INFORMATION ALERT



AN UPDATE ON:
HOLES IN MICROSOFT OFFICE XP

April 26, 2002


Last night, Microsoft released a security bulletin that includes
patches to fix the script execution issue we described in our April
3 Information Alert. Essentially, when you use Microsoft Word as
your e-mail editor in Outlook, a hacker could craft an e-mail that
would automatically execute a script when you reply to or forward
the message. The script could execute without warning (no dialog
boxes asking, "Do you really want to do this?") and without
restrictions. This issue was one of two Office XP vulnerabilities
discovered by Georgi Guninski that we reported in our April 3 Office
XP alert. We promised to update you if a patch became available, so
this is our notification to you that Microsoft has released the
following patches to fix this issue:


* Microsoft Word 2000 Client Installation
<http://office.microsoft.com/downloads/2002/wrd0901.aspx>


* Microsoft Word 2000 Administrative Installation
<http://www.microsoft.com/office/ork/...n/wrd0901a.htm>


* Microsoft Word 2002 Client Installation
<http://office.microsoft.com/downloads/2002/wrd1003.aspx>


* Microsoft Word 2002 Administrative Installation
<http://www.microsoft.com/office/ork/...n/wrd1003a.htm>