On Tuesday, October 13th, 2009, Microsoft released security updates for Microsoft Office products to address 11 security vulnerabilities in two security bulletins. The security updates apply to the following Office products:
· Microsoft Office XP, Office 2003, and the 2007 Microsoft Office system. The security updates also apply to Microsoft Office Outlook 2002, Outlook 2003, and Outlook 2007; and Microsoft Office Visio Viewer 2007, as described in security bulletin MS09-060, "Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution."
For information about known issues that customers may experience when installing this security update and for information about recommended solutions for these issues, see Microsoft Knowledge Base Article 973965, “MS09-060: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office could allow remote code execution.”
· Microsoft Office XP, Office 2003, the 2007 Microsoft Office system, and Microsoft Visio 2002, as described in security bulletin MS09-062, “Vulnerabilities in GDI+ Could Allow Remote Code Execution.”
For information about known issues that customers may experience when installing this security update and for information about recommended solutions for these issues, see Knowledge Base Article 957488, “MS09-062: Vulnerabilities in GDI+ could allow remote code execution.”
For complete details, see the following summaries:
· Microsoft Security Updates for October 2009 for home users
· Microsoft Security Bulletin Summary for October 2009 for IT professionals.
As described in security bulletin MS09-060, Microsoft recommends that all users of Microsoft Visio Viewer 2002 and Visio Viewer 2003 upgrade to the latest version of Visio Viewer 2007 to address this security vulnerability. Users who are unable to upgrade should apply the update from MS09-034, “Cumulative Security Update for Internet Explorer (972260).” This Internet Explorer update mitigates the attack vector for affected Visio Viewer platforms. Users may also install the cumulative security update for Internet Explorer. After you install MS09-060, you will need to upgrade to Visio Viewer 2007 and install the update described in this article to continue using Visio Viewer.
· The Security Updates for Microsoft Office XP, Office 2003 and the 2007 Office system described in MS09-060 do not fix a security vulnerability. The updates resolve a problem that occurs after you install the security updates for Microsoft Office Outlook 2002, Outlook 2003, or Outlook 2007 that are described in security bulletin MS09-060. The security updates for Outlook modify the CLSID (class identifier) of the Outlook View Control. This causes certain solutions based on Forms 2.0 that use the Outlook View Control to stop working, such as Business Contact Manager. The Security Updates for Microsoft Office XP, Office 2003, and the 2007 Office system update Forms 2.0 to work properly after the security updates to Outlook are installed.
· PowerPoint Viewer 2003 has left support as of October 8th, 2009. To continue receiving updates, please install PowerPoint Viewer 2007.
Microsoft Outlook Junk Email Filter updates
Microsoft also released two updates to the Microsoft Outlook 2003 and Outlook 2007 Junk Email Filter. These updates provide a more current definition of which e-mail messages should be considered junk e-mail.
For the latest information about Office updates, see the Office Sustained Engineering blog.