This article describes update KB2596787 for 2007 Microsoft Office Suite that was released on February 10, 2015. This update improves the user interface in Office 2007 applications to make sure that all meanings are accurate.
Support for Office 2007 ended on October 10, 2017. All of your Office 2007 apps will continue to function. However, you could expose yourself to serious and potentially harmful security risks. Upgrade to a newer version of Office so you can stay up to date with all the latest features, patches, and security updates.
Patch For Microsoft 2007
The 2007 Microsoft Office suite Service Pack 3 (SP3) and Microsoft Office Language Pack 2007 SP3 provide the latest updates to the 2007 Office suite and to Office Language Pack 2007. These updates include two main categories of fixes:
Fixes an issue in which Excel 2007 sometimes crashes when you open an Excel workbook previously saved in a newer version of Excel. This occurs if the file uses a new feature that is not available in the 2007 Office system.
Service pack removal2007 Microsoft Office Service Pack 3 supports removal of client updates by using both the command line and the Microsoft Service Pack Uninstall Tool for the 2007 Microsoft Office suite. The Service Pack Uninstall Tool is available as a separate download.
The following hotfix packages dated February 2013 (or later versions) require you to have the 2007 Microsoft Office suite Service Pack 3 (SP3) installed before you install the update.
Microsoft Office Word 2007 Update is an update to Microsoft Office Word 2007. Generally, customers who purchase or license Word 2007 from Microsoft after January 10, 2010 for use in the United States and its territories must use updated software that does not include a particular custom XML tagging implementation.
Microsoft Office 2000 Service Pack 3 (Microsoft Excel 2000 ): =5F101D03-C0A7-41E0-95A4-A12AFB356D5FMicrosoft Office XP Service Pack 3 (Microsoft Excel 2002 ): =29596861-D9F0-4A10-9E1C-CDA75DDE017DMicrosoft Office 2003 Service Pack 2 (Microsoft Excel 2003 ): =9567C583-556F-4379-80BA-3E0C8993C04CMicrosoft Office 2003 Service Pack 2 (Microsoft Excel 2003 Viewer ): =3C7F18AC-24BB-41CF-B8DA-997706FDC44C2007 Microsoft Office System (Microsoft Office Excel 2007 ): =CED9F11B-CE48-47A3-9288-BD11B80F3D852007 Microsoft Office System (Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats ): =50A7924F-DB51-438A-B27D-37E40A471E60Microsoft Office 2004 for Mac : to Micrsoft Security Bulletin MS07-023 for further details.Microsoft Word Remote Code Execution Vulnerabilities (MS07-024)SeverityCritical4Qualys ID110055Vendor ReferenceMS07-024CVE ReferenceCVE-2007-0035, CVE-2007-0870, CVE-2007-1202CVSS ScoresBase 9.3 / Temporal 7.7DescriptionMicrosoft Word is susceptible to the following vulnerabilities:A remote code execution vulnerability exists in the way Microsoft Word handles data within an array.A remote code execution vulnerability exists in the way Microsoft Word handles a specially crafted Word Document stream.A remote code execution vulnerability exists in the way Microsoft Word parses certain rich text properties within a file.ConsequenceIf these vulnerabilities are successfully exploited, a remote attacker can execute arbitrary code on vulnerable machines.SolutionPatch:Following are links for downloading patches to fix the vulnerabilities:Microsoft Office 2000 Service Pack 3 (Microsoft Word 2000 ): =F25020F5-17C7-4A60-9088-944FFACB5F19Microsoft Office XP Service Pack 3 (Microsoft Word 2002 ): =0FE4F405-A568-4F15-B2C6-02D4A4B58E43Microsoft Office 2003 Service Pack 2 (Microsoft Word 2003 ): =6870245D-4618-4504-BFFC-878635267059Microsoft Office 2003 Service Pack 2 (Microsoft Word Viewer 2003 ): =24547C65-C29A-4D0A-A015-F3F08B24331FMicrosoft Works Suites (Microsoft Works Suite 2004 ): =0FE4F405-A568-4F15-B2C6-02D4A4B58E43Microsoft Works Suites (Microsoft Works Suite 2005 ): =0FE4F405-A568-4F15-B2C6-02D4A4B58E43Microsoft Works Suites (Microsoft Works Suite 2006 ): =0FE4F405-A568-4F15-B2C6-02D4A4B58E43Microsoft Office 2004 for Mac : to Micrsoft Security Bulletin MS07-024 for further details.
