Microsoft Security Bulletins for January

[Donna [MVP]]

As part of Microsoft's routine, monthly security update cycle, they've
released the following updates:

Critical

MS07-002 - Vulnerabilities in Microsoft Excel Could Allow Remote Code
Execution (927198)
http://www.microsoft.com/technet/security/Bulletin/MS07-002.mspx
MS07-003 - Vulnerabilities in Microsoft Outlook Could Allow Remote Code
Execution (925938)
http://www.microsoft.com/technet/security/Bulletin/MS07-003.mspx
MS07-004 - Vulnerability in Vector Markup Language Could Allow Remote Code
Execution (929969)
http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx
Important

MS07-001 - Vulnerability in Microsoft Office 2003 Brazilian Portuguese
Grammar Checker Could Allow Remote Code Execution (921585)
http://www.microsoft.com/technet/security/Bulletin/MS07-001.mspx

The Microsoft Security Bulletin Summary for January, 2007 is at
http://www.microsoft.com/technet/security/bulletin/ms07-jan.mspx

If you have any questions regarding the patch or its implementation after
reading the above listed bulletin you should contact Product Support
Services in the United States at 1-866-PCSafety. International customers
should contact their local subsidiary.

As always, download the updates only from the vendors website - visit
Windows Update and Office Update or Microsoft Update websites. You may also
get the updates thru Automatic Updates functionality in Windows system.

Webcast:
Microsoft will host a webcast tomorrow. The webcast focuses on addressing
your questions and concerns about the security bulletins. Therefore, most of
the live webcast is aimed at giving you the opportunity to ask questions and
get answers from their security experts:

Start Date: Wednesday, January 10, 2007 11:00 AM Pacific Time (US & Canada)
Duration: 60 minutes
http://www.dozleng.com/updates/"htt...EventCategory=4&culture=en-US&CountryCode=US"

Security Tool:
Find out if you are missing important Microsoft product updates by using
MBSA.
http://www.microsoft.com/technet/security/tools/mbsahome.mspx

 

[Lemon Jelly]

Thus spake Donna [MVP]:

As part of Microsoft's routine, monthly security update cycle, they've
released the following updates:

Critical

Indeed thanks. The first I knew is when I started Outlook & my firewall told
me that the main exe had changed! I had to research this before relaunching
Outlook. Some sort of notification would have been nice!

 

[C_O]

This corrupted Office 2003 Pro update local info on one of our machines. The
last successful autoupdate was with the October patches. Now it's completely
stuck -- Office Update won't work, Office repair won't work -- Error :This
patch package could not be opened. Contact the application vendor to verify
that this is a valid Windows Installer patch package."

Not nice. Uninstalling and reinstalling Office 2003 on a machine connected
to a domain is a nightmare -- at least 2 hours down the drain.

Unless you have a better idea?

C_O

 

[Donna [MVP]]

Hi,

You can try the possible solutions at http://support.microsoft.com/kb/295823
Unfortunately, you need to uninstall Office after running the Windows
Installer CleanUp utility

Regards,
Donna Buenaventura
Windows Security MVP

This corrupted Office 2003 Pro update local info on one of our machines.
The last successful autoupdate was with the October patches. Now it's
completely stuck -- Office Update won't work, Office repair won't work --
Error :This patch package could not be opened. Contact the application
vendor to verify that this is a valid Windows Installer patch package."

Not nice. Uninstalling and reinstalling Office 2003 on a machine connected
to a domain is a nightmare -- at least 2 hours down the drain.

Unless you have a better idea?

C_O

 

[Bob Buckland ?:-\)]

Hi C_O,

Often when you get the 'patch package' error message the Office installation was already damaged, sometimes from having been
'helped' to clear out files or registry entries

If you can do a repair/reinstall of recache successfully then Office is likely okay, if not you may want to review this article.
http://support.microsoft.com/kb/295823/en-us?FR=1

It can also depend on the strategy you've chosen to update workstations if they were installed from/tied to either an Office Admin
Point or a Local Installation Source (LIS) using local \MSOCache folders on the PCs for the 2003 edition (see the link in the
'references' section of
http://support.microsoft.com/kb/829197/en-us?FR=1

==============
This corrupted Office 2003 Pro update local info on one of our machines. The
last successful autoupdate was with the October patches. Now it's completely
stuck -- Office Update won't work, Office repair won't work -- Error :This
patch package could not be opened. Contact the application vendor to verify
that this is a valid Windows Installer patch package."

Not nice. Uninstalling and reinstalling Office 2003 on a machine connected
to a domain is a nightmare -- at least 2 hours down the drain.

Unless you have a better idea?

C_O >>
--

Bob Buckland ?
MS Office System Products MVP

*Courtesy is not expensive and can pay big dividends*

 

[C_O]

Hmm.... Once Office 2003 is uninstalled, we'll be looking very hard at the
"other" office suite. The one that is not constantly corrupting itself
through pathetic DRM hacks.

Life is too short for that crap.

-- C_O

Hi,

You can try the possible solutions at
http://support.microsoft.com/kb/295823
Unfortunately, you need to uninstall Office after running the Windows
Installer CleanUp utility

Regards,
Donna Buenaventura
Windows Security MVP

 

[C_O]

Thanks Bob and turbolover22.

None of that worked. Along the way, the system even had the gall to make me
reinstall the office activation checking ActiveX.

Now I have to travel to that remote office and physically mess up with the
original CDs -- as you know, once the SP has been installed repair
installations are no longer possible, so this means full uninstall and
cleanup. At least 2 hours wasted because of these pathetic anti-piracy
self-corrupting antics. Open source looks better and better every day.

BTW looking at the log I think I found the problem. An error like
"registered patch even though the file is missing". Not that this would help
in any way, since the junior programmer who caused the bug probably has no
clue. Clearly this system has grown too bloody complex for anyone person to
comprehend, even at Microsoft.

-- C_O