OfficeUpdates on Twitter
Blog and Comment Policy
As we noted when we released Office 2003 Service Pack 3 via Microsoft Update (MU), we are committed to providing at least 30 days notice before making Office service packs available via Microsoft Update automatic distribution (for Vista and XP). Today, we are giving notice that SP1 for the 2007 Microsoft Office System will begin being available via MU Automatic Update starting around June 16th. We released SP1 for Office 2007 to customers approximately 5 months ago and since that time we have had 10’s of millions of downloads and a very good reaction from our customers.
Given our commitment to advance notice, we wanted to use this blog as one of many avenues to alert our customers to the fact that we will be distributing SP1 automatically via Automatic Update beginning June 16th. The availability will happen gradually and not everyone will see it at the same time. Think of the 16th as the earliest possible start of distribution and that no sooner than that date will SP1 start to become available to customers' systems via this channel. This is necessary to ensure that our service infrastructure can meet the enormous demand for the service pack.
This policy approach seems to have worked really well with SP3 for Office 2003 because it gave the market plenty of time to evaluate the SP and gave us time to address specific customer concerns. We’ve undertaken the same steps for SP1 for Office 2007 and so it’s great to be getting it out to those customers who depend on Automatic Update.
- The Office and MU teams
On Tuesday, May 13th, 2008, Office released 10 security updates across 2 bulletins. The security updates apply to Microsoft Office Word 2000, 2002, 2003, 2007, Word Viewer, the 2007 Microsoft Office System and the Microsoft Office Compatibility Pack, and Publisher 2000, 2002, 2003, and 2007. For complete details, see “Microsoft Security Updates for May 2008” for home users and “Microsoft Security Bulletin Summary for May 2008” for advanced users.
In addition to addressing several new vulnerabilities, the Word update also adds additional security mitigations against public attacks using Microsoft Word to exploit vulnerabilities in Microsoft Jet Database Engine first described in Microsoft Security Advisory 950627. We have added logic enhancements to the way Word processes documents containing database connections. After applying this update, Word will prompt a user for confirmation before running SQL commands or queries when opening Word documents. In addition to installing this update, we highly recommend that customers install the update provided in Microsoft Security Bulletin MS08-028: Vulnerabilities in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749) for the most up-to-date protection against these types of attacks.