Microsoft Office Remote Code Execution Vulnerability (MS07-025)SeverityUrgent5Qualys ID110059Vendor ReferenceMS07-025CVE ReferenceCVE-2007-1747CVSS ScoresBase 9.3 / Temporal 7.3DescriptionA remote code execution vulnerability exists in the way Microsoft Office handles specially-crafted drawing objects. An attacker could exploit this vulnerability when Office parses a file and processes a malformed drawing object.ConsequenceAn attacker who successfully exploits this vulnerability could run arbitrary code on the affected system, which could lead to complete control of the affected system.SolutionPatch:Following are links for downloading patches to fix the vulnerabilities:Microsoft Office 2000 Service Pack 3 : =A693C271-4B94-4541-953A-0A2DB4587B23Microsoft Office XP Service Pack 3 : =CB291AD9-348A-4C28-BEC7-53D2F35D0B72Microsoft Office 2003 Service Pack 2 : =819857CC-3777-4E4A-9CC3-685FC079A2542007 Microsoft Office System : =A3DC8E3F-90DD-4D0C-88B8-2EC88FF3A588Microsoft Office 2004 for Mac : to Micrsoft Security Bulletin MS07-025 for further details.Microsoft Exchange Multiple Remote Code Execution Vulnerabilities (MS07-026)SeverityUrgent5Qualys ID90395Vendor ReferenceMS07-026CVE ReferenceCVE-2007-0039, CVE-2007-0213, CVE-2007-0220, CVE-2007-0221CVSS ScoresBase 10 / Temporal 7.8DescriptionMicrosoft Exchange is susceptible to the following vulnerabilities:An information disclosure vulnerability because of the way Outlook Web Access (OWA) handles script-based attachments.A denial of service vulnerability because of the way it handles calendar content requests.A remote code execution vulnerability because of the way it decodes specially-crafted email messages.A denial of service vulnerability because of the way it handles invalid IMAP requests.ConsequenceAn attacker who successfully exploits these vulnerabilities could take complete control of the affected system.SolutionPatch:Following are links for downloading patches to fix the vulnerabilities:Microsoft Exchange 2000 Server Service Pack 3 with the Exchange 2000 Post Service Pack 3 Update Rollup of August 2004 : =21968843-4A81-4F1D-8207-5B0A710E3157Microsoft Exchange Server 2003 Service Pack 1 : =5E7939BE-73D1-461C-8C79-EDDB0F1459FCMicrosoft Exchange Server 2003 Service Pack 2 : =1ABF93DA-D765-4876-96B5-ACB2D2A48F8FMicrosoft Exchange Server 2007 : =356874EF-C9C0-4842-99F0-E449E9940358Refer to Micrsoft Security Bulletin MS07-026 for further details.
Microsoft Internet Explorer Cumulative Security Update (MS07-027)SeverityUrgent5Qualys ID100046Vendor ReferenceMS07-027CVE ReferenceCVE-2007-0942, CVE-2007-0944, CVE-2007-0945, CVE-2007-0946, CVE-2007-0947, CVE-2007-2221CVSS ScoresBase 9.3 / Temporal 7.3DescriptionMultiple vulnerabilities exist in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution. Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):May 2007 Microsoft Windows XP Embedded Supplement Update Now Available on the ECE (KB931768)ConsequenceIf a user is logged on with administrative user rights, an attacker who successfully exploits the most severe of these vulnerabilities could take complete control of an affected system.SolutionPatch:Following are links for downloading patches to fix the vulnerabilities:Microsoft Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4 : =67AE3381-16B2-4B34-B95C-69EE7D58B357Microsoft Internet Explorer 6 Service Pack 1 when installed on Windows 2000 Service Pack 4 : =03FC8E0C-DEC5-48D1-9A34-3B639F185F7DMicrosoft Internet Explorer 6 for Windows XP Service Pack 2 : =EFC6BE04-0D6B-4639-8485-DA1525F6BC52Microsoft Internet Explorer 6 for Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 : =A077BE20-C379-4386-B478-80197A4A4ABCMicrosoft Internet Explorer 6 for Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 : =D249089D-BB8E-4B86-AB8E-18C52844ACB2Microsoft Internet Explorer 6 for Windows Server 2003 with SP1 for Itanium based Systems and Windows Server 2003 with SP2 for Itanium based Systems : =D52C0AFD-CC3A-4A5C-B91B-E006D497BC26Microsoft Internet Explorer 6 for Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 : =94B83BDD-2BD1-43E4-BABF-68135D253293Windows Internet Explorer 7 for Windows XP Service Pack 2 : =7A778D93-9D85-4217-8CC0-5C494D954CA0Windows Internet Explorer 7 for Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 : =29938ED4-F8BB-4793-897C-966BA7F4830CWindows Internet Explorer 7 for Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 : =0F173D60-6FD0-4C92-BB2A-A7A78707E35FFor a complete list of patch download links, please refer to Micrsoft Security Bulletin MS07-027.Microsoft CAPICOM Remote Code Execution Vulnerability (MS07-028)SeverityCritical4Qualys ID115550Vendor ReferenceMS07-028CVE ReferenceCVE-2007-0940CVSS ScoresBase 9.3 / Temporal 7.7DescriptionCAPICOM (Cryptographic API Component Object Model) is a Microsoft ActiveX control that provides a COM interface to Microsoft CryptoAPI. It exposes a select set of CryptoAPI functions to enable application developers to easily incorporate digital signing and encryption functionality into their applications.A remote code execution vulnerability exists in CAPICOM Certificates because of the way certain data inputs are handled. CAPICOM Certificates is an ActiveX control that provides scripters (VBS, ASP, ASP.NET, etc.) with a method for encrypting data based on secure underlying Windows CryptoAPI functionality.ConsequenceAn attacker who successfully exploits this vulnerability could take complete control of the affected system.SolutionRefer to Microsoft Security Bulletin MS07-028 for further details on this vulnerability and patch instructions.Note: The patch provided by Microsoft does not remove or overwrite the vulnerable CAPICOM.dll due to compatibility purposes for custom and third party applications. Please refer to the Microsoft README file (that comes with the patch) for manual post patch steps to follow for the patch to install successfully.Microsoft has rated this issue as Critical.Patches:The following are links for downloading patches to fix these vulnerabilities:MS07-028 BizTalk Server 2004 Service Pack 1MS07-028 BizTalk Server 2004 Service Pack 2MS07-028 CAPICOMMS07-028 Platform SDK Redistributable: CAPICOM 2ff7e9595c
Comments