Microsoft Security Bulletins for January

As part of Microsoft's routine, monthly security update cycle, they've
released the following updates:

Critical

MS07-002 - Vulnerabilities in Microsoft Excel Could Allow Remote Code
Execution (927198)
http://www.microsoft.com/technet/sec.../MS07-002.mspx
MS07-003 - Vulnerabilities in Microsoft Outlook Could Allow Remote Code
Execution (925938)
http://www.microsoft.com/technet/sec.../MS07-003.mspx
MS07-004 - Vulnerability in Vector Markup Language Could Allow Remote Code
Execution (929969)
http://www.microsoft.com/technet/sec.../MS07-004.mspx
Important

MS07-001 - Vulnerability in Microsoft Office 2003 Brazilian Portuguese
Grammar Checker Could Allow Remote Code Execution (921585)
http://www.microsoft.com/technet/sec.../MS07-001.mspx

The Microsoft Security Bulletin Summary for January, 2007 is at
http://www.microsoft.com/technet/sec.../ms07-jan.mspx

If you have any questions regarding the patch or its implementation after
reading the above listed bulletin you should contact Product Support
Services in the United States at 1-866-PCSafety. International customers
should contact their local subsidiary.

As always, download the updates only from the vendors website - visit
Windows Update and Office Update or Microsoft Update websites. You may also
get the updates thru Automatic Updates functionality in Windows system.

Webcast:
Microsoft will host a webcast tomorrow. The webcast focuses on addressing
your questions and concerns about the security bulletins. Therefore, most of
the live webcast is aimed at giving you the opportunity to ask questions and
get answers from their security experts:

Start Date: Wednesday, January 10, 2007 11:00 AM Pacific Time (US & Canada)
Duration: 60 minutes
http://www.dozleng.com/updates/%22ht...ntryCode=US%22

Security Tool:
Find out if you are missing important Microsoft product updates by using
MBSA.
http://www.microsoft.com/technet/sec.../mbsahome.mspx


--
Donna Buenaventura [Windows Security MVP 2004 - 2007]
w: cou.dozleng.com | b: msmvps.com/donna

These month's release don't address the Word vulnerabilities?

http://blogs.technet.com/msrc/archiv...y-reports.aspx

Donna [MVP] wrote:
> As part of Microsoft's routine, monthly security update cycle, they've
> released the following updates:
>
> Critical
>
> MS07-002 - Vulnerabilities in Microsoft Excel Could Allow Remote Code
> Execution (927198)
> http://www.microsoft.com/technet/sec.../MS07-002.mspx
> MS07-003 - Vulnerabilities in Microsoft Outlook Could Allow Remote Code
> Execution (925938)
> http://www.microsoft.com/technet/sec.../MS07-003.mspx
> MS07-004 - Vulnerability in Vector Markup Language Could Allow Remote Code
> Execution (929969)
> http://www.microsoft.com/technet/sec.../MS07-004.mspx
> Important
>
> MS07-001 - Vulnerability in Microsoft Office 2003 Brazilian Portuguese
> Grammar Checker Could Allow Remote Code Execution (921585)
> http://www.microsoft.com/technet/sec.../MS07-001.mspx
>
> The Microsoft Security Bulletin Summary for January, 2007 is at
> http://www.microsoft.com/technet/sec.../ms07-jan.mspx
>
> If you have any questions regarding the patch or its implementation after
> reading the above listed bulletin you should contact Product Support
> Services in the United States at 1-866-PCSafety. International customers
> should contact their local subsidiary.
>
> As always, download the updates only from the vendors website - visit
> Windows Update and Office Update or Microsoft Update websites. You may also
> get the updates thru Automatic Updates functionality in Windows system.
>
> Webcast:
> Microsoft will host a webcast tomorrow. The webcast focuses on addressing
> your questions and concerns about the security bulletins. Therefore,
> most of
> the live webcast is aimed at giving you the opportunity to ask questions
> and
> get answers from their security experts:
>
> Start Date: Wednesday, January 10, 2007 11:00 AM Pacific Time (US & Canada)
> Duration: 60 minutes
> http://www.dozleng.com/updates/%22ht...ntryCode=US%22
>
>
> Security Tool:
> Find out if you are missing important Microsoft product updates by using
> MBSA.
> http://www.microsoft.com/technet/sec.../mbsahome.mspx
>
>

