Home | Independent | Security

Preventing Viruses in Microsoft Office® Products

The intention of this document is to help readers prevent viruses and worms by presenting a procedure for readers to use to protect themselves against the recent Microsoft Office vulnerability postings.

Current Problem as of 9-8-2003

Several flaws (programming errors) have recently been discoverd in Microsoft Office products. These flaws may allow attackers to compromise your systems. This means that because of these flaws several new viruses and vulnerability exploiting worm programs will most likely be introduced on the internet within the next few weeks. The impact of these new vulnerabilities and worms is expected to be severe and possibly affect operations on the internet, especially email for some period of time. It is likely that readers of email will see attached files mailed to them from their friends or others that they do not know. These attached files will likely be a Word document file (.doc) or some other type of file opened by one of the Microsoft Office products in spite of the fact that many curent viruses are circulating as .pif files and other file types.

Recent Virus behavior

Please note that even though a email appears to come from a friend or a particular person, there is no way that you can be sure this person actually sent the email. This is because there is no way provided in the internet email system to confirm that any given person actually sent a message. Anyone can fake a message and make it look like someone else sent the message. This is how it may at least appear to readers on the surface unless the properties of the message are examined in greater detail. Many viruses today can look in an address book and choose two addresses and use one as the recipient and the other one as the (faked) sender. Therefore then the recipient gets the message it will appear to be from a possible friend when indeed it is not. The only fact you can be sure of is that the person who has the virus has both the sender of the email and the recipient of the email in their address book.

The Solution

To keep yourself from being able to catch viruses that use these vulnerabilities, use the following procedure to update your version of Microsoft Office. Although this procedure may keep you from getting a virus now, it will not guarantee that new vulnerabilities will not be discovered in the future which will make you vulnerable to future viruses. Also this does not replace prudence when it comes to being careful about what e-mail attachments a reader chooses to open. You will need your Microsoft Office CD which you installed your product from to complete this update.

