TOURBUS BONUS -- 21 AUGUST 1999 -- OFFICE 97 AND 2000 SECURITY HOLES

Date:         Sat, 21 Aug 1999 17:29:03 -0500
Reply-To:     TOURBUS-Request@LISTSERV.AOL.COM
Sender:       The Internet TourBus - A virtual tour of cyberspace
              
Comments:     Resent-From: crispen@netsquirrel.com
Comments:     Originally-From: Patrick Douglas Crispen 
From:         Patrick Douglas Crispen 
Subject:      TOURBUS-BONUS -- 21 AUGUST 1999 -- OFFICE 97 AND 2000 SECURITY
              HOLES
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
 
Blah blah blah ASCII graphics blah blah ...
     _________ ____________ ________ __________ _____________ ___ _
    /         |            /        |          |             /   | \
   |          |           /         |          |            /    |  \
   |__________|__________/__________|__________|___________/     |   \
  /                                                       /______|----\
| There's nothing wrong with computers, but they aren't pigs.   |    |
\________________________________________________________|______|____|
     /   \  /   \                                             /   \
     \___/  \___/  T h e   I n t e r n e t   T o u r B u s    \___/
 
TODAY'S BONUS TOURBUS STOP(S):
    OFFICE 97 AND OFFICE 2000 SECURITY HOLES
TODAY'S BONUS TOURBUS ADDRESS(ES):
    http://officeupdate.microsoft.com/downloadDetails/excel97odbc.htm
    http://officeupdate.microsoft.com/2000/downloaddetails/excel2000odbc.htm
    http://www.zdnet.com/zdnn/stories/news/0,4586,2305495,00.html
    http://www.zdnet.com/zdnn/stories/news/0,4586,2318454,00.html
    http://www.microsoft.com/security/bulletins/MS99-030faq.asp
    http://www.artagraphs.com/
    http://www.artagraphs.com/store/h2.htm
 
Howdy, y'all, and greetings from Tuscaloosa, Alabama!
 
There's a pretty serious security hole in Microsoft Office 97 and 2000
that could make your PC vulnerable to viruses and other nasty things.
Since a vast majority of our readers use either Office 97 or 2000, I
thought it would be a good idea to tell you about this hole
immediately.
 
----------------------------------------
Office 97 and Office 2000 Security Holes
----------------------------------------
 
According to our friends at ZDNet, the Microsoft Office security hole
is in the ODBC driver of the Jet database engine (whatever that
means).  According to Microsoft,
 
      It is possible that a malicious coder could create an Excel 97
      spreadsheet that exploits a vulnerability in this database driver
      to delete files and perform other malicious acts. A user could
      encounter this problem by opening a spreadsheet attached to an
      email message or linked from a Web site.
 
Fortunately, there's no need to panic.  This hole is only
"theoretical" -- no one has actually experienced any problems because
of it.
 
How can you protect yourself from this hole?  Simple ... just download
a free security update from Microsoft.  If you use Microsoft Office
97, and especially if you use Microsoft Excel 97, you need to point
your Web browser to
 

http://officeupdate.microsoft.com/downloadDetails/excel97odbc.htm .
 
Once this page appears on your screen:
 
      1. Click on the "Download Now" link in the upper left hand corner
         of the screen.  This starts the download process.
         [Downloading just refers to the process of getting a file from
         the Internet and putting it on your computer.]
      2. You will eventually see a pop-up screen asking you to choose
         where you want the security update file (jetcopkg.exe) to be
         saved on your computer.  REMEMBER WHERE YOU SAVE THE
         JETCOPKG.EXE FILE!
      3. Minimize your Web browser (hitting the Windows and M keys at
         the same time does this quite well), find where you saved the
         JETCOPKG.EXE file, and double click on the file.  This
         installs the security update, fixing the hole.  :)
 
Microsoft Office 2000 Microsoft Excel 2000 can download the
appropriate security update at
 

.
>http://officeupdate.microsoft.com/2000/downloaddetails/excel2000odbc.htm .
 