Apparently not.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)

yesmen wrote:
> These month's release don't address the Word vulnerabilities?
>
> http://blogs.technet.com/msrc/archiv...y-reports.aspx
>
> Donna [MVP] wrote:
>> As part of Microsoft's routine, monthly security update cycle, they've
>> released the following updates:
>>
>> Critical
>>
>> MS07-002 - Vulnerabilities in Microsoft Excel Could Allow Remote Code
>> Execution (927198)
>> http://www.microsoft.com/technet/sec.../MS07-002.mspx
>> MS07-003 - Vulnerabilities in Microsoft Outlook Could Allow Remote Code
>> Execution (925938)
>> http://www.microsoft.com/technet/sec.../MS07-003.mspx
>> MS07-004 - Vulnerability in Vector Markup Language Could Allow Remote
>> Code
>> Execution (929969)
>> http://www.microsoft.com/technet/sec.../MS07-004.mspx
>> Important
>>
>> MS07-001 - Vulnerability in Microsoft Office 2003 Brazilian Portuguese
>> Grammar Checker Could Allow Remote Code Execution (921585)
>> http://www.microsoft.com/technet/sec.../MS07-001.mspx
>>
>> The Microsoft Security Bulletin Summary for January, 2007 is at
>> http://www.microsoft.com/technet/sec.../ms07-jan.mspx
>>
>> If you have any questions regarding the patch or its implementation after
>> reading the above listed bulletin you should contact Product Support
>> Services in the United States at 1-866-PCSafety. International customers
>> should contact their local subsidiary.
>>
>> As always, download the updates only from the vendors website - visit
>> Windows Update and Office Update or Microsoft Update websites. You may
>> also
>> get the updates thru Automatic Updates functionality in Windows system.
>>
>> Webcast:
>> Microsoft will host a webcast tomorrow. The webcast focuses on addressing
>> your questions and concerns about the security bulletins. Therefore,
>> most of
>> the live webcast is aimed at giving you the opportunity to ask questions
>> and
>> get answers from their security experts:
>>
>> Start Date: Wednesday, January 10, 2007 11:00 AM Pacific Time (US &
>> Canada)
>> Duration: 60 minutes
>> http://www.dozleng.com/updates/%22ht...ntryCode=US%22
>>
>>
>> Security Tool:
>> Find out if you are missing important Microsoft product updates by using
>> MBSA.
>> http://www.microsoft.com/technet/sec.../mbsahome.mspx