To determine what type of Office product you have and what service pack is running you can open Microsoft Word. From Microsoft Word click on "Help" at the top of the program then select "About Microsoft Word". One of the lines at the top should read:
Microsoft® Word 2000 (9.0.6926 SP-3)
This indicates that this version has Service Pack 3 applied. It also indicates that Office 2000 is the Office Suite being used. A service pack is a group of updates rolled into one file which fixes many problems with the product including security updates up to the point in time when the service pack was released. If your description does not indicate a service pack is installed, then a service pack in not installed with your office version.
Download Updates:
To get updated automatically go to http://office.microsoft.com/productupdates. To see available downloads for Office products go to http://office.microsoft.com/officeupdate/default.aspx.
Either use the automatic product update ability at http://office.microsoft.com/productupdates or do the updates manually as shown below depending on your Office Suite type as shown below.
- For Office 2000:
  1. If you do not have Service Pack 3 (SP3) already installed, download and install it first. If it is installed you will see "SP-3" included in the line in step one as shown above.
    - For most Microsoft Office users the SP3 download can be found at http://www.microsoft.com/downloads/details.aspx?FamilyID=5C011C70-47D0-4306-9FA4-8E92D36332FE&displaylang=en.
    - For Office users with server extensions the SP3 download can be found at http://www.microsoft.com/downloads/details.aspx?FamilyID=BC555C80-8636-4DC8-ABD1-C1AEF4419E22&displaylang=en.
    - For Office users with MultiLanguage pack the SP3 download can be found at http://www.microsoft.com/downloads/details.aspx?FamilyId=E5E47400-AAFE-48AF-AE78-C30091821C5F&displaylang=en.
    Apply the appropriate service pack for your version of Microsoft Office. This means to double click the program you downloaded from the Microsoft web site and follow the installation instructions. When done, reboot if prompted to do so.
  2. Download Security Updates (unless you have previously done so). These include:
    - Security Patch: KB822035 at http://www.microsoft.com/downloads/details.aspx?familyid=E2CCE199-9C4A-4EEC-A3EC-9F738017F275&displaylang=en.
    - Office 2000 WordPerfect 5.x Converter Security Patch: KB824993 at http://www.microsoft.com/downloads/details.aspx?familyid=D3ED4189-315A-411A-A739-F7181310FBA7&displaylang=en.
    - Word 2000 Security Patch: KB824936 at http://www.microsoft.com/downloads/details.aspx?familyid=4A8F6ACE-E14E-4978-A9C9-6989CD03A4A3&displaylang=en.
    - Access 2000 Runtime Security Patch: KB827431 at http://www.microsoft.com/downloads/details.aspx?familyid=116B7FDC-C119-4432-813F-2283792A3AED&displaylang=en.
    - Access 2000 Snapshot Viewer Security Patch: KB826292 at http://www.microsoft.com/downloads/details.aspx?familyid=F6CB9C8E-16E3-422D-86DD-7ED5671FB8D4&displaylang=en.
- For Office XP
  1. If you do not have Service Pack 1 (SP1) and Service Pack 2 (SP2) already installed, download and install it first. If it is installed you will see "SP-2" included in the line in step one as shown above. If you need SP1 or SP2 download them. You must install SP! before installing SP2.
    - For most Microsoft Office XP users the SP1 download can be found at http://www.microsoft.com/downloads/details.aspx?FamilyID=d4d8a9a4-31fc-480b-9cd9-adccb6997ce3&displaylang=en.
    - For most Microsoft Office XP users the SP2 download can be found at http://www.microsoft.com/downloads/details.aspx?FamilyID=1a8ce553-ab76-4a63-99da-b4ed914c1514&displaylang=en.
    - For Office users with Multilingual User Interface pack the SP1 download can be found at http://www.microsoft.com/downloads/details.aspx?FamilyID=D5B7D606-F755-4847-8E1A-A259AFE34458&displaylang=en.
    - For Office users with Multilingual User Interface pack the SP2 download can be found at http://www.microsoft.com/downloads/details.aspx?FamilyID=FE381341-8C05-4CAA-88FF-E9A2CEF508C9&displaylang=en.
    Apply the appropriate service pack for your version of Microsoft Office. This means to double click the program you downloaded from the Microsoft web site and follow the installation instructions. When done, reboot if prompted to do so.
  2. Download Security Updates (unless you have previously done so). These include:
    - Office XP Security Patch: KB822036 at http://www.microsoft.com/downloads/details.aspx?familyid=6F1FC4B0-29E9-44E0-A33D-AD6B4B6A8FF4&displaylang=en.
    - Office XP WordPerfect 5.x Converter Security Patch: KB824938 at http://www.microsoft.com/downloads/details.aspx?familyid=EC563DEE-6BFB-431D-B39E-2D672C0C223F&displaylang=en.
    - Word 2002 Security Patch: KB824934 at http://www.microsoft.com/downloads/details.aspx?familyid=7D3775FC-F424-4B04-ABEB-9B4CA1EB182D&displaylang=en.
    - Access 2002 Runtime Update: KB813617 at http://www.microsoft.com/downloads/details.aspx?FamilyId=FBB400D7-8892-4086-80F1-BDC0ECD76D6D&displaylang=en.
    - Access 2002 Runtime Security Patch: KB827430 at http://www.microsoft.com/downloads/details.aspx?familyid=0B811E13-942A-4166-8890-C54DC4121104&displaylang=en.
    - Access 2002 Snapshot Viewer Security Patch: KB826293 at http://www.microsoft.com/downloads/details.aspx?familyid=B50D4863-1BBE-4009-9DF8-52D3A916D54F&displaylang=en.
- Office 97/98:
  We recommend that anyone with Office 97 or Office 98 upgrade to Office 2000 or Office XP. Office 97/98 has not had any significant updates posted by Microsoft since 2001 and is no longer supported or secure for use.
Install Updates - I recommend you install the updates required in the same order as listed above for your Office version. You will need your Office CD which you installed Microsoft Office from. If you need the service pack, install it first, then install the other patches. You may want to use the following procedure for Office 2000:
1. Put your Office installation CD in your CD ROM drive.
2. If SP3 is not installed double click the SP3 file you downloaded (O2kSp3.exe). Answer "Yes" when asked if you want to install the update. Accept the license agreement when asked. You will need to reboot your system once the install is done.
3. If you are using Windows 2000 or XP operating system, use the Notepad program (Programs--Accessories--Notepad) to make a batch file with the below content. If you are using Windows 9x just run the below programs in the order listed by double clicking on each one after the previous installation is complete.
```
office2000-kb822035-client-enu.exe
office2000-kb824993-client-enu.exe
office2000-kb824936-client-enu.exe
office2000-kb827431-client-enu.exe
office2000-kb826292-client-enu.exe
```
4. Save the batch file as updateo2k.bat with your other files that you downloaded.
5. Double click the updateo2k.bat that you just created with notepad. Each update will run. For each update answer "Yes" when asked if you want to install the update and accept the license agreement when asked. A few updates may not install with a message that the "expected version of this product was not found". This is usually because the feature requiring this update was not installed on your system.
You may want to use the following procedure for Office XP:
1. Put your Office installation CD in your CD ROM drive.
2. If SP1 is not installed double click the SP1 file you downloaded (Oxpsp1.exe). Answer "Yes" when asked if you want to install the update. Accept the license agreement when asked. You will NOT need to reboot your system once the install is done.
3. If SP2 is not installed double click the SP2 file you downloaded (OxpSp2.exe). Answer "Yes" when asked if you want to install the update. Accept the license agreement when asked. You will NOT need to reboot your system once the install is done.
4. Run the below programs in the order listed by double clicking on each one after the previous installation is complete:
```
officexp-kb822036-client-enu.exe
officexp-kb824938-client-enu.exe
officexp-kb824934-client-enu.exe
access2002-runtime-kb813617-client-enu.exe
officexp-kb827430-client-enu.exe
officexp-kb826293-client-enu.exe
```
5. For each update answer "Yes" when asked if you want to install the update and accept the license agreement when asked. A few updates may not install with a message that the "expected version of this product was not found". This is usually because the feature requiring this update was not installed on your system.

Sites for more information

Serious Bulletin for users: http://www.microsoft.com/security/security_bulletins/ms03-036.asp
Serious Bulletin for technical people: http://www.microsoft.com/technet/security/bulletin/MS03-036.asp
Other Bulletin for technical people:http://www.microsoft.com/technet/security/bulletin/MS03-035.asp
Other Bulletin for technical people:http://www.microsoft.com/technet/security/bulletin/MS03-038.asp
Other Bulletin for technical people:http://www.microsoft.com/security/security_bulletins/ms03-038.asp

Author: Mark Allen