Microsoft Security Bulletin (MS99-002)

[aleph1 () UNDERGROUND ORG (aleph1 () UNDERGROUND ORG)]

The following is a Security  Bulletin from the Microsoft Product Security
Notification Service.

Please do not  reply to this message,  as it was sent  from an unattended
mailbox.
                    ********************************

Microsoft Security Bulletin (MS99-002)
--------------------------------------

Patch Available for "Word 97 Template" Vulnerability

Originally Posted: January 21, 1999

Summary
=======
Microsoft has released a patch that fixes a vulnerability in Word 97 which
could permit macros to run without warning the user when the user opens a
document based on a template containing macros. A malicious hacker could
exploit this vulnerability to cause malicious macro code to be run without
warning if a user opens a Word attachment that was sent by a malicious
hacker, or posted on a web site controlled by the malicious hacker. This
malicious macro could possibly be used to damage or retrieve data on a
user's system.

A fully supported patch is available to fix this vulnerability, and
Microsoft recommends that customers download and install it to protect their
computers.

Issue
=====
Now available for download, the Word 97 Template Security Patch addresses a
vulnerability that could allow malicious macro code to be run in a Word 97
document without warning a user when the user opens the document.

A standard safety feature of Word 97 is that it warns users when a document
containing macros is opened; however, if that document does not itself
contain macros, but rather is linked to a template that does contains
macros, no warning is issued. A malicious hacker could exploit this
vulnerability to cause malicious macro code to run without warning if a user
opens a Word document attached to an email sent by the malicious hacker, or
if the user opens a Word document on a web site controlled by the malicious
hacker. This malicious macro could possibly be used to damage or retrieve
data on a user's system.

The Word 97 Template Security Patch prevents a hacker from exploiting this
vulnerability. After installing the patch, users will be warned before they
launch a document based on a template that contains macros. Installing the
patch will not disable the use of templates or macros on templates.

While there have not been any reports of customers being adversely affected
by these problems, Microsoft is releasing a patch to address any risks posed
by this issue.

Affected Software Versions
==========================
The following software versions are affected:
 - Microsoft Word 97

What Microsoft is Doing
=======================
Microsoft has released a patch that fixes the problem identified. This patch
is available for download from the sites listed below in "What Customers
Should Do".

Microsoft has made information about this patch available on the Microsoft
Office web site, and has sent information about the availability of this
patch to ISV partners licensing VBA and registered Office users.

Microsoft has sent this security bulletin to customers subscribing to the
Microsoft Product Security Notification Service. See "Signing up for the
Microsoft Product Security Notification Service"
(http://www.microsoft.com/security/services/bulletin.asp) for more
information about this free customer service.

Microsoft has published the following Knowledge Base (KB) article on this
issue:

 - Microsoft Knowledge Base (KB) article Q214652,
   "No Macro Warning Opening File Attached to Template
   Containing Macros",
   http://support.microsoft.com/support/kb/articles/q214/6/52.asp

(Note: It might take 24 hours from the original posting of this bulletin for
the KB article to be visible in the Web-based Knowledge Base.)

What customers should do
========================
Microsoft highly recommends that all affected customers download the patch
to protect their computers. The complete URL for each affected software
version is given below.

Customers can obtain the patch from the free Office Update service. To
obtain this patch using Office Update, visit the Office Update site at
http://officeupdate.microsoft.com/downloaddetails/wd97sp.htm.

More Information
================
Please see the following references for more information related to this
issue.

 - Patch Available for "Word 97 Template" Vulnerability
   (the Web-posted version of this bulletin),
   http://www.microsoft.com/security/bulletins/ms99-002.asp
 - Microsoft Knowledge Base (KB) article Q214652,
   "No Macro Warning Opening File Attached to Template
   Containing Macros",
   http://support.microsoft.com/support/kb/articles/q214/6/52.asp

Acknowledgements
================
Microsoft would like to thank Woody's Office Watch and their reader, DavidF,
for notifying us about this vulnerability.

Obtaining Support on this Issue
===============================
This is a supported patch. If you have problems installing this patch or
require technical assistance with this patch, please contact Microsoft
Technical Support. For information on contacting Microsoft Technical
Support, please see
http://support.microsoft.com/support/contact/default.asp.

Revisions
=========
 - January 21, 1999: Bulletin Created


For additional security-related information about Microsoft products, please
visit http://www.microsoft.com/security


--------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS"
WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER
EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS
SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN
IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR
LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE
FOREGOING LIMITATION MAY NOT APPLY.

(c) 1999 Microsoft Corporation. All rights reserved. Terms of Use.

   *******************************************************************
You have received  this e-mail bulletin as a result  of your registration
to  the   Microsoft  Product  Security  Notification   Service.  You  may
unsubscribe from this e-mail notification  service at any time by sending
an  e-mail  to  MICROSOFT_SECURITY-SIGNOFF-REQUEST () ANNOUNCE MICROSOFT COM
The subject line and message body are not used in processing the request,
and can be anything you like.

For  more  information on  the  Microsoft  Security Notification  Service
please    visit    http://www.microsoft.com/security/bulletin.htm.    For
security-related information  about Microsoft products, please  visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.