On Tuesday, May 13th, 2008, Office released 10 security updates across 2 bulletins. The security updates apply to Microsoft Office Word 2000, 2002, 2003, 2007, Word Viewer, the 2007 Microsoft Office System and the Microsoft Office Compatibility Pack, and Publisher 2000, 2002, 2003, and 2007. For complete details, see “Microsoft Security Updates for May 2008” for home users and “Microsoft Security Bulletin Summary for May 2008” for advanced users.
In addition to addressing several new vulnerabilities, the Word update also adds additional security mitigations against public attacks using Microsoft Word to exploit vulnerabilities in Microsoft Jet Database Engine first described in Microsoft Security Advisory 950627. We have added logic enhancements to the way Word processes documents containing database connections. After applying this update, Word will prompt a user for confirmation before running SQL commands or queries when opening Word documents. In addition to installing this update, we highly recommend that customers install the update provided in Microsoft Security Bulletin MS08-028: Vulnerabilities in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749) for the most up-to-date protection against these types of attacks.