The Word 2000 SR-1 Mail Command Security Update helps eliminate a security vulnerability that could allow the propagation of e-mail viruses on computers configured to use Word as the e-mail editor. This vulnerability can occur whether or not the Outlook E-mail Security Update is installed.

When Word is used as an e-mail editor for Microsoft Outlook, the Word 2000 Visual Basic® for Applications command EmailSend can be used to send e-mail messages. This update blocks the use of EmailSend and helps protect users when used in conjunction with the Outlook Security E-mail Update. This update does not affect e-mail sent manually from within Word 2000.

 Note    To use the Word 2000 SR-1 Mail Command Security Update, you must have installed Office 2000 SR-1 or Office 2000 Service Release 1a (SR-1a). To be prompted by Outlook 2000 when e-mail is sent by using the EmailSend command, you must install the Outlook 2000 SR-1 E-mail Security Update.

Toolbox    The administrative update file for the Word 2000 SR-1 Mail Command Security Update is available from the Office Resource Kit Web site. You can find this downloadable file on the Office 2000 Resource Kit Downloads page.

Applying the Word 2000 SR-1 Mail Command Security Update to an administrative installation point

The administrative update file for the Word 2000 SR-1 Mail Command Security Update is a Windows Installer patch (MSP) file that you apply to your administrative share by using a command line with specific parameters.

To add the Word 2000 SR-1 Mail Command Security Update to an administrative installation point

1. Download Wd2ksec_a.exe and double-click the file name to extract the administrative update file (Oqfe7230_Admin.msp).
2. Connect to the server share for the administrative installation point.

   You must have write access to the administrative installation point on the server and the appropriate privileges to carry out the task.

3. On the Start menu, click Run and then type the command line for Windows Installer with the appropriate options for the Word 2000 SR-1 Mail Command Security Update. Use the following syntax:

   [start] msiexec /p [path\name of update MSP file] /a [path\name of MSI file] SHORTFILENAMES=TRUE /qb /L* [path\name of log file]

The following table describes the command-line options.

Updating client computers from an administrative installation point

After you update your administrative installation point, you must perform a recache and repair on existing client computers that use the administrative image. Any new client installations from the administrative installation point will automatically include the updated version of Word 2000.

To update an existing client installation from an administrative installation point, run the following command line on the client computer:

start msiexec /i [path to updated .msi file on the administrative image] REINSTALL=[list of features] REINSTALLMODE=vomus

You can run this command line by creating a log-on script, distributing it as a batch file, deploying it via Systems Management Server, or using other means according to your practice. The options for this command line are as follows.

For the Word 2000 SR-1 Mail Command Security Update, the variable [list of features] should be replaced with the following value:

WORDFiles

If you are uncertain about the feature list for your situation, you can substitute the option REINSTALL=ALL to reinstall all components on the client computer.

 Note    If you originally installed Word 2000 on a client computer from an administrative installation point, you must follow the recache and repair procedure described above to update that client. If you update the client directly by using the end-user patch from the Office Update Web site, the client and administrative images will become out-of-sync, which may cause future updates to fail.

Applying the Word 2000 SR-1 Mail Command Security Update under Windows 2000

If your administrative installation point and all of your client computers are running Windows 2000, you can use IntelliMirror to manage the installation of the security update.

 Note    Be sure to test all software updates in a controlled setting before modifying your administrative installation point or deploying the new version throughout your organization.

To deploy a QFE fix or update under Windows 2000

1. Apply the update or patch (MSP file) to the original Office administrative installation point.
2. Open the Software Installation snap-in within the Group Policy Object (GPO) that you are using to manage the existing Office installation.
3. In the details pane, right-click the Office package, point to All Tasks, and click Redeploy application.
4. The next time the Group Policy is applied to the designated users or computers, the updated files are copied to their computers.

 Note    You can redeploy a package only if it is being managed by Group Policy – that is, only if you originally installed it by using IntelliMirror software installation and maintenance or if you brought it into a managed state under Windows 2000.

Related links

Additional information about the Word 2000 SR-1 Mail Command Security Update can be found in the Microsoft Knowledge Base article (265031) WD2000: Word 2000 SR-1 Mail Command Security Update Is Available.