|
|
|
|
Microsoft Releases Two Security Patches January 21, 1999
REDMOND, Wash., Jan. 21 -- Microsoft Corp. has provided patches for recently
discovered security vulnerabilities in Microsoft(R) Word 97 and the Microsoft Forms
version 2.0 ActiveX(R) Control, and has broadly communicated the availability of these
fixes to third-party vendors and more than 1 million customers. These vulnerabilities
could be misused by hackers to run malicious code on a user's machine without warning.
Although there have not been any reports of customers being adversely affected by hackers
through these mechanisms, Microsoft recognizes customers' concerns and has moved quickly
to broadly inform them of these issues and help protect them with fixes. Information on
these issues as well as the patches can be downloaded from Word 97 Template Security Patch The Word 97 Template security patch prevents a hacker from exploiting this vulnerability. After installing the patch, users will be warned before they launch a template that contains a macro. Installing the patch will not disable use of templates or macros on templates. Microsoft recommends that all users download the patch. Microsoft Forms 2.0 Control Security Patch The Forms 2.0 Control security patch addresses the vulnerability that occurs when the Forms 2.0 Control is available on a user's system. The patch prevents a hacker from exploiting the identified vulnerability. Customers who install the patch will not lose functionality of the Forms 2.0 Control, and developers will continue to be able to rely on using it for legitimate functionality. If customers are unsure if this control is present on their system, they should follow the steps indicated at http://officeupdate.microsoft.com/downloaddetails/fm2paste.htm Notifications about these issues were posted to the Microsoft Security Advisor Web site at http://www.microsoft.com/security/ and have also been sent to the Microsoft Security Notification listserve, to which anyone can subscribe (more information is available at http://www.microsoft.com/security/) as well as to the Computer Emergency Response Team (CERT), an industry security organization based at Carnegie Mellon University, which coordinates and distributes security information to corporate, academic and government users. In addition, Microsoft is informing all third-party vendors licensing VBA and more than 1 million customers who subscribe to the Office News Service. As with all security issues, Microsoft will continue to keep its customers informed. The company continues to work closely with individuals and vendors in the software security community and recommends that customers run the latest security software available. For more information updates on security issues, customers should visit http://www.microsoft.com/security/. Microsoft, ActiveX, Visual Basic and Outlook are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries. Other product and company names herein may be trademarks of their respective owners. SOURCE Microsoft Corp. |
|
