XL97: Patch Available for Excel 97 Virus Warning Vulnerabilities

ID: Q231304

The information in this article applies to:

SUMMARY

Microsoft has released a patch for Microsoft Excel 97 SR-2 that fixes a vulnerability to its Macro Virus Warning.
The "Excel Security Patch" is available at the following Microsoft Office Update Web site:

http://officeupdate.microsoft.com/downloadDetails/xl8p6pkg.htm
The "Excel Security Patch" is designed to update Microsoft Excel 97 Service Release 2 (SR-2).

This patch includes all of the updates that were released since the last service release of Office. For additional information about the history of Excel 97 patches, please see the following article in the Microsoft Knowledge Base:
Q232652 XL97: Overview and History of Excel Patches


MORE INFORMATION

Microsoft Excel 97 provides a feature that displays a warning message when you try to start an external file that possibly contains a macro virus and allows you to decide whether or not to run them. However, certain situations have been identified that could bypass the warning mechanism. These situations exploit infrequently used features and commands, unlikely to be encountered during normal use of Excel.

NOTE: This problem does not exist in Microsoft Excel 2000. These fixes are included in Excel 2000, so users of that product will not need to download this patch.

How Does the Patch Work?

After you install the Excel Security Patch, no prompts or alerts will appear, notifying you of the patch when you run Excel. Everything will appear and function normally. However, when you attempt to start macros in an external file macros, you will be prompted with the macro virus alert.

How Can I Determine Whether the Patch Has Been Successfully Installed?

When you run the Excel Security Patch, it creates a log file named Xl8p6.log in the same folder that contains Excel.exe. You can open this log file to determine whether you have successfully installed the patch. If the installation is successful, the status message in the log file is similar to the following:
Excel Security Patch Installer - Patch RUP 99050401
Microsoft Excel has been patched successfully.
In addition, you can determine that you have successfully installed the patch. To do this, follow these steps:
  1. Use Microsoft Windows Explorer to locate the Excel.exe file.

    The default location for this file is the following folder:

    C:\Program Files\Microsoft Office\Office

    NOTE: If you are running Microsoft Excel 97 from a network server, Excel.exe is located on the network server.


  2. Right-click Excel.exe. On the menu, click Properties. Click the Version tab.


  3. Note the File Version and compare it to the following table.

    The version that is displayed in the Properties dialog box indicates which version of Microsoft Excel 97 you are currently using. If the version number is 8.0h, you have successfully updated Microsoft Excel 97 SR-2 with the Excel Security Patch.

    You can also determine which version of Microsoft Excel you have installed. Click About Microsoft Excel on the Help menu in Microsoft Excel 97, or check the value that is returned by Application.Build or Application.Version in a Microsoft Visual Basic for Applications macro. 

    
   File                                              Application.Build/ 
   Version           About menu         version      Application.Version
   ---------------------------------------------------------------------

   Excel 97 SR-2     Excel 97 SR-2(h)   8.0h         6416 / 8.0h
   and Xl8p6.exe


Updating Excel.exe on Another Computer or Administrative Install

If you use setup switches, you can manually expand Xl8p6pkg.exe and force Xl8p6.exe to update a specific copy of Excel.exe. For example, you can update a copy of Excel.exe that is stored on a network server. To do this, follow these steps:
  1. Download Xl8p6pkg.exe and save it on the Windows Desktop.


  2. On the Windows Start menu, click Run. Type the following command line:
    c:\windows\desktop\xl8p6pkg.exe /t:c:\windows\desktop /c

    and click OK. Then, click Yes.

    The three files that are contained in Xl8p6pkg.exe, including Xl8p6.exe, appear on the Windows Desktop.


  3. On the Windows Start menu, click Run. Type the following command line:
    c:\windows\desktop\xl8p6.exe /p "<path to Excel.exe>"
    where <path to Excel.exe> is the complete path to Excel.exe. You must type the path to Excel.exe in quotation marks; for example, type the following:
    "D:\Office\Excel.exe"
    Then, click OK.

    NOTE: The path cannot exceed 256 characters in length. The patch is applied to the specified copy of Excel.exe.


Running the Excel Security Patch in Silent Mode

You can run the Excel Security Patch in silent mode by using the /s switch when you run Xl8p6.exe. Note that you must run Xl8p6.exe from the command prompt (on the Start menu, click Run) to use these switches.

For example, the following runs the patch in silent mode:
<path>\xl8p6pkg.exe /q /c:"xl8p6.exe /s"
where <path> is the location of xl8p6.exe.

Additional query words: XL97 alert detection 


Keywords          : kbpatch kbdta kbvirus 
Version           : WINDOWS:97
Platform          : WINDOWS 
Issue type        : kbhowto

Last Reviewed: May 25, 1999