See this:
http://www.zdnet.com.au/news/securit...9272892,00.htm
Sue
"PA Bear" <> wrote in message
news:%...
> Apparently not.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE, OE, Security, Shell/User)
>
> yesmen wrote:
>> These month's release don't address the Word vulnerabilities?
>>
>> http://blogs.technet.com/msrc/archiv...y-reports.aspx
>>
>> Donna [MVP] wrote:
>>> As part of Microsoft's routine, monthly security update cycle, they've
>>> released the following updates:
>>>
>>> Critical
>>>
>>> MS07-002 - Vulnerabilities in Microsoft Excel Could Allow Remote Code
>>> Execution (927198)
>>> http://www.microsoft.com/technet/sec.../MS07-002.mspx
>>> MS07-003 - Vulnerabilities in Microsoft Outlook Could Allow Remote Code
>>> Execution (925938)
>>> http://www.microsoft.com/technet/sec.../MS07-003.mspx
>>> MS07-004 - Vulnerability in Vector Markup Language Could Allow Remote
>>> Code
>>> Execution (929969)
>>> http://www.microsoft.com/technet/sec.../MS07-004.mspx
>>> Important
>>>
>>> MS07-001 - Vulnerability in Microsoft Office 2003 Brazilian Portuguese
>>> Grammar Checker Could Allow Remote Code Execution (921585)
>>> http://www.microsoft.com/technet/sec.../MS07-001.mspx
>>>
>>> The Microsoft Security Bulletin Summary for January, 2007 is at
>>> http://www.microsoft.com/technet/sec.../ms07-jan.mspx
>>>
>>> If you have any questions regarding the patch or its implementation
>>> after
>>> reading the above listed bulletin you should contact Product Support
>>> Services in the United States at 1-866-PCSafety. International customers
>>> should contact their local subsidiary.
>>>
>>> As always, download the updates only from the vendors website - visit
>>> Windows Update and Office Update or Microsoft Update websites. You may
>>> also
>>> get the updates thru Automatic Updates functionality in Windows system.
>>>
>>> Webcast:
>>> Microsoft will host a webcast tomorrow. The webcast focuses on
>>> addressing
>>> your questions and concerns about the security bulletins. Therefore,
>>> most of
>>> the live webcast is aimed at giving you the opportunity to ask questions
>>> and
>>> get answers from their security experts:
>>>
>>> Start Date: Wednesday, January 10, 2007 11:00 AM Pacific Time (US &
>>> Canada)
>>> Duration: 60 minutes
>>> http://www.dozleng.com/updates/%22ht...ntryCode=US%22
>>>
>>>
>>> Security Tool:
>>> Find out if you are missing important Microsoft product updates by using
>>> MBSA.
>>> http://www.microsoft.com/technet/sec.../mbsahome.mspx
>

--------------------------------------------------------------------------------
I am using the free version of SPAMfighter for private users.
It has removed 443 spam emails to date.
Paying users do not have this message in their emails.
Try SPAMfighter for free now!

Thus spake Donna [MVP]:
> As part of Microsoft's routine, monthly security update cycle, they've
> released the following updates:
>
> Critical
>
Indeed thanks. The first I knew is when I started Outlook & my firewall told
me that the main exe had changed! I had to research this before relaunching
Outlook. Some sort of notification would have been nice!

This corrupted Office 2003 Pro update local info on one of our machines. The
last successful autoupdate was with the October patches. Now it's completely
stuck -- Office Update won't work, Office repair won't work -- Error :This
patch package could not be opened. Contact the application vendor to verify
that this is a valid Windows Installer patch package."

Not nice. Uninstalling and reinstalling Office 2003 on a machine connected
to a domain is a nightmare -- at least 2 hours down the drain.

Unless you have a better idea?

C_O

"Donna [MVP]" <> wrote in message
news:...
> As part of Microsoft's routine, monthly security update cycle, they've
> released the following updates:
>
> Critical
>
> MS07-002 - Vulnerabilities in Microsoft Excel Could Allow Remote Code
> Execution (927198)
> http://www.microsoft.com/technet/sec.../MS07-002.mspx
> MS07-003 - Vulnerabilities in Microsoft Outlook Could Allow Remote Code
> Execution (925938)
> http://www.microsoft.com/technet/sec.../MS07-003.mspx
> MS07-004 - Vulnerability in Vector Markup Language Could Allow Remote Code
> Execution (929969)
> http://www.microsoft.com/technet/sec.../MS07-004.mspx
> Important
>
> MS07-001 - Vulnerability in Microsoft Office 2003 Brazilian Portuguese
> Grammar Checker Could Allow Remote Code Execution (921585)
> http://www.microsoft.com/technet/sec.../MS07-001.mspx
>
> The Microsoft Security Bulletin Summary for January, 2007 is at
> http://www.microsoft.com/technet/sec.../ms07-jan.mspx
>
> If you have any questions regarding the patch or its implementation after
> reading the above listed bulletin you should contact Product Support
> Services in the United States at 1-866-PCSafety. International customers
> should contact their local subsidiary.
>
> As always, download the updates only from the vendors website - visit
> Windows Update and Office Update or Microsoft Update websites. You may
> also
> get the updates thru Automatic Updates functionality in Windows system.
>
> Webcast:
> Microsoft will host a webcast tomorrow. The webcast focuses on addressing
> your questions and concerns about the security bulletins. Therefore, most
> of
> the live webcast is aimed at giving you the opportunity to ask questions
> and
> get answers from their security experts:
>
> Start Date: Wednesday, January 10, 2007 11:00 AM Pacific Time (US &
> Canada)
> Duration: 60 minutes
> http://www.dozleng.com/updates/%22ht...ntryCode=US%22
>
> Security Tool:
> Find out if you are missing important Microsoft product updates by using
> MBSA.
> http://www.microsoft.com/technet/sec.../mbsahome.mspx
>
>
> --
> Donna Buenaventura [Windows Security MVP 2004 - 2007]
> w: cou.dozleng.com | b: msmvps.com/donna

