There Is Something for Everyone This Patch Tuesday

What Is It?

The last Patch Tuesday of 2008 is a big one, and it affects virtually all users of Microsoft software products. Although many of you should receive your updates automatically, we are publishing this notice for three reasons.

1. Breadth of Impact. Due to the large number of bulletins, delivery via Automatic Update may be significantly delayed, and the risk of an update failure increases significantly with the number of affected components.
2. Restart Requirement. Several of the updates require a restart in order to be fully implemented.
3. Manual Installation Requirement. Some of the updates are for older versions of Microsoft software that is outside the scope of the Microsoft Update and Windows Update services.

What Should You Do?

Windows (All Versions)

All of the updates, except those for Office 2000 and the programming language products, should be offered on either Windows Update or Microsoft Update.

If you are still using Windows Update, we strongly urge you to begin using Microsoft Update, because it covers a much broader range of Microsoft software.

Microsoft Update is at http://update.microsoft.com/.

Office XP for Microsoft Windows

Visit the Microsoft Update Web site, at http://update.microsoft.com/, as soon as you can, and run the wizard, to be sure that all of the updates you need have been applied. If you are really paranoid, use the instructions in the various security bulletins listed in the References to verify the installations.

Office 2000 for Microsoft Windows

Visit the Office Update Web page, at http://office.microsoft.com/en-us/downloads/maincatalog.aspx, and download everything offered to you.

Important: Have your Office 2000 CD handy, because you will almost certainly be prompted to insert it, to validate your installation.

Works 8.0, 8.5, 2004, and 2005

Since Microsoft Word is the word processor in all recent versions of Microsoft Works, you are affected by the updates covered by security bulletin MS08-072.

If you are still using Works 2004, 2005, or 8.0, you must upgrade to Works 8.5, in order to get the updates.

1. If you are unsure of the version of Works installed on your machine, open any application in Microsoft Works, and display the About item on the Help menu.
2. If your About Box shows any version except 8.5, download and install the free upgrade to the latest version of Works, at http://www.microsoft.com/products/works/international/update_1001.mspx.
3. Once you have the latest version of Works installed, visit the Microsoft Update Web page, at http://update.microsoft.com/, and accept the update for Office Word.

Office 2004 for Mac

Download and install Microsoft Office 2004 for Mac, 11.5.3 Update, from http://www.microsoft.com/downloads/details.aspx?FamilyId=ECA13AD8-62AE-41A8-B308-41E2D1773820&displaylang=en.

Office 2008 for Mac

Download and install Microsoft Office 2004 for Mac, 12.1.5 Update, from http://www.microsoft.com/downloads/details.aspx?FamilyId=AB31A564-43D2-45BD-98BF-19E9CA477B62&displaylang=en.

Open XML File Format Converter for Mac

Download and install Open XML File Format Converter for Mac 1.0.2, from http://www.microsoft.com/downloads/details.aspx?FamilyId=EDB6CD8F-832C-4123-8982-AC0C601EA0A7&displaylang=en.

Visual Basic 6.0 ActiveX Components

Several key ActiveX components that ship with the Microsoft Visual Basic 6.0 compiler, in addition to Visual Studio .NET 2002 and 2003.

• If you are a software developer, you will need to update your development tools. See MS08-070 for details.
• You may have other software that uses one or more of these controls. If so, you can expect an update from your software vendor in coming months.
• If you use custom software that was developed specifically for you, there is a good chance that it was developed using Visual Basic 6, unless it was developed within the last few years.

References

• http://update.microsoft.com/ is the entrance to the Microsoft Update Web service.
• http://office.microsoft.com/en-us/downloads/maincatalog.aspx is the entrance to the Microsoft Office Update Web service.
  • This site offers updates for Windows versions of Microsoft Office only.
  • If you have a version of Office for the Mac, please see the appropriate page, listed below.
• http://www.microsoft.com/products/works/international/update_1001.mspx is the announcement of the free Works 8.5 update, which is a prerequisite for this, and all future security updates for Microsoft Works.
• http://www.microsoft.com/downloads/details.aspx?FamilyId=ECA13AD8-62AE-41A8-B308-41E2D1773820&displaylang=en is the download page for Microsoft Office 2004 for Mac, 11.5.3 Update.
• http://www.microsoft.com/downloads/details.aspx?FamilyId=AB31A564-43D2-45BD-98BF-19E9CA477B62&displaylang=en is the download page for Microsoft Office 2004 for Mac, 12.1.5 Update.
• http://www.microsoft.com/downloads/details.aspx?FamilyId=EDB6CD8F-832C-4123-8982-AC0C601EA0A7&displaylang=en is the download page for Open XML File Format Converter for Mac 1.0.2.
• http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx is the Microsoft Security Bulletin Summary for December 2008. The bulletin was published Tuesday, 09 December 2008.
• http://www.microsoft.com/technet/security/bulletin/ms08-072.mspx is Microsoft Security Bulletin MS08-072 - Critical: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173).
• http://www.microsoft.com/technet/security/bulletin/ms08-073.mspx is Microsoft Security Bulletin MS08-073 - Critical: Cumulative Security Update for Internet Explorer (958215).
• http://www.microsoft.com/technet/security/bulletin/ms08-074.mspx is Microsoft Security Bulletin MS08-074 - Critical: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070).
• http://www.microsoft.com/technet/security/bulletin/ms08-075.mspx is Microsoft Security Bulletin MS08-075 - Critical: Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349).
• http://www.microsoft.com/technet/security/bulletin/ms08-071.mspx is Microsoft Security Bulletin MS08-071 - Critical: Vulnerabilities in GDI Could Allow Remote Code Execution (956802).
• http://www.microsoft.com/technet/security/bulletin/ms08-070.mspx is Microsoft Security Bulletin MS08-070 - Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349).
• http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx is Microsoft Security Bulletin MS08-076 - Important: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807).
• http://www.microsoft.com/technet/security/bulletin/ms08-077.mspx, is Microsoft Security Bulletin MS08-077 - Important: Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175).
• http://www.wizardwrx.com/TechnicalArticles/docs/2008_DEC_MSSB_MATRIX.xls is a Microsoft Excel 2002 spreadsheet that I developed, in an attempt to organize the large amount of information about the products covered by the security bulletins released today. You should be able to open this document in Microsoft Excel 97 or later, or the corresponding viewer.
• http://www.wizardwrx.com/TechnicalArticles/docs/2008_DEC_MSSB_MATRIX.pdf is a PDF rendering of the Excel document listed above.

David Gray, MBA, Chief Wizard WizardWrx – Making computer magic since 1985
	+1 (817) 812-3041 TZ: USA Central http://www.wizardwrx.com/	4835 North O'Connor Road Suite 200 Irving, TX 75062-2742 USA
Tell me what you need, and I’ll conjure it.