This article describes the Money Password Security Update for Microsoft Money 2000 and Microsoft Money 2001.

Microsoft Money provides a password protection feature that prevents unauthorized access to a Money file. However, because of the method that Money currently uses to store the password in the Money data file, the password may be written in plain text under certain conditions.

This vulnerability only affects Money data that is stored on the local computer. It does not affect the security for the Online Services feature of Money.

In addition, to exploit the vulnerability, a malicious user would need to gain physical access to an affected Money data file. As a result, this vulnerability cannot be exploited remotely.

NOTE: Password protection in Money is not intended to be a substitute for file-level access control, and even in the absence of this vulnerability, you must protect your sensitive files. Microsoft recommends that you follow best practices when you secure your computer, including ensuring that any computer that contains important data is physically secure, and that important data files are not shared with untrusted or unknown users.

Microsoft has released the Money Password Security Update to fix this vulnerability. Microsoft recommends users change their password after applying this fix as a best practice.

The Money Password Security Update is available for automatic download using the Update Internet Information feature of Money. To receive the latest updates for Money, update your Money Internet information:

1.	On the Tools menu, click Update Internet Information.
2.	In Money 2000, follow the instructions on the screen to install the Money Password Security update. In Money 2001, the update is silent and automatically takes effect the next time that you start Money.

For related information about this problem, please visit the following Microsoft Web site: To determine if the Money Password Security Update is installed on your computer:

1.	Click Start, point to Find, and then click Files or Folders.
2.	In the Named box, type mscofd.dll mcorehlp.dll.
3.	In the Look in box, click My Computer.
4.	Make sure that the Include subfolders check box is selected, and then click Find Now.
5.	In the list of found files, right-click each file, and then click Properties.
6.	On the General tab, note the date on the Modified line. On the Version tab, note the file version. If the date on the Modified line matches one of the following dates, then the Money Password Security Update is not installed. • Wednesday, August 04, 1999 • Wednesday, July 19, 2000 If the date on the Modified line on the General tab and the file version on the Version tab both match the entries that are listed in the following table, then the Money Password Security Update is installed properly. Product version File name File version File date Money 2000 Mscofd.dll 8.0.0.801 or later Wednesday, August 16, 2000 or later Money 2000 Mcorehlp.dll 8.0.0.816 or later Wednesday, August 16, 2000 or later Money 2001 Mscofd.dll 9.0.0.816 or later Date of download Money 2001 Mcorehlp.dll 8.0.0.816 or later Date of download
7.	Click OK.
8.	Close the Find: Files Named Mscofd.dll Mcorehlp.dll window.