Only a few of the many security patches are for Microsoft Office.
In June 2010 there are many patches for security lapses in Microsoft products, but only a few for Office software directly.
They are all variations on the familiar problems of a hacked document which, when opened, can run a new program on your computer. This opens the door to any virus, bot or spyware a hacker wants to put on your computer. In some cases these threats are theoretical and have not been used publicly.
As usual, these updates are delivered automatically via Windows/Microsoft Update or you can download individually from the Microsoft pages mentioned below.
Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution
This security breach has an interesting little gotcha.
Office XP is vulnerable to this problem but isn’t patched by Microsoft. According to the company, “The architecture to properly support the fixes to correct validation does not exist on Microsoft Office XP, making it infeasible to build the fixes for Microsoft Office XP products to eliminate the vulnerability.” which a cynic might take to mean that it’s too expensive to patch Office XP. Instead there’s a ‘Fix It’ solution that is said to provide similar protections.
Office 2003 and Office 2007 need patching from the list here.
Office 2010, Office 2004 for Mac, Office 2008 for Mac and the Office Compatibility Packs are unaffected.
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution
This Excel problem affects Office XP, Office 2003 and Office 2007 as well as Office 2004 and 2008 for Mac. There are also patches for the Excel viewer software and the Office Compatibility Pack.
Office 2010 is unaffected.
All the patch links are here.
Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege
This is mostly a SharePoint problem for network administrators but there are also patches for InfoPath 2003 and InfoPath 2007.
This full list of June 2010 patches for Windows, Office and other Microsoft programs is here.