Only two Office-related security updates in September 2008 – both are very wide-ranging affecting Office XP, 2003 and 2007.
Only two Office-related security updates in September 2008 – both are very wide-ranging affecting Office XP, 2003 and 2007.
Both are yet more variants on security problems we’ve seen in the past. There seems an almost infinite number of ways to hack documents, links or images to gain access to the computer of the unwary or unprotected. The September 08 security patches cover problems in hacked links or images.
The ‘links’ security hole is interesting because the hacked link is related to Microsoft OneNote ie links starting with onenote://
Our list shows the updates according to product to be patched with a link to the Microsoft download page and the Knowledge Base article (though the KB article is often singularly lacking in additional info).
You may have Microsoft/Windows Update setup to apply these patches automatically, if not you can download and apply these patches separately.
Office XP
Office XP Service Pack 3 (KB953405)
Office XP Service Pack 3 (KB953405)
Office 2003
Office 2003 Service Pack 2 (KB953404)
Office 2003 Service Pack 2 (KB954478)
Office 2003 Service Pack 3 (KB953404)
Office 2003 Service Pack 3 (KB954478)
Office 2007
Office 2007 (KB951944)
Office 2007 (KB954326)
Office 2007 Service Pack 1 (KB951944)
Office 2007 Service Pack 1 (KB954326)
OneNote 2007
These individual product patches should only be needed on computers which only have OneNote 2007 installed. Most machines will have other parts of Office 2007 installed (Word, Excel etc) and the patches above are the ones to use.
OneNote 2007 (KB950130)
OneNote 2007 Service Pack 1 (KB950130)
Office 2003 viewers
These are the free viewers for Word 2003, Excel 2003 etc.
Office 2007 viewers
These are the free viewers for Word 2007, Excel 2007 etc.
There are also patches for Project 2002 SP2 and Visio 2002 SP2, MS Works 8 and Digital Image Suite 2006.
The September 2008 security problems
The OneNote link problem goes under the bland title: Vulnerability in Microsoft Office Could Allow Remote Code Execution
The title Vulnerabilities in GDI+ Could Allow Remote Code Execution is a single name for a range of security problems possible with VML, EMF, WMF, BMP and GIF images. Because the images can be included in Office documents or as stand-alone file, the updates for this problem cover many Microsoft products including Windows server and desktop products, .NET Framework v1 and 2, SQL Server 2005, Visual Studio, Visual FoxPro. Even the Microsoft Forefront security software needs to be patched! All the products and links are given in the long list on the MS web page.