Stephen Withers
Tuesday, 22 May 2007 12:00
Your IT -
Home IT
Microsoft has quietly announced that the logic used to deliver the May Patch Tuesday security and other updates for Office 2007 was flawed, and consequently some systems have not been patched.
In the Microsoft Security Response Center blog, security response communications team member Mark Griesi
revealed revealed that systems running Windows Vista and Office 2007 may either not have been offered all the updates, or if they were, the updates may not have installed successfully.
The updates affected were MS-07-023 (Excel-specific problems allowing remote code execution, one of which is rated "important" for Excel 2007) and MS07-025 (a fix for remote execution vulnerabilities involving drawing objects in multiple versions of Office applications, rated "important" for Office 2007).
The detection logic has now been altered, and re-running Microsoft Update will install the patches where appropriate. Although the patches themselves have not changed, administrators of Windows Server Update Services and Systems Management Server/Inventory Tool for Microsoft Updates will need to approve the new versions of the updates.
"[P]lease go ahead and install these updates if they are offered to you," wrote Griesi.