Preventing Viruses in Microsoft Office® Products
The intention of this document is to help readers prevent viruses and worms by presenting a procedure for readers to use to protect themselves against the recent Microsoft Office vulnerability postings.
Current Problem as of 9-8-2003
Several flaws (programming errors) have recently been discoverd in Microsoft Office products. These flaws may allow attackers to compromise your systems. This means that because of these flaws several new viruses and vulnerability exploiting worm programs will most likely be introduced on the internet within the next few weeks. The impact of these new vulnerabilities and worms is expected to be severe and possibly affect operations on the internet, especially email for some period of time. It is likely that readers of email will see attached files mailed to them from their friends or others that they do not know. These attached files will likely be a Word document file (.doc) or some other type of file opened by one of the Microsoft Office products in spite of the fact that many curent viruses are circulating as .pif files and other file types.
Recent Virus behavior
Please note that even though a email appears to come from a friend or a particular person, there is no way that you can be sure this person actually sent the email. This is because there is no way provided in the internet email system to confirm that any given person actually sent a message. Anyone can fake a message and make it look like someone else sent the message. This is how it may at least appear to readers on the surface unless the properties of the message are examined in greater detail. Many viruses today can look in an address book and choose two addresses and use one as the recipient and the other one as the (faked) sender. Therefore then the recipient gets the message it will appear to be from a possible friend when indeed it is not. The only fact you can be sure of is that the person who has the virus has both the sender of the email and the recipient of the email in their address book.
To keep yourself from being able to catch viruses that use these vulnerabilities, use the following procedure to update your version of Microsoft Office. Although this procedure may keep you from getting a virus now, it will not guarantee that new vulnerabilities will not be discovered in the future which will make you vulnerable to future viruses. Also this does not replace prudence when it comes to being careful about what e-mail attachments a reader chooses to open. You will need your Microsoft Office CD which you installed your product from to complete this update.
Microsoft® Word 2000 (9.0.6926 SP-3)This indicates that this version has Service Pack 3 applied. It also indicates that Office 2000 is the Office Suite being used. A service pack is a group of updates rolled into one file which fixes many problems with the product including security updates up to the point in time when the service pack was released. If your description does not indicate a service pack is installed, then a service pack in not installed with your office version.
To get updated automatically go to http://office.microsoft.com/productupdates. To see available downloads for Office products go to http://office.microsoft.com/officeupdate/default.aspx.Either use the automatic product update ability at http://office.microsoft.com/productupdates or do the updates manually as shown below depending on your Office Suite type as shown below.
We recommend that anyone with Office 97 or Office 98 upgrade to Office 2000 or Office XP. Office 97/98 has not had any significant updates posted by Microsoft since 2001 and is no longer supported or secure for use.
office2000-kb822035-client-enu.exe office2000-kb824993-client-enu.exe office2000-kb824936-client-enu.exe office2000-kb827431-client-enu.exe office2000-kb826292-client-enu.exe
officexp-kb822036-client-enu.exe officexp-kb824938-client-enu.exe officexp-kb824934-client-enu.exe access2002-runtime-kb813617-client-enu.exe officexp-kb827430-client-enu.exe officexp-kb826293-client-enu.exe
Author: Mark Allen