Skip to content

Office security patches for September 2008

Only two Office-related security updates in September 2008 – both are very wide-ranging affecting Office XP, 2003 and 2007.

Only two Office-related security updates in September 2008 – both are very wide-ranging affecting Office XP, 2003 and 2007.

Both are yet more variants on security problems we’ve seen in the past. There seems an almost infinite number of ways to hack documents, links or images to gain access to the computer of the unwary or unprotected. The September 08 security patches cover problems in hacked links or images.

The ‘links’ security hole is interesting because the hacked link is related to Microsoft OneNote ie links starting with onenote://

Our list shows the updates according to product to be patched with a link to the Microsoft download page and the Knowledge Base article (though the KB article is often singularly lacking in additional info).

You may have Microsoft/Windows Update setup to apply these patches automatically, if not you can download and apply these patches separately.


Office XP

Office XP Service Pack 3 (KB953405)

Office XP Service Pack 3 (KB953405)


Office 2003

Office 2003 Service Pack 2 (KB953404)

Office 2003 Service Pack 2 (KB954478)

Office 2003 Service Pack 3 (KB953404)

Office 2003 Service Pack 3 (KB954478)


Office 2007

Office 2007 (KB951944)

Office 2007  (KB954326)

Office 2007 Service Pack 1 (KB951944)

Office 2007 Service Pack 1 (KB954326)


OneNote 2007

These individual product patches should only be needed on computers which only have OneNote 2007 installed. Most machines will have other parts of Office 2007 installed (Word, Excel etc) and the patches above are the ones to use.

OneNote 2007 (KB950130)

OneNote 2007 Service Pack 1 (KB950130)


Office 2003 viewers

These are the free viewers for Word 2003, Excel 2003 etc.

Microsoft Office Word Viewer, Microsoft Word Viewer 2003, Microsoft Word Viewer 2003 Service Pack 3, Microsoft Office Excel Viewer 2003, Microsoft Office Excel Viewer 2003 Service Pack 3, Microsoft Visio 2003 Viewer (KB954478)


Office 2007 viewers

These are the free viewers for Word 2007, Excel 2007 etc.

Microsoft Office Excel Viewer, Microsoft Office PowerPoint Viewer 2007, Microsoft Office PowerPoint Viewer 2007 Service Pack 1, Microsoft Visio 2007 Viewer, Microsoft Visio 2007 Viewer Service Pack 1 (KB954326)

There are also patches for Project 2002 SP2 and Visio 2002 SP2, MS Works 8 and Digital Image Suite 2006.


The September 2008 security problems

The OneNote link problem goes under the bland title: Vulnerability in Microsoft Office Could Allow Remote Code Execution

The title Vulnerabilities in GDI+ Could Allow Remote Code Execution is a single name for a range of security problems possible with VML, EMF, WMF, BMP and GIF images. Because the images can be included in Office documents or as stand-alone file, the updates for this problem cover many Microsoft products including Windows server and desktop products, .NET Framework v1 and 2, SQL Server 2005, Visual Studio, Visual FoxPro. Even the Microsoft Forefront security software needs to be patched! All the products and links are given in the long list on the MS web page.

About this author