Hi,

You can try the possible solutions at http://support.microsoft.com/kb/295823
Unfortunately, you need to uninstall Office after running the Windows
Installer CleanUp utility

Regards,
Donna Buenaventura
Windows Security MVP

"C_O" <> wrote in message
news:...
> This corrupted Office 2003 Pro update local info on one of our machines.
> The last successful autoupdate was with the October patches. Now it's
> completely stuck -- Office Update won't work, Office repair won't work --
> Error :This patch package could not be opened. Contact the application
> vendor to verify that this is a valid Windows Installer patch package."
>
> Not nice. Uninstalling and reinstalling Office 2003 on a machine connected
> to a domain is a nightmare -- at least 2 hours down the drain.
>
> Unless you have a better idea?
>
> C_O
>
> "Donna [MVP]" <> wrote in message
> news:...
>> As part of Microsoft's routine, monthly security update cycle, they've
>> released the following updates:
>>
>> Critical
>>
>> MS07-002 - Vulnerabilities in Microsoft Excel Could Allow Remote Code
>> Execution (927198)
>> http://www.microsoft.com/technet/sec.../MS07-002.mspx
>> MS07-003 - Vulnerabilities in Microsoft Outlook Could Allow Remote Code
>> Execution (925938)
>> http://www.microsoft.com/technet/sec.../MS07-003.mspx
>> MS07-004 - Vulnerability in Vector Markup Language Could Allow Remote
>> Code
>> Execution (929969)
>> http://www.microsoft.com/technet/sec.../MS07-004.mspx
>> Important
>>
>> MS07-001 - Vulnerability in Microsoft Office 2003 Brazilian Portuguese
>> Grammar Checker Could Allow Remote Code Execution (921585)
>> http://www.microsoft.com/technet/sec.../MS07-001.mspx
>>
>> The Microsoft Security Bulletin Summary for January, 2007 is at
>> http://www.microsoft.com/technet/sec.../ms07-jan.mspx
>>
>> If you have any questions regarding the patch or its implementation after
>> reading the above listed bulletin you should contact Product Support
>> Services in the United States at 1-866-PCSafety. International customers
>> should contact their local subsidiary.
>>
>> As always, download the updates only from the vendors website - visit
>> Windows Update and Office Update or Microsoft Update websites. You may
>> also
>> get the updates thru Automatic Updates functionality in Windows system.
>>
>> Webcast:
>> Microsoft will host a webcast tomorrow. The webcast focuses on addressing
>> your questions and concerns about the security bulletins. Therefore, most
>> of
>> the live webcast is aimed at giving you the opportunity to ask questions
>> and
>> get answers from their security experts:
>>
>> Start Date: Wednesday, January 10, 2007 11:00 AM Pacific Time (US &
>> Canada)
>> Duration: 60 minutes
>> http://www.dozleng.com/updates/%22ht...ntryCode=US%22
>>
>> Security Tool:
>> Find out if you are missing important Microsoft product updates by using
>> MBSA.
>> http://www.microsoft.com/technet/sec.../mbsahome.mspx
>>
>>
>> --
>> Donna Buenaventura [Windows Security MVP 2004 - 2007]
>> w: cou.dozleng.com | b: msmvps.com/donna
>
>

