Solve your busy phone line problem. FREE download.

Windows-Help.NET Newsletter28 Aug. 1999, Vol 2 No. 34

 Microsoft Issues Security Patches

by Arie Slob

Dear Windows-Help.NET Subscriber,

This week Microsoft released two security patches which are of importance to the general Windows 9.x & Office user.

First there was the long awaited fix for Office 97, which is now called the Office "ODBC Vulnerabilities". Not only Office 97 users are at risk, but also Office 2000 users, as well as other Microsoft software using the Microsoft Jet.

Microsoft Jet serves as the database engine for a number of Microsoft products, including but not limited to:

  • Microsoft Office
  • Microsoft Visual Studio
  • Microsoft Publisher
  • Microsoft Streets & Trips

A patch is available for Jet 3.5 and all subsequent versions. Older versions of Jet are no longer supported, and Microsoft recommends that affected customers upgrade to a supported version. The OfficeUpdate site automatically detects the version of Jet that is installed on a machine, and applies the correct patch. The patch is suitable for widespread deployment via Microsoft® Systems Management Server®. Users who wish to manually apply patches for specific versions of Jet should consult the FAQ for information on how to do this.

The second patch is for the "Virtual Machine Sandbox" Vulnerability. This vulnerability could allow a Java applet to take virtually any action on the computer of a web site visitor.

The Microsoft VM is a virtual machine for the Win32® operating environment. It runs atop Microsoft Windows® 95, 98 or Windows NT®. It ships as part of each operating system, and also as part of Microsoft Internet Explorer. The version of the Microsoft VM that ships with Microsoft Internet Explorer 4.0 and Internet Explorer 5.0 contains a security vulnerability that could allow a Java applet to operate outside the bounds set by the sandbox and take any desired action on the user's computer. If such an applet were hosted on a web site, it could act against the computer of any user who visited the site.

Affected Software Versions

  • Microsoft VM, all builds in the 2000 and 3000 series

Note: The affected versions are shipped primarily as part of Internet Explorer 4.0 and 5. The FAQ provides instructions for determining the specific build on your machine.

Patch Availability

More Information

Please see the following references for more information related to this issue.

Special Offer from the InfiniSource Software Store

Total Protection Bundle McAfee

Total Protection Bundle McAfee
Get All Three of These Great Products for ONLY $49.95 After $20 Mail-in Rebate: VirusScan Classic v4.0, Cyber Sentinel, & 2000 Toolbox


Two weeks ago I asked you about your hard disk size. Here are the results:

    The (combined) size of your hard disk(s):

  • <1GB   :   2%
  • 1-3GB  :   6%
  • 3-6GB  :  23%
  • 6-12GB:  41%
  • >12GB :  26%

  • 51% believe that the size of their hard drive won't be sufficient in 12 months time
  • 48% believe otherwise

This week's QuickPoll: What about your monitor? With dropping prices, did you buy that 17"? Participate in the QuickPoll... you'll find it on the Windows 98 Tips home page.

Windows Services for UNIX 2.0 Beta 1
The release of Microsoft Windows Services for UNIX 2.0 provides customers with new interoperability enhancements for integrating both Windows® NT 4.0 and Windows 2000 into their existing UNIX environments.

More Info & Download

Windows 98 Tip
Getting rid of those annoying Tool Tips
Even in Windows 98 there are now Tool Tips showing you the meaning of things like the Close, Maximize and Minimize buttons (among others).

That's nice if you are new to Windows, but it gets annoying after a while. Here is how to turn them off.

AOL Releases AIM 3.0
AOL released the AOL Instant Messenger 3.0 earlier this week, adding a personalized news ticker and "Buddy Icons."

Web site - Download

An amazing utility, designed to help you implement the MaxMTU Fix and other speed tweaks effortlessly and easily.

MP3 List

Enter E-mail address

Subscribers will receive occasional email announcements of special offers.
More lists.

Windows Millennium, first impressions of successor to Windows 98. (Beta Build 2348)

Recommend this Newsletter to a Friend!

Ask your Windows 95 / 98 / NT questions here!

  Microsoft Security

Apart from the above mentioned security patches, there was a further (updated) patch for the "Double Byte Code Page" Vulnerability

Microsoft has re-released a patch that eliminates a vulnerability in Microsoft® Internet Information Server that could allow a Web site visitor to view the source code for selected files on the server, if the server's default language is set to Chinese, Japanese or Korean.

Affected Software Versions

  • Microsoft Internet Information Server 3.0 and 4.0, if run on a server whose default language is set to Chinese, Korean, or Japanese

More information

  Web site updates

These pages were added/updated in the past week. Information on previously updated/added pages is available on the What's New? page for 1 month.
Updated: Microsoft Knowledge Base Articles dealing with Internet Connection Sharing
Added: Microsoft Security: Patch Available for "Virtual Machine Sandbox" Vulnerability
Updated: Microsoft Office 97 vulnerability
Updated: Microsoft Security: Patch Available for "Double Byte Code Page" Vulnerability
Added: Windows Millennium first impressions. (Beta Build 2348)

Advertising, Back Issues, unsubscribing etc.