Preventing Viruses in Microsoft Office® Products

The intention of this document is to help readers prevent viruses and worms by presenting a procedure for readers to use to protect themselves against the recent Microsoft Office vulnerability postings.

Current Problem as of 9-8-2003

Several flaws (programming errors) have recently been discoverd in Microsoft Office products. These flaws may allow attackers to compromise your systems. This means that because of these flaws several new viruses and vulnerability exploiting worm programs will most likely be introduced on the internet within the next few weeks. The impact of these new vulnerabilities and worms is expected to be severe and possibly affect operations on the internet, especially email for some period of time. It is likely that readers of email will see attached files mailed to them from their friends or others that they do not know. These attached files will likely be a Word document file (.doc) or some other type of file opened by one of the Microsoft Office products in spite of the fact that many curent viruses are circulating as .pif files and other file types.

Recent Virus behavior

Please note that even though a email appears to come from a friend or a particular person, there is no way that you can be sure this person actually sent the email. This is because there is no way provided in the internet email system to confirm that any given person actually sent a message. Anyone can fake a message and make it look like someone else sent the message. This is how it may at least appear to readers on the surface unless the properties of the message are examined in greater detail. Many viruses today can look in an address book and choose two addresses and use one as the recipient and the other one as the (faked) sender. Therefore then the recipient gets the message it will appear to be from a possible friend when indeed it is not. The only fact you can be sure of is that the person who has the virus has both the sender of the email and the recipient of the email in their address book.

The Solution

To keep yourself from being able to catch viruses that use these vulnerabilities, use the following procedure to update your version of Microsoft Office. Although this procedure may keep you from getting a virus now, it will not guarantee that new vulnerabilities will not be discovered in the future which will make you vulnerable to future viruses. Also this does not replace prudence when it comes to being careful about what e-mail attachments a reader chooses to open. You will need your Microsoft Office CD which you installed your product from to complete this update.

  1. To determine what type of Office product you have and what service pack is running you can open Microsoft Word. From Microsoft Word click on "Help" at the top of the program then select "About Microsoft Word". One of the lines at the top should read:

    Microsoft® Word 2000 (9.0.6926 SP-3)

    This indicates that this version has Service Pack 3 applied. It also indicates that Office 2000 is the Office Suite being used. A service pack is a group of updates rolled into one file which fixes many problems with the product including security updates up to the point in time when the service pack was released. If your description does not indicate a service pack is installed, then a service pack in not installed with your office version.
  2. Download Updates:

    To get updated automatically go to http://office.microsoft.com/productupdates. To see available downloads for Office products go to http://office.microsoft.com/officeupdate/default.aspx.

    Either use the automatic product update ability at http://office.microsoft.com/productupdates or do the updates manually as shown below depending on your Office Suite type as shown below.
  3. Install Updates - I recommend you install the updates required in the same order as listed above for your Office version. You will need your Office CD which you installed Microsoft Office from. If you need the service pack, install it first, then install the other patches. You may want to use the following procedure for Office 2000:
    1. Put your Office installation CD in your CD ROM drive.
    2. If SP3 is not installed double click the SP3 file you downloaded (O2kSp3.exe). Answer "Yes" when asked if you want to install the update. Accept the license agreement when asked. You will need to reboot your system once the install is done.
    3. If you are using Windows 2000 or XP operating system, use the Notepad program (Programs--Accessories--Notepad) to make a batch file with the below content. If you are using Windows 9x just run the below programs in the order listed by double clicking on each one after the previous installation is complete.
      office2000-kb822035-client-enu.exe
      office2000-kb824993-client-enu.exe
      office2000-kb824936-client-enu.exe
      office2000-kb827431-client-enu.exe
      office2000-kb826292-client-enu.exe
      
    4. Save the batch file as updateo2k.bat with your other files that you downloaded.
    5. Double click the updateo2k.bat that you just created with notepad. Each update will run. For each update answer "Yes" when asked if you want to install the update and accept the license agreement when asked. A few updates may not install with a message that the "expected version of this product was not found". This is usually because the feature requiring this update was not installed on your system.
    You may want to use the following procedure for Office XP:
    1. Put your Office installation CD in your CD ROM drive.
    2. If SP1 is not installed double click the SP1 file you downloaded (Oxpsp1.exe). Answer "Yes" when asked if you want to install the update. Accept the license agreement when asked. You will NOT need to reboot your system once the install is done.
    3. If SP2 is not installed double click the SP2 file you downloaded (OxpSp2.exe). Answer "Yes" when asked if you want to install the update. Accept the license agreement when asked. You will NOT need to reboot your system once the install is done.
    4. Run the below programs in the order listed by double clicking on each one after the previous installation is complete:
      officexp-kb822036-client-enu.exe
      officexp-kb824938-client-enu.exe
      officexp-kb824934-client-enu.exe
      access2002-runtime-kb813617-client-enu.exe
      officexp-kb827430-client-enu.exe
      officexp-kb826293-client-enu.exe
      
    5. For each update answer "Yes" when asked if you want to install the update and accept the license agreement when asked. A few updates may not install with a message that the "expected version of this product was not found". This is usually because the feature requiring this update was not installed on your system.

Sites for more information

Author:  Mark Allen