Hi C_O,

Often when you get the 'patch package' error message the Office installation was already damaged, sometimes from having been
'helped' to clear out files or registry entries

If you can do a repair/reinstall of recache successfully then Office is likely okay, if not you may want to review this article.
http://support.microsoft.com/kb/295823/en-us?FR=1

It can also depend on the strategy you've chosen to update workstations if they were installed from/tied to either an Office Admin
Point or a Local Installation Source (LIS) using local \MSOCache folders on the PCs for the 2003 edition (see the link in the
'references' section of
http://support.microsoft.com/kb/829197/en-us?FR=1

==============
<<"C_O" <> wrote in message news:...
This corrupted Office 2003 Pro update local info on one of our machines. The
last successful autoupdate was with the October patches. Now it's completely
stuck -- Office Update won't work, Office repair won't work -- Error :This
patch package could not be opened. Contact the application vendor to verify
that this is a valid Windows Installer patch package."

Not nice. Uninstalling and reinstalling Office 2003 on a machine connected
to a domain is a nightmare -- at least 2 hours down the drain.

Unless you have a better idea?

C_O >>
--

Bob Buckland ?:-)
MS Office System Products MVP

*Courtesy is not expensive and can pay big dividends*

Hmm.... Once Office 2003 is uninstalled, we'll be looking very hard at the
"other" office suite. The one that is not constantly corrupting itself
through pathetic DRM hacks.

Life is too short for that crap.

-- C_O

"Donna [MVP]" <> wrote in message
news:%...
> Hi,
>
> You can try the possible solutions at
> http://support.microsoft.com/kb/295823
> Unfortunately, you need to uninstall Office after running the Windows
> Installer CleanUp utility
>
> Regards,
> Donna Buenaventura
> Windows Security MVP
>
> "C_O" <> wrote in message
> news:...
>> This corrupted Office 2003 Pro update local info on one of our machines.
>> The last successful autoupdate was with the October patches. Now it's
>> completely stuck -- Office Update won't work, Office repair won't work --
>> Error :This patch package could not be opened. Contact the application
>> vendor to verify that this is a valid Windows Installer patch package."
>>
>> Not nice. Uninstalling and reinstalling Office 2003 on a machine
>> connected to a domain is a nightmare -- at least 2 hours down the drain.
>>
>> Unless you have a better idea?
>>
>> C_O
>>
>> "Donna [MVP]" <> wrote in message
>> news:...
>>> As part of Microsoft's routine, monthly security update cycle, they've
>>> released the following updates:
>>>
>>> Critical
>>>
>>> MS07-002 - Vulnerabilities in Microsoft Excel Could Allow Remote Code
>>> Execution (927198)
>>> http://www.microsoft.com/technet/sec.../MS07-002.mspx
>>> MS07-003 - Vulnerabilities in Microsoft Outlook Could Allow Remote Code
>>> Execution (925938)
>>> http://www.microsoft.com/technet/sec.../MS07-003.mspx
>>> MS07-004 - Vulnerability in Vector Markup Language Could Allow Remote
>>> Code
>>> Execution (929969)
>>> http://www.microsoft.com/technet/sec.../MS07-004.mspx
>>> Important
>>>
>>> MS07-001 - Vulnerability in Microsoft Office 2003 Brazilian Portuguese
>>> Grammar Checker Could Allow Remote Code Execution (921585)
>>> http://www.microsoft.com/technet/sec.../MS07-001.mspx
>>>
>>> The Microsoft Security Bulletin Summary for January, 2007 is at
>>> http://www.microsoft.com/technet/sec.../ms07-jan.mspx
>>>
>>> If you have any questions regarding the patch or its implementation
>>> after
>>> reading the above listed bulletin you should contact Product Support
>>> Services in the United States at 1-866-PCSafety. International customers
>>> should contact their local subsidiary.
>>>
>>> As always, download the updates only from the vendors website - visit
>>> Windows Update and Office Update or Microsoft Update websites. You may
>>> also
>>> get the updates thru Automatic Updates functionality in Windows system.
>>>
>>> Webcast:
>>> Microsoft will host a webcast tomorrow. The webcast focuses on
>>> addressing
>>> your questions and concerns about the security bulletins. Therefore,
>>> most of
>>> the live webcast is aimed at giving you the opportunity to ask questions
>>> and
>>> get answers from their security experts:
>>>
>>> Start Date: Wednesday, January 10, 2007 11:00 AM Pacific Time (US &
>>> Canada)
>>> Duration: 60 minutes
>>> http://www.dozleng.com/updates/%22ht...ntryCode=US%22
>>>
>>> Security Tool:
>>> Find out if you are missing important Microsoft product updates by using
>>> MBSA.
>>> http://www.microsoft.com/technet/sec.../mbsahome.mspx
>>>
>>>
>>> --
>>> Donna Buenaventura [Windows Security MVP 2004 - 2007]
>>> w: cou.dozleng.com | b: msmvps.com/donna
>>
>>
>

