[73] in sw-release-announce
Vulnerability in Microsoft PowerPoint and Excel (Mac & Win)
daemon@ATHENA.MIT.EDU (Jonathan McIndoe Hunt)
Tue Oct 9 16:37:11 2001
Message-Id: <5.1.0.14.2.20011009162747.06ed9e28@hesiod>
Date: Tue, 09 Oct 2001 16:34:53 -0400
To: itpartners@MIT.EDU, macpartners@MIT.EDU, winpartners@MIT.EDU,
sw-release-announce@MIT.EDU
From: Jonathan McIndoe Hunt <jmhunt@MIT.EDU>
Cc: infosys@MIT.EDU, itag@MIT.EDU
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
To: MIT Community winpartners@mit.edu, macpartners@mit.edu,
itpartners@mit.edu, sw-release-announce@mit.edu
From: Software Release Team <swrt@mit.edu>
Subj: Vulnerability in Microsoft PowerPoint and Excel (Mac & Win)
Cc: infosys@mit.edu, itag@mit.edu
----------
Good Afternoon,
Microsoft has released a group of patches to fix a recently announced
vulnerability in all of the current versions of Microsoft Office: 2000 and
XP (2002) for Windows and 98 and 2001 for Macintosh. We recommend that
you apply these patches as soon as possible. If you do not apply the
patch, opening an Excel spreadsheet or PowerPoint presentation could result
in the following actions by a hacker:
- reading, deleting, or modifying data, either locally or on open file shares
- modifying security settings (including macro virus protection settings)
- sending electronic mail
- posting data to or retrieving data from web sites
For more information about the problem and to obtain the patches, visit:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-050.asp
The SWRT has done a small amount of testing and has not found any issues
with installing these patches on Office 2000, 2001, and XP (2002). One
thing noted during our tests is that Windows patches may require the Office
CD to install.
If you are supported by a local area expert, check with them before
applying the patches as they may have more up to date information.
Patches are not available for Excel and PowerPoint 97 because Microsoft has
discontinued support for Office 97. We recommend that you upgrade to a
more recent version of Office or you will be vulnerable to this and other
macro based attacks.
If you need assistance, please contact the Computing Help Desk at
computing-help@mit.edu or x3-1104.
Thanks,
Jonathan
p.s. We are attempting to determine the appropriate levels of communication
sent to various mailing lists. Please let us know if this message is
useful, too much information, or something else by sending a note to
swrt@mit.edu.
______________________________________
Jonathan M. Hunt
Windows Platform Coordinator and
Co-Team Leader for Software Release Team
Information Systems
W92-191 x3-0172
