Microsoft has released a patch that eliminates a security vulnerability in a component that ships with Microsoft® Office 2000, Windows 2000, and Windows Me. The vulnerability could, under certain circumstances, allow a malicious user to obtain cryptographically protected logon credentials from another user when requesting an Office document from a web server.
Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq01-001.asp
Affected Software Versions
Microsoft Office 2000
Microsoft Windows 2000
Microsoft Windows Me
Patch Availability
Microsoft Office 2000 (All Platforms):
http://officeupdate.microsoft.com/2000/downloaddetails/wecsec.htm
Microsoft Windows 2000 (Without Office 2000):
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26889
Microsoft Windows Me (Without Office 2000):
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26705
Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq01-001.asp
Affected Software Versions
Microsoft Office 2000
Microsoft Windows 2000
Microsoft Windows Me
Patch Availability
Microsoft Office 2000 (All Platforms):
http://officeupdate.microsoft.com/2000/downloaddetails/wecsec.htm
Microsoft Windows 2000 (Without Office 2000):
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26889
Microsoft Windows Me (Without Office 2000):
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26705
