Special Alert - Office News Service (fwd)

[jkatz () IN NET (Jon Katz)]

Aleph1, have you forwarded this to the list yet?

---------- Forwarded message ----------
Date: Tue, 24 Aug 1999 18:20:26 -0700
From: Microsoft <Microsoft_014525 () newswire microsoft com>
To: jkatz () in net
Subject: Special Alert - Office News Service

This special edition of the Office News Service is to inform you about the
availability of a patch for the Excel "ODBC Driver" vulnerability recently
reported to Microsoft.  To cancel your subscription to the Office News
Service, reply to this e-mail with the word UNSUBSCRIBE in the Subject
Line.  To stop receiving all newsletter e-mail from Microsoft.com, reply
to this e-mail with the word STOPMAIL in the Subject Line.

On July 27, 1999, Microsoft became aware of a security issue involving the
ODBC database driver that is installed as a part of Excel 97.  It is
possible that a malicious coder could create an Excel 97 spreadsheet that
exploits a vulnerability in this database driver to delete files and
perform other malicious acts.  A user could encounter this problem by
opening a spreadsheet attached to an e-mail message or linked from a Web
site.

In the course of producing the solution to this security issue, Microsoft
testing became aware of a separate vulnerability in the ODBC database
driver that may affect Excel 2000 users.  This vulnerability is related to
the IISAM component of the ODBC database driver and could be exploited
using an Excel 2000 query to perform malicious acts similar to those
described in Excel 97 "ODBC Driver" Vulnerability.  Microsoft has produced
a solution to this specific vulnerability and incorporated it into this
update.

Now available for download, the following update addresses the Excel "ODBC
Driver" Vulnerability:
http://officeupdate.microsoft.com/Articles/mdac_typ.htm There, you will
see your download options in the Table of Contents area of the page.*

The patch updates the Jet 3.51 and the IISAM component of the ODBC
database driver, which eliminates the vulnerability that could be
exploited to perform malicious acts, such as deleting files on a user's
machine.  This update also includes the previously released Office
Document Open Confirmation Tool that prompts Office users for confirmation
when opening Office documents (Word, Excel, PowerPoint, or Access)
launched from within Internet Explorer.  While this update was designed
specifically for Microsoft Office users, it may be safely used to update
Microsoft Jet 3.51 [4.0] files without the presence of Office files.

Microsoft recommends that all Office 97/2000 and Excel 97/2000 users
update their systems with this security update.

If you experience any problems with this download or the Office Update
site, please consult the following support page for assistance:
http://officeupdate.microsoft.com/Articles/ousupport.htm

Thank you very much for your attention.

------------------------------------------------------------------------------------------------------------

* Please note that for any download, connect-time charges may apply.

------------------------------------------------------------------------------------------------------------

Microsoft and PowerPoint are either registered trademarks or trademarks of Microsoft Corporation in the United States 
and/or other countries.  Other product and company names mentioned herein may be the trademarks of their respective 
owners.

------------------------------------------------------------------------------------------------------------

HOW TO USE THIS MAILING LIST:
To cancel your subscription to this specific newsletter, reply to this e-mail with the word UNSUBSCRIBE in the Subject 
Line. To stop receiving all newsletter e-mail from Microsoft.com, reply to this e-mail with the word STOPMAIL in the 
Subject Line. You can also unsubscribe at:
http://www.microsoft.com/misc/unsubscribe.htm
You can manage all your Microsoft.com communication preferences from this site.

THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. The information contained in this document represents the 
current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must 
respond to change in market conditions, it should not be interpreted to be a commitment on the part of Microsoft and 
Microsoft cannot guarantee the accuracy of any information presented after the date of publication. INFORMATION 
PROVIDED IN THIS DOCUMENT IS PROVIDED 'AS IS' WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT 
NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND FREEDOM FROM 
INFRINGEMENT. The user assumes the entire risk as to the accuracy and the use of this document. This document may be 
copied and distributed subject to the following conditions: 1. All text must be copied without modification and all 
pages must be included 2. All copies must contain Microsoft's copyright notice and any other notices pr
ovided therein 3. This document may not be distributed for profit.

  Sent to: jkatz () in net