update was installed, you must remove
Office XP, and then install it again from the original CD-ROM.
Restart Requirement
No Restart required.
Removal Information
This security update can not be uninstalled
How to Determine Whether the Update Is Installed
To determine the version of Word that is installed on your
computer, follow these steps.
Note: Because there are several versions of Microsoft Windows, the
following steps may be different on your computer. If they are, see
your product documentation to complete these steps.
1. Click Start, and then click Search.
2. In the Search Results pane, click All files and folders under
Search Companion.
3. In the All or part of the file name box, type Winword.exe, and
then click Search.
4. In the list of files, right-click Winword.exe, and then click
Properties.
5. On the Version tab, determine the version of Word that is
installed on your computer.
The English version of the update contains the following files:
File Name Size Date File Version
winword.exe 10,355 KB 10/16/03 10.0.5815.0
Installation Information Administrative Update
Prerequisites Administrative Update
Windows Installer Update Requirements
To install the update that is described in this bulletin requires
Windows Installer 2.0 or later. Both Microsoft Windows XP and
Microsoft Windows 2000 Service Pack 3 (SP3) include Windows
Installer 2.0 or later. To install the latest version of the
Windows Installer, visit one of the following Microsoft Web sites.
Windows Installer for Microsoft Windows 95, Microsoft Windows 98,
and Microsoft Windows Millennium Edition (Me):
http://www.microsoft.com/downloads/release.asp?releaseid=32831
Windows Installer for Microsoft Windows NT 4.0 and Windows 2000:
http://www.microsoft.com/downloads/release.asp?releaseid=32832
Inclusion in future service packs:
This update will be included in any future service packs for Office
XP
Installation Information for the Administrative Update
If you installed your Office XP product from a server location, the
server administrator must update the server location with the
administrative update and deploy that update to your computer.
1. Download the administrative version of the Word 2002 Security
Update
2. Click Save to save the officexp-kb830346-fullfile-enu.exe file to
the selected folder.
3. In Windows Explorer, double-click
officexp-kb830346-fullfile-enu.exe.
4. If you are prompted to install the update, click Yes.
5. Click Yes to accept the License Agreement.
6. In the Type the location where you want to place the extracted
files box, type c:\kb830346, and then click OK.
7. Click Yes when you are prompted to create the folder.
8. If you are familiar with the procedure for updating your
administrative installation, click Start, and then click Run. Type
the following command in the Open box
msiexec /a Admin Path\MSI File /p C:\kb830346\MSP File SHORTFile
NameS=TRUE
where Admin Path is the path to your administrative installation
point for Office XP (for example, C:\OfficeXP), MSI File is the
.msi database package for the Office XP product (for example,
Data1.msi), and MSP File is the name of the administrative update
(for example, WINWORDff.msp).
Note: You can append /qb+ to the command line so that the Office
XP Administrative Installation dialog box and the End User License
Agreement dialog box do not appear.
Deployment Information
To deploy the update to the client workstations, click Start, and
then click Run. Type the following command in the Open box
msiexec /i Admin Path\MSI File REINSTALL=Feature List
REINSTALLMODE=vomu
where Admin Path is the path to your administrative installation
point for Office XP (for example, C:\OfficeXP), MSI File is the MSI
database package for the Office XP product (for example,
Data1.msi), and Feature List is the list of feature names (case
sensitive) that have to be reinstalled for the update. To install
all features, you can use REINSTALL=ALL, or you can install the
following feature(s):
WORDFiles
For additional information about how to update your administrative
installation and deploy to client workstations, click the following
article number to view the article in the Microsoft Knowledge Base:
301348 OFFXP: How to Install a Public Update to an Administrative
Installation
Restart Requirement
No Restart required.
Removal Information
This security update can not be uninstalled
File Information
The English version of this update has the file attributes (or
later) that are listed in the following table.
File Name Size Date File Version
winword.exe 10,355 KB 10/16/2003 10.0.5815.0
To determine the version of Word that is installed on your
computer, follow these steps.
Note: Because there are several versions of Microsoft Windows, the
following steps may be different on your computer. If they are, see
your product documentation to complete these steps.
1. Click Start, and then click Search.
2. In the Search Results pane, click All files and folders under
Search Companion.
3. In the All or part of the file name box, type Winword.exe, and
then click Search.
4. In the list of files, right-click Winword.exe, and then click
Properties.
5. On the Version tab, determine the version of Word that is
installed on your computer.
For additional information about how to determine the version of
Word 2002 on your computer, click the following article number to
view the article in the Microsoft Knowledge Base:
291331 HOW TO: Check the Version of Office XP
Note: If the Word 2002 Security Update: KB830346 is already
installed on your computer, you receive the following error message
when you try to install Word 2002 Security Update: KB830346:
This update has already been applied or is included in an update
that has already been applied.
The English version of the update contains the following file:
File Name Size Date File Version
winword.exe 10,355 KB 10/16/2003 10.0.5815.0
Acknowledgments
Microsoft thanks for working with us to protect customers:
* Kazuyuki Housaka for reporting the issue in Excel.
Obtaining other security updatees:
Updatees for other security issues are available from the following
locations:
* Security updatees are available from the Microsoft Download
Center, and can be most easily found by doing a keyword search for
"security_update".
* Updatees for consumer platforms are available from the
WindowsUpdate web site
Support:
* Technical support is available from Microsoft Product Support
Services at 1-866-PCSAFETY. There is no charge for support calls
associated with security patches.
* International customers can get support from their local Microsoft
subsidiaries. There is no charge for support associated with
security updates. Information on how to contact Microsoft support
is available at
http://support.microsoft.com/common/international.aspx
Security Resources:
* The Microsoft TechNet Security Web Site provides additional
information about security in Microsoft products.
* Microsoft Software Update Services: http://www.microsoft.com/sus/
* Microsoft Baseline Security Analyzer (MBSA) details:
http://www.microsoft.com/mbsa. Please see
http://support.microsoft.com/default.aspx?scid=kb;EN-US;306460 for
list of security updatees that have detection limitations with
MBSA tool.
* Windows Update Catalog:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;323166
* Windows Update: http://windowsupdate.microsoft.com
* Office Update: http://office.microsoft.com/officeupdate/
Disclaimer:
The information provided in the Microsoft Knowledge Base is provided
"as is" without warranty of any kind. Microsoft disclaims all
warranties, either express or implied, including the warranties of
merchantability and fitness for a particular purpose. In no event
shall Microsoft Corporation or its suppliers be liable for any damages
whatsoever including direct, indirect, incidental, consequential, loss
of business profits or special damages, even if Microsoft Corporation
or its suppliers have been advised of the possibility of such damages.
Some states do not allow the exclusion or limitation of liability for
consequential or incidental damages so the foregoing limitation may
not apply.
Revisions:
* V1.0 (November 11, 2003): Bulletin published.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed