Article ID: 973965 - Last Review: October 13, 2009 - Revision: 1.0

MS09-060: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office could allow remote code execution

View products that this article applies to.

System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.

INTRODUCTION

Microsoft has released security bulletin MS09-060. To view the complete security bulletin, visit one of the following Microsoft Web sites:

Home users:
http://www.microsoft.com/security/updates/bulletins/200910.aspx (http://www.microsoft.com/security/updates/bulletins/200910.aspx)
Skip the details: Download the updates for your home computer or laptop from the Microsoft Update Web site now:
http://update.microsoft.com/microsoftupdate (http://update.microsoft.com/microsoftupdate)
IT professionals:
http://www.microsoft.com/technet/security/bulletin/MS09-060.mspx (http://www.microsoft.com/technet/security/bulletin/MS09-060.mspx)

Back to the top

How to obtain help and support for this security update

For home users, no-charge support is available by calling 1-866-PCSAFETY in the United States and Canada or by contacting your local Microsoft subsidiary. For more information about how to contact your local Microsoft subsidiary for support issues with security updates, visit the Microsoft International Support Web site:

http://support.microsoft.com/common/international.aspx?rdpath=4 (http://support.microsoft.com/common/international.aspx?rdpath=4)

North American customers can also obtain instant access to unlimited no-charge e-mail support or to unlimited individual chat support by visiting the following Microsoft Web site:

http://support.microsoft.com/oas/default.aspx?&prid=7552 (http://support.microsoft.com/oas/default.aspx?&prid=7552)

For enterprise customers, support for security updates is available through your usual support contacts.

Back to the top

MORE INFORMATION

Known issues and additional information about this security update

For more information about this security update and for information about any known issues with specific releases of this software, click the following article numbers to view the articles in the Microsoft Knowledge Base:

972363 (http://support.microsoft.com/kb/972363/ ) MS09-060: Description of the security update for Outlook 2007: October 13, 2009

973702 (http://support.microsoft.com/kb/973702/ ) MS09-060: Description of the security update for Microsoft Outlook 2002: October 13, 2009

973705 (http://support.microsoft.com/kb/973705/ ) MS09-060: Description of the security update for Outlook 2003: October 13, 2009

973709 (http://support.microsoft.com/kb/973709/ ) MS09-060: Description of the security update for Visio Viewer 2007: October 13, 2009

974234 (http://support.microsoft.com/kb/974234/ ) MS09-060: Description of the security update for the 2007 Office system: October 13, 2009

974554 (http://support.microsoft.com/kb/974554/ ) MS09-060: Description of the security update for Office 2003: October 13, 2009

974556 (http://support.microsoft.com/kb/974556/ ) MS09-060: Description of the security update for Office XP: October 13, 2009

Back to the top

Where is the update for Visio Viewer 2002 and Visio Viewer 2003?

We recommend that all users of Visio Viewer 2003 and Visio Viewer 2003 upgrade to the latest, free version of Visio Viewer 2007 to address this security vulnerability. Users who cannot upgrade should apply the update from MS09-034. This Internet Explorer update mitigates the attack vector for affected Visio Viewer platforms. Users may also apply the kill bit for the affected control by using the procedures that are listed in the workaround sections of this bulletin. A kill bit for these controls will be included in a future cumulative security update for Internet Explorer.

For more information about the cumulative security update for Internet Explorer, MS09-034, click the following article number to view the article in the Microsoft Knowledge Base:

972260 (http://support.microsoft.com/kb/972260/ ) MS09-034: Cumulative security update for Internet Explorer

To download the Visio Viewer 2007, visit the following Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=d88e4542-b174-4198-ae31-6884e9edd524 (http://www.microsoft.com/downloads/details.aspx?FamilyID=d88e4542-b174-4198-ae31-6884e9edd524)

Back to the top

Why are Knowledge Base articles 974554, 974556, and 974234 not listed in the security bulletin?

These packages do not contain security updates and do not correct any security-related issues. However, these updates resolve a problem that can cause programs that use Outlook View Control with Forms 2.0, such as Microsoft Office Outlook with Business Contact Manager, to stop functioning as expected after Security Update. If you use Outlook View Control with Forms 2.0, we encourage you to apply these updates after installing the security update

Back to the top