|
|
| From: Microsoft Office News [mailto:MicrosoftOfficeNews_005442@news.newswire.microsoft.com] Sent: Saturday, January 23, 1999 3:07 PM Subject: Special Alert: Two Office Security Issues and Outlook Archive Problem As a valued Office
News Service subscriber, we wanted you to be aware of
three new patches (currently available or in development)
that address issues in Microsoft Office. Two patches fix
recently discovered Office security issues, and the third
will fix an Outlook archive fidelity problem. Read the
following for a description of each Office product issue,
whether you could be affected, and where you can go for
more information or to download the appropriate patch. The Forms Control Security Patch addresses a vulnerability that occurs when the Forms 2.0 Control (fm20*.dll) is available on a user's system. Forms 2.0 is a component object model (COM) component that developers use to create custom dialog boxes. This control is a part of Microsoft Visual Basic for Applications and is installed with Office 97, Microsoft Project 98, Visual Basic version 5.0, and third-party applications that license Visual Basic. Potentially, a malicious hacker could use the Forms 2.0 Control to read or export text on a user's Clipboard when that user visits a Web site or opens an HTML e-mail message created by the malicious hacker. The Forms 2.0 Control Security Patch prevents a hacker from exploiting this vulnerability. If you install the patch, you will not lose Clipboard functionality. In addition, the patch will not disable legitimate solutions built by developers using the Forms 2.0 Control. Microsoft strongly recommends that all users of the affected programs (listed above) download and install this patch. Check back at the link listed above for information on
international versions of this patch. The Word 97 Template Security Patch addresses a vulnerability that allows malicious code to be run without warning when a user opens a Word 97 document. Currently, when you open a Word document that contains macros, you receive a warning message asking whether or not you want to enable the macros. However, if a document that doesn't contain macros is linked to a template that contains macros, you do not receive a warning message. A hacker could exploit this vulnerability by causing malicious code to be run without warning when a user visits a Web site or opens a Word document attached to an e-mail message. This malicious code could be used to damage data on a user's system. The Word 97 Template Security Patch prevents a hacker from exploiting this vulnerability. After you install the patch, if you open a Word document linked to a template that contains macros, you will receive a warning message. The patch will not disable your use of templates or macros on templates. Microsoft recommends that all Word 97 users download and install this patch. Check back at the link listed above for information on
international versions of this patch. ------------------------------------------------------------------------------------------------------------------- Outlook 97 and Outlook 98 users should be aware of an archive fidelity issue that may cause you to lose data during an archive process. If you perform an archive operation in Outlook and for an external reason your computer fails (for instance, if you lose power), some of the information being archived may be lost from both the original folder and the folder to which it was being archived. During the archive process, there is a small amount of time when the archival information is only in memory before being written to the archive personal store (PST) file. Thus, if a computer failure occurs at this exact time, the items that are in memory are lost. A patch for this issue is currently in development and should be available for download next month. The patch will change the archive mechanism in Outlook to ensure that archived items are fully written to disk before they are deleted from the source folder. After you download and install the patch, you will not risk data loss should your computer fail in the middle of the archive process. This archive fidelity problem will also be corrected in future versions of Outlook. Check the link listed above for updated information on the patch as it becomes available. Prior to patch availability, you may want to refrain from using the Archive and AutoArchive features in Outlook. Check back at the link listed above for information on
international versions of this patch. ------------------------------------------------------------------------------------------------------------------- Microsoft, Outlook, and Visual Basic are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners. ~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~ |