Thanks Bob and turbolover22.

None of that worked. Along the way, the system even had the gall to make me
reinstall the office activation checking ActiveX.

Now I have to travel to that remote office and physically mess up with the
original CDs -- as you know, once the SP has been installed repair
installations are no longer possible, so this means full uninstall and
cleanup. At least 2 hours wasted because of these pathetic anti-piracy
self-corrupting antics. Open source looks better and better every day.

BTW looking at the log I think I found the problem. An error like
"registered patch even though the file is missing". Not that this would help
in any way, since the junior programmer who caused the bug probably has no
clue. Clearly this system has grown too bloody complex for anyone person to
comprehend, even at Microsoft.

-- C_O

"turbolover22" <> wrote in message
news:0130EE44-00CA-4BE5-82F3-...
> You could try the Local Installation Source Repair tool. It is located at
> http://download.microsoft.com/downlo...96/LISTool.exe
>
> Or if you prefer to go to the page and download it the page is located at:
>
> http://www.microsoft.com/office/orkarchive/2003ddl.htm
>
> turbolover22
>
> "Bob Buckland ?:-)" wrote:
>
>> Hi C_O,
>>
>> Often when you get the 'patch package' error message the Office
>> installation was already damaged, sometimes from having been
>> 'helped' to clear out files or registry entries
>>
>> If you can do a repair/reinstall of recache successfully then Office is
>> likely okay, if not you may want to review this article.
>> http://support.microsoft.com/kb/295823/en-us?FR=1
>>
>> It can also depend on the strategy you've chosen to update workstations
>> if they were installed from/tied to either an Office Admin
>> Point or a Local Installation Source (LIS) using local \MSOCache folders
>> on the PCs for the 2003 edition (see the link in the
>> 'references' section of
>> http://support.microsoft.com/kb/829197/en-us?FR=1
>>
>> ==============
>> <<"C_O" <> wrote in message
>> news:...
>> This corrupted Office 2003 Pro update local info on one of our machines.
>> The
>> last successful autoupdate was with the October patches. Now it's
>> completely
>> stuck -- Office Update won't work, Office repair won't work -- Error
>> :This
>> patch package could not be opened. Contact the application vendor to
>> verify
>> that this is a valid Windows Installer patch package."
>>
>> Not nice. Uninstalling and reinstalling Office 2003 on a machine
>> connected
>> to a domain is a nightmare -- at least 2 hours down the drain.
>>
>> Unless you have a better idea?
>>
>> C_O >>
>> --
>>
>> Bob Buckland ?:-)
>> MS Office System Products MVP
>>
>> *Courtesy is not expensive and can pay big dividends*
>>
>>
>>