On Tuesday, August 11th, 2009, Microsoft released three security updates for Office Web Components addressing four security vulnerabilities. The security updates apply to Microsoft Office 2000, XP, and 2003 Web Components, as described in security bulletin MS09-043. These updates address the issue discussed in security advisory 973472. For complete details, see “Microsoft Security Updates for August 2009” for home users and “Microsoft Security Bulletin Summary for August 2009” for IT professionals.
As previously discussed in the post Office Web Components Lifecycle, there are three versions of Office Web Components, and each version was also released as part of the next version of Office. So Office 2000 Web Components released both as part of Office 2000 and part of Office XP. The following table maps the different versions of Office Web Components to the updates needed for those versions:
Office XP, web download
Office 2003, web download (versions 1-3)
Web download (version 4), Project Server 2007*, SQL Server 2008**
*Project Server 2007 includes the installation package for the Office 2003 Web Components so that clients who connect to the server can automatically install the Office Web Components. Project Server installations are not vulnerable to the security vulnerability and do not need to install any updates.
**SQL Server 2008 includes the installation package for the Office 2003 Web Components for use in SQL Server client-side functionality. Most server installations will not contain Office Web Components and will not need to be updated.
Note: Office 2000 is no longer in support.