X-Priority: 2 (High)
Date: Fri, 24 Jul 1998 15:26:59 -0400
To: csr@smash.gatech.edu, snag@gt.ed.net,
        information-technology@oit.gatech.edu
From: Ray Spalding <ray.spalding@oit.gatech.edu>
Subject: GT/IRSC ALERT: Microsoft Office Security Vulnerability

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
INFORMATION TECHNOLOGY SECURITY ALERT
Georgia Institute of Technology
Information Resources Security Coordinator
Alert number 98-05 (1998-07-24)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AFFECTED:
  Microsoft Office 98 on Macintosh (all versions Mac OS)
  Microsoft Office 97 on Windows 95 (pre SP1)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ACTION REQUIRED: YES
  Install patches from Microsoft:

Macintoshes running Microsoft Office 98 applications:
<http://www.microsoft.com/macoffice/productinfo/98dl/offi98patch.htm>

PCs with Microsoft Windows 95 (without Service Pack 1):
<http://support.microsoft.com/support/Kb/articles/q139/4/32.asp>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DETAILS:
Documents generated using Microsoft Office applications
(Word, Excel, PowerPoint, etc.) may contain hidden data
from previous files. Private information may be revealed
to a recipient of the electronic version of a document
without the knowledge of the sender. This vulnerability
may pose security and privacy concerns.

For further information, see:
<http://www.ciac.org/ciac/bulletins/i-075.shtml>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Reminder:
  The Georgia Tech Information Resources Security home page is at
  <http://www.itis.gatech.edu/security/>