The instructions for downloading the Office 2000 security update file
are identical to the ones we used for Office 97 (in fact, I think the
file is identical too).
 
You can learn more about the ODBC driver vulnerability problem from
our friends at ZDNet.  They first wrote about the vulnerability last
month, and you can read that story at
 

http://www.zdnet.com/zdnn/stories/news/0,4586,2305495,00.html .
 
Remember, though, that this story was written before Microsoft
released its security upgrade, so the information at the end of this
article about patching the hole is no longer accurate.  The ONLY way
to patch the hole is to download the security update we talked about a
few moments ago.
 
ZDNet also has a more recent, post-security-update story about the
hole at
 

http://www.zdnet.com/zdnn/stories/news/0,4586,2318454,00.html .
 
And, of course, our friends at Microsoft have posted a HUGE security
bulletin about the hole at
 

http://www.microsoft.com/security/bulletins/MS99-030faq.asp .
 
To be honest, unless you are a network administrator or helpdesk
support agent you really don't need to read any of these.  If you
download the security update and install it, the hole will be patched
and you can get on with your life.  :)
 
---------------------
A Quick Personal Note
---------------------
 
A few weeks ago we talked about Artagraph Reproduction Technology at
 

http://www.artagraphs.com/ .
 
Artagraphs are hyper-realistic, three-dimensional oil on canvas copies
of famous masterpieces.
 
I also mentioned that I had bought an Artagraph for my Mom for her
birthday, although I wouldn't mention which one I chose (my Mom is a
TOURBUS rider and I did not want to ruin the surprise).  Well, now
that my Mom's birthday has come and gone, I can finally tell you which
one I bought: Vincent Van Gogh's "Lilac Bushes."  You can see a copy
of that painting at
 

http://www.artagraphs.com/store/h2.htm .
 
Now I have to decide what to get my dad for HIS birthday.  :)
 
TODAY'S BONUS TOURBUS STOP(S):
    OFFICE 97 AND OFFICE 2000 SECURITY HOLES
TODAY'S BONUS TOURBUS ADDRESS(ES):
    http://officeupdate.microsoft.com/downloadDetails/excel97odbc.htm
    http://officeupdate.microsoft.com/2000/downloaddetails/excel2000odbc.htm
    http://www.zdnet.com/zdnn/stories/news/0,4586,2305495,00.html
    http://www.zdnet.com/zdnn/stories/news/0,4586,2318454,00.html
    http://www.microsoft.com/security/bulletins/MS99-030faq.asp
    http://www.artagraphs.com/
    http://www.artagraphs.com/store/h2.htm
 
--------------------------------
TODAY'S SOUTHERN WORD OF THE DAY
--------------------------------
 
ADAM (noun).  A distinct part.
Usage: "Please see if that's the only missing adam on the list"
 
[Special thanks to Peter van Marle for today's wurd]
 
You can find all of the old Southern Words of the day at

http://netsquirrel.com/crispen/word.html 
 


 















 
  








The Internet Tourbus - U.S. Library of Congress ISSN #1094-2239

 Copyright ©


 Bob Rankin and Patrick Crispen - All rights reserved












=====================[ Tourbus Rider Information ]===================

    The Internet Tourbus - U.S.  Library of Congress ISSN #1094-2238
       Copyright 1995-99, Rankin & Crispen - All rights reserved
 
   Do You Like Tourbus?  Recommend It and You Could Win a Palm Pilot!
 CLICK 
 
Archives & Advertising Info: Online at http://www.TOURBUS.com
=====================================================================
 
            .~~~.  ))
  (\__/)  .'     )  ))       Patrick Douglas Crispen
  /o o  \/     .~
{o_,    \    {              crispen@netsquirrel.com
   / ,  , )    \           http://www.netsquirrel.com/
   `~  '-' \    } ))    AOL Instant Messenger: Squirrel2K
  _(    (   )_.'
'---..{____}                  Warning: squirrels.