OFF2000: Administrative Update Available for HTML Script Vulnerability

To help you deploy the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update within your organization, Microsoft is providing an update for Office 2000 administrative installations. This update is contained in a self-extracting file available in the Microsoft Office Resource Kit Toolbox.

The "More Information" section of this article describes how to download and install this update on your administrative installation.

Before you apply the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update to your administrative installation, you must first apply the SR-1/SR-1a update to your administrative installation. Depending on whether you already installed SR-1/SR-1a on your network clients, please follow the steps in the appropriate section below.

For additional information about the difference between the Office 2000 SR-1 Update and the Office 2000 SR-1a Update, click the article number below to view the article in the Microsoft Knowledge Base:

If Your Administrative Installation and Network Clients Are Already SR-1a

Update an Administrative Installation with the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update

1. Browse to following Microsoft Web site:
   http://www.microsoft.com/office/ork/2000/appndx/toolbox.htm#xlpptaddin
2. Click the download for Addin_a.exe.
3. In the File Download dialog box, click Save this program to disk, and then click OK.
4. Save the file to your desktop.
5. In Windows Explorer, double-click the Addin_a.exe file.
6. Type C:\Addinafiles in the Please type the location where you want to place the extracted files box, and then click OK. Click Yes when you are prompted to create the folder.
7. Click Start, and then click Run. Type the following command in the Open box
   msiexec /a Admin Path\Data1.msi /p c:\Addinafiles\oqfe7779_admin.msp SHORTFILENAMES=1
   where Admin Path is the path to your administrative installation point.
8. Click Next in the Microsoft Office 2000 Administrative Mode dialog box.
   
   NOTE: You do not have to type your CD Key or company name in the Microsoft Office 2000 Administrative Mode dialog box.
9. Click I accept the terms in the License Agreement, and then click Next.
10. Click Install Now and then click OK when the installation is completed.
11. After the installation is completed, click Start, and then click Run. Type the following command in the Open box
    msiexec /a Admin Path\Data1.msi /p c:\Addinafiles\oqfe7752.msp SHORTFILENAMES=1
    where Admin Path is the path to your administrative installation point.
12. Click Next in the Microsoft Office 2000 Administrative Mode dialog box.NOTE: You do not have to type your CD Key or company name in the Microsoft Office 2000 Administrative Mode dialog box.
    
    
13. Click I accept the terms in the License Agreement, and then click Next.
14. Click Install Now and then click OK when the installation is completed.

Update Network Clients with the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update

You must follow these steps at each network client:

1. Click Start, and then click Run. Type the following command in the Open box
   msiexec /i Admin Path\Data1.msi REINSTALL=EXCELFiles,PPTFiles REINSTALLMODE=vomus
   where Admin Path is the path to your administrative installation point.
2. Click OK when the update is finished.
3. Click Yes if you are prompted to restart your computer.

Your network client is now configured with the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update.

If Your Network Clients Do Not Have SR-1/SR-1a Installed

Update the Administrative Installation to SR-1/SR-1a First

If you already updated your administrative installation with the SR-1/SR-1a Administrative update, skip this section, and continue with the steps in the "Update an Administrative Installation with the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update" section.

To update your administrative installation with the SR-1/SR-1a update, click the article number below to view the article in the Microsoft Knowledge Base: NOTE: After you update your administrative installation with the SR-1/SR-1a update, you do not yet need to update your network clients to SR-1/SR-1a. When you run the command line in the "Update Network Clients with the SR-1/SR-1a and Excel/PowerPoint Updates" section later in this article, your client is updated with both the SR-1/SR-1a and Excel 2000 and PowerPoint 2000 HTML Script Vulnerability updates.

After you perform the steps in article Q257983 to update your administrative installation with the SR-1/SR-1a update, continue with the steps below.

Update an Administrative Installation with the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update

1. Browse to following Microsoft Web site:
   http://www.microsoft.com/office/ork/2000/appndx/toolbox.htm#xlpptaddin
2. Click the download for Addin_a.exe.
3. In the File Download dialog box, click Save this program to disk, and then click OK.
4. Save the file to your desktop.
5. In Windows Explorer, double-click the Addin_a.exe file.
6. Type C:\Addinafiles in the Please type the location where you want to place the extracted files box, and then click OK. Click Yes when you are prompted to create the folder.
7. Click Start, and then click Run. Type the following command in the Open box
   msiexec /a Admin Path\Data1.msi /p c:\Addinafiles\oqfe7779_admin.msp SHORTFILENAMES=1
   where Admin Path is the path to your administrative installation point.
8. Click Next in the Microsoft Office 2000 Administrative Mode dialog box.
   
   NOTE: You do not have to type your CD Key or company name in the Microsoft Office 2000 Administrative Mode dialog box.
9. Click I accept the terms in the License Agreement, and then click Next.
10. Click Install Now and then click OK when the installation is completed.
11. Click Start, and then click Run. Type the following command in the Open box
    msiexec /a Admin Path\Data1.msi /p c:\Addinafiles\oqfe7752.msp SHORTFILENAMES=1
    where Admin Path is the path to your administrative installation point.
12. Click Next in the Microsoft Office 2000 Administrative Mode dialog box.
    
    NOTE: You do not have to type your CD Key or company name in the Microsoft Office 2000 Administrative Mode dialog box.
13. Click I accept the terms in the License Agreement, and then click Next.
14. Click Install Now and then click OK when the installation is completed.

Update Network Clients with the SR-1/SR-1a and Excel/PowerPoint Updates

You must follow these steps at each network client:

1. Click Start, and then click Run. Type a command line similar to the following in the Open box
   Admin Path\Setup /qb
   where Admin Path is the path to your administrative installation point.
2. Click Yes if you are prompted to restart your computer.
3. Click Yes if you are prompted again to restart your computer.

Your network client is now configured with the SR-1/SR-1a update and the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update.

NOTE: If you already updated your administrative installation with both SR-1/SR-1a and the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update, you can run Setup from the administrative installation on a network client that does not currently have Office installed. When Setup is finished, the network client is configured with SR-1/SR-1a and the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update. You do not have to perform any repair or reinstall procedures on this network client.

Confirming the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update Is Successfully Installed

For additional information about confirming that the Excel 2000 and PowerPoint 2000 HTML Script Vulnerability Update is installed on your network clients, click the article numbers below to view the articles in the Microsoft Knowledge Base: