The usual collection of patches and unanswered questions in this months security updates from Microsoft.
Another month and there’s more security updates for Office users. In addition there are updates for Vista that are pre-requisites before Service Pack 1 arrives next month.
The Office related updates are:
Vulnerability in Microsoft Office Could Allow Remote Code Execution according to Microsoft there are known issues when installing this update but the link they give (to KB article 947108) has nothing but links to other pages and there’s no mention of any problems (sorry ‘issues’).
Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution applies to a range of Office, Works and Works Suite versions
Vulnerability in Microsoft Word Could Allow Remote Code Execution at first glance this update seems to apply only to Office but closer examination of the mystic runes cast by Microsoft shows that stand-alone Word and Works Suite is also affected. However Works Suite 2005 (which should be affected) has been ignored totally.
Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution applies to Publisher only
Vulnerability in OLE Automation Could Allow Remote Code Execution applies to Office 2004 for Mac
The above links take you to the security bulletin which has links to the appropriate download for your version of Office. The security problems are rated by Microsoft as either critical or important.
There are other updates for Windows, Internet Explorer, Visual Basic and some Windows Server components – the full list is here.
To patch or not?
As usual, Microsoft lets customers down with incomplete documentation. The ‘Remote Code Execution’ patch has ‘known issues’ but they are not detailed to the public. So Office users are torn between applying a critical update immediately (as recommended by Microsoft) and prudent caution because of unstated bugs in the patch itself which Microsoft won’t detail.
The curious omission of Works Suite 2005 from the list of software shows that more care needs to be given to checking the documentation before publication. It’s possible that the separate Works Suite 2005 patch relates to Word 2002 patch (Remote Code Execution) but the Microsoft web pages indicate otherwise (talking instead about an update to the Works Suite 2005 file converter).
These errors occur far too often and while they are editorial fodder for Office Watch, it’s something we’d prefer to live without.
As is now our custom, we’ve arranged the updates according to the version of Office (rather than the update) with download links. If you have Microsoft Update installed on your computer these updates will be ‘pushed’ out to you soon but we know many Office Watch readers don’t trust the automated update so here are the individual links.
Office 2003
Service Pack 2 for Office 2003 is required
- http://www.microsoft.com/downloads/details.aspx?FamilyId=85CB1AA5-211F-4652-827B-2E79B8FFC2FC
- http://www.microsoft.com/downloads/details.aspx?FamilyId=F4AC0F34-4604-4BBE-9669-01DB645041CA
- http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286 this is for Service Pack 2 users only. If you have Office 2003 with Service Pack 3 use this link: http://www.microsoft.com/downloads/details.aspx?FamilyID=30C9C3FE-FB85-43D9-BBC3-0B30D3A20286
Publisher 2003 with SP2
If you have Publisher 2003 with Service Pack 3 (released late last year) then no patch is required.
Office XP
Service Pack 3 for Office XP is required
- http://www.microsoft.com/downloads/details.aspx?FamilyId=78C338AA-E410-4422-9E36-562F70D742E9
- http://www.microsoft.com/downloads/details.aspx?FamilyId=3E147B1A-F3BE-465F-8587-7F3A33D6A6E5
Publisher 2002
Service Pack 3 for Office XP is required
Office 2000
Service Pack 3 for Office 2000 is required
- http://www.microsoft.com/downloads/details.aspx?FamilyId=A513069B-8244-48E9-B136-01DDD3862802
- http://www.microsoft.com/downloads/details.aspx?FamilyId=5FB74E24-D9EE-4951-9C46-E1C84617F097
Publisher 2000
Service Pack 3 for Office 2000 is required
Word 2003
Word 2002
Microsoft Works Suite 2002, 2003 & 2004 packages as well as Word 2002 alone
There’s a question mark over Works Suite 2005 which includes Word 2002 but is not included in the list of supported packages for this update (nor is it on the Non-affected software list).
Word 2000
Microsoft Works Suite 2000 & 2001 packages as well as Word 2000 alone.
Word Viewer 2003
If you have the free viewer-only software for Word documents without Service Pack 3 then this update is required for security.
Office 2004 for Mac
Only one update this month and it’s part of updates for Windows not Office programs.
Office 2008 for Mac has no patches this month.
Works 8.0
Works Suite 2005
though there’s a question mark about the Word 2002 update mentioned above. It’s not clear if this patch is a related to the Word 2002 patch or a separate issue.
