On Tuesday, October 13th, 2009, Microsoft released 11 security updates for Office addressing 11 security vulnerabilities in two security bulletins. The security updates apply to:
For complete details, see “Microsoft Security Updates for October 2009” for home users and “Microsoft Security Bulletin Summary for October 2009” for IT professionals. Microsoft also released two updates to the Outlook 2003 and 2007 Junk Email Filter.
As described in security bulletin MS09-060, Microsoft recommends all users of Visio Viewer 2002 and Visio Viewer 2003 upgrade to the latest version of Visio Viewer 2007 to address this security vulnerability. Users who are unable to upgrade should apply the update from MS09-034. This Internet Explorer update mitigates the attack vector for affected Visio Viewer platforms. Users may also install the cumulative security update for Internet Explorer (MS09-0xx), which provides kill bits for these controls. After you install MS09-060, you will need to upgrade to Visio Viewer 2007 and install the update described in this article to continue using Visio Viewer.
The Security Updates for Microsoft Office XP, 2003 and 2007 described in MS09-060 do not fix a security vulnerability. Instead, they resolve a problem that occurs after you install the Security Updates for Microsoft Office Outlook 2002, 2003 or 2007 described in this bulletin. The Security Updates for Outlook modify the CLSID of the Outlook View Control. This causes certain solutions based on Forms 2.0 that use the Outlook View Control to stop working, such as Business Contact Manager. The Security Updates for Microsoft Office XP, 2003 and 2007 update Forms 2.0 to work properly after the Security Updates to Outlook are installed.
Note: PowerPoint Viewer 2003 has left support as of today. To continue receiving updates, please install PowerPoint Viewer 2007.