Users of Microsoft Office 2007 on Windows Vista missed out on some of the security patches released May 8. But the software giant has addressed the problem with a new update.
In a separate development on the Microsoft Office security front, the software giant announced that Microsoft Office Isolated Conversion Environment (MOICE) is now available for download.
In the Microsoft Security Response Center blog, program manager Mark Griesi wrote that his team updated the detection logic for the May 8 security and non-security updates for Office 2007 with the exception of the junk mail filter update.
In some cases, the original detection logic may not have offered the updates or the updates may not have been installed properly on machines running Vista, he said. The changes only pertain to the fixes in security bulletins MS07-023 and MS07-025, Griesi said, adding that MS07-024 did not require an update since it doesn't affect Office 2007.
"It's important to note that there has been no change to the actual binaries in the updates themselves," he said. "If you have already successfully installed the updates using Microsoft Update, you will not be offered the update again."
He said the updates will also be available through Windows Server Update Services (WSUS), Systems Management Server (SMS) and Inventory Tool for Microsoft Updates (ITMU). Administrators of those systems will see new versions of the updates and will need to approve them. Doing so should have no impact on machines that have already installed the previous updates successfully, he said.
"So for those of you out there, such as myself, who are running Office 2007 on Windows Vista, please go ahead and install these updates if they are offered to you," Griesi said.
Microsoft plugged 19 holes in its May 8 security update, including seven critical fixes for a zero-day DNS server flaw and flaws in Microsoft Exchange, Internet Explorer, Microsoft Excel, Word and Office.
It's a free, downloadable security enhancement for the Microsoft Office 2003 Compatibility Pack and the 2007 Office system that converts documents in legacy (.doc) formats to OpenXML formats, thereby stripping out potentially malicious code.
In a recent interview with SearchSecurity.com, Microsoft Office Technical Product Manager Josh Edwards said MOICE has been designed with businesses in mind. It creates a "sandbox" with a restricted token where documents are scrubbed for malware. Once the malware is ejected, the file can be opened as it normally is in Office 2003, he explained.