OFF: Frequently Asked Questions About the ODBC Driver Security Vulnerability Update

ID: Q240770

The information in this article applies to:
  • Microsoft Office 2000
  • Microsoft Office 97 for Windows

SUMMARY

This article addresses some of the most frequently asked questions about the Open Database Connectivity (ODBC) Driver Security Vulnerability Update.

For additional information about this update, click the article numbers below to view the articles in the Microsoft Knowledge Base:

Q240159 OFF2000: Office 2000 ODBC Driver Vulnerability Security Update
Q238445 OFF97: Office 97 ODBC Driver Vulnerability Security Update


MORE INFORMATION

How Do I Apply This Update to My Computer?

For additional information about how to apply this update to your computer, click the article number below to view the article in the Microsoft Knowledge Base:
Q240159 OFF2000: Office 2000 ODBC Driver Vulnerability Security Update

Can I Update My Administrative Installation Point for Office to Include This Update When I Perform Client Installations?

For additional information about updating your administrative installation of Office 2000 with the ODBC Driver Vulnerability Security Update, click the article number below to view the article in the Microsoft Knowledge Base:
Q243400 OFF2000: How to Update an Administrative Installation with the ODBC Vulnerability Patch
For additional information about updating your administrative installation of Office 97 with the ODBC Driver Vulnerability Security Update, click the article number below to view the article in the Microsoft Knowledge Base:
Q243689 OFF97: How to Update an Administrative Installation with the ODBC Vulnerability Patch

Which Files and Registry Entries Are Modified by the Update?

Files

The following Knowledge Base articles contain a list of the files the ODBC Security Update replaces:
Q239114 ACC2000: Updated Version of Microsoft Jet 4.0 Available on MSL

Q172733 Updated Version of Microsoft Jet 3.5 Available on MSL
NOTE: The files listed in these articles are installed only if an earlier version of the file is present on your computer.

Registry Entries

The update sets the SandboxMode registry entries in the following subkeys to a value of 2:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Jet\4.0\Engines

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Jet\3.5\Engines
The update sets the DisabledExtensions registry entries in the following subkeys to a value of
!txt,csv,tab,asc,htm,html :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Jet\4.0\Engines\Text

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Jet\3.5\Engines\Text
For additional information about the registry entries listed above, please click the article numbers below to view the articles in the Microsoft Knowledge Base:
Q239471 Jet 4.0 Text IISAM Allows User to Append Lines to System Files

Q239105 Jet 3.5 Text ISAM Allows User to Append Lines to System Files

Q239482 ACC2000: Jet 4.0 Expression Can Execute Unsafe Visual Basic for Applications Functions

Q239104 Jet Expression Can Execute Unsafe Visual Basic for Applications Functions

How Do I Know If the Update Has Been Installed Correctly?


   If you have this file...  The version number should be...
   ---------------------------------------------------------
 
   MSJET35.DLL               3.51.3203.0 
   MSJET40.DLL               4.00.2927.4

I Have Just Used Office Setup to Add More Features to My Office Installation. Do I Need to Reapply This Update?

Yes. In fact, any time that you install a program that installs components of the Microsoft Jet database engine, you may need to reapply this update.

I Am Running Office 97. Do I Need to Install Service Release 2 (SR-2) Before I Install This Update?

SR-2 is not required in order to install this update. However, Microsoft strongly recommends that you upgrade to SR-2 before you install this update. If you do not install SR-2 before installing this update, some Jet 3.5 components may not be updated properly. This may result in damage to your database products or may result in data corruption.

How Can I Roll Out the Update to My Users in Quiet Mode?

Use the following syntax on the command line that you use to install the update
path\JetCopkg.exe /q
where path is the path to the JetCopkg.exe file.

What Command-Line Switches Can I Use When I Install the Update?

The following table lists the command-line switches that you can use with this update.

NOTE: The following switches apply to the JetCoUpd.exe file, which is contained within the JetCopkg.exe file. For example, if you want to deploy this update in quiet mode while setting the Jet's Sandbox Mode to a value of 3, then your command line would be the following
path\JetCopkg.exe /q /c:"jetcoupd.exe /q /m:3"
where path is the path to the Jetcopkg.exe file. 

   Switch   Description
   -----------------------------------------------------------------------

   /q       Quiet Mode
 
   /s       Silent Mode (same as Quiet Mode)
  
   /d       Disables the "Confirm Open After Download" flag for the  
            following Office file types:

               MS_ClipArt_Gallery.2
               Excel.Chart.5
               Excel.Chart.8
               Excel.Sheet.5
               Excel.Sheet.8
               iqyfile
               rqyfile
               Outlook.Template
               msgfile
               vcsfile
               vcffile
               icsfile
               PowerPoint.Slide.8
               PowerPoint.Show.8
               PowerPoint.SlideShow.8
               PowerPoint.Template.8
               Word.Template.8
               Word.Wizard.8
               Word.Backup.8
               Word.Document.8
               Word.RTF.8
               

   /m:<n>   Sets the Jet Sandbox Mode. <n> can be set to 0, 1, 2, or 3.

I Have Developed Custom Applications That Use Microsoft Access Run Time (ART). How Does This Update Affect My ART Applications?

For ART solutions that are already installed onto your client's computer, you need to apply the patch at your client's computer.

To update the installation routine for your ART solution, use the appropriate method for your version of Access:
  • Access 97: Install the patch onto your development computer and then repackage your solution using the Setup wizard.

  • Access 2000: Using the Package and Deployment Wizard, add the Jet40sp3.exe file to your package and set the options to run that file at the end of the regular install.


REFERENCES

For additional information about this problem, please click the article numbers below to view the articles in the Microsoft Knowledge Base:

Q239482 ACC2000: Jet 4.0 Expression Can Execute Unsafe Visual Basic for Applications Functions

Q239104 Jet Expression Can Execute Unsafe Visual Basic for Applications Functions

Q239105 Jet 3.5 Text IISAM Allows Users to Append Lines to System Files

Q239471 Jet 4.0 Text IISAM Allows Users to Append Lines to System Files

Additional query words: OFF2000

Keywords : kbdta
Version : WINDOWS:2000,97
Platform : WINDOWS
Issue type : kbhowto


Last Reviewed: December 3, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.