Aleph1, have you forwarded this to the list yet? ---------- Forwarded message ---------- Date: Tue, 24 Aug 1999 18:20:26 -0700 From: Microsoft <Microsoft_014525at_private> To: jkatzat_private Subject: Special Alert - Office News Service This special edition of the Office News Service is to inform you about the availability of a patch for the Excel "ODBC Driver" vulnerability recently reported to Microsoft. To cancel your subscription to the Office News Service, reply to this e-mail with the word UNSUBSCRIBE in the Subject Line. To stop receiving all newsletter e-mail from Microsoft.com, reply to this e-mail with the word STOPMAIL in the Subject Line. On July 27, 1999, Microsoft became aware of a security issue involving the ODBC database driver that is installed as a part of Excel 97. It is possible that a malicious coder could create an Excel 97 spreadsheet that exploits a vulnerability in this database driver to delete files and perform other malicious acts. A user could encounter this problem by opening a spreadsheet attached to an e-mail message or linked from a Web site. In the course of producing the solution to this security issue, Microsoft testing became aware of a separate vulnerability in the ODBC database driver that may affect Excel 2000 users. This vulnerability is related to the IISAM component of the ODBC database driver and could be exploited using an Excel 2000 query to perform malicious acts similar to those described in Excel 97 "ODBC Driver" Vulnerability. Microsoft has produced a solution to this specific vulnerability and incorporated it into this update. Now available for download, the following update addresses the Excel "ODBC Driver" Vulnerability: http://officeupdate.microsoft.com/Articles/mdac_typ.htm There, you will see your download options in the Table of Contents area of the page.* The patch updates the Jet 3.51 and the IISAM component of the ODBC database driver, which eliminates the vulnerability that could be exploited to perform malicious acts, such as deleting files on a user's machine. This update also includes the previously released Office Document Open Confirmation Tool that prompts Office users for confirmation when opening Office documents (Word, Excel, PowerPoint, or Access) launched from within Internet Explorer. While this update was designed specifically for Microsoft Office users, it may be safely used to update Microsoft Jet 3.51 [4.0] files without the presence of Office files. Microsoft recommends that all Office 97/2000 and Excel 97/2000 users update their systems with this security update. If you experience any problems with this download or the Office Update site, please consult the following support page for assistance: http://officeupdate.microsoft.com/Articles/ousupport.htm Thank you very much for your attention. ------------------------------------------------------------------------------------------------------------ * Please note that for any download, connect-time charges may apply. ------------------------------------------------------------------------------------------------------------ Microsoft and PowerPoint are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners. ------------------------------------------------------------------------------------------------------------ HOW TO USE THIS MAILING LIST: To cancel your subscription to this specific newsletter, reply to this e-mail with the word UNSUBSCRIBE in the Subject Line. To stop receiving all newsletter e-mail from Microsoft.com, reply to this e-mail with the word STOPMAIL in the Subject Line. You can also unsubscribe at: http://www.microsoft.com/misc/unsubscribe.htm You can manage all your Microsoft.com communication preferences from this site. THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to change in market conditions, it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED 'AS IS' WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND FREEDOM FROM INFRINGEMENT. The user assumes the entire risk as to the accuracy and the use of this document. This document may be copied and distributed subject to the following conditions: 1. All text must be copied without modification and all pages must be included 2. All copies must contain Microsoft's copyright notice and any other notices provided therein 3. This document may not be distributed for profit. Sent to: jkatzat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:58:37 PDT