Patch Available for "Office 2000 UA Control" Vulnerability
by Alan Linker

Microsoft has released a patch that eliminates a security vulnerability in Microsoft Office 2000 and also eliminates the same security problem in the Microsoft Works 2000 Suite.

The control could allow a web site operator to take action on the computer of a user who visits his web site.

 The ActiveX control is incorrectly marked as "Safe for Scripting". This Control, is used by the "Show Me" function in Help, and allows the function to be scripted. This could allow an operator  to use the control to carry out functions on the computer of some one that visited his web site.

This control is only part of the MS Office and Works 2000 products. The patch removes all the unsafe functions, that result in the "Show Me" function to be disabled.

The patch is available at  http://officeupdate.microsoft.com/info/ocx.htm

 Once this patch is installed, use Help in the programs as you would normally. The Show Me buttons and pop-ups will not be available.

There is no uninstall for this patch.