MS09-060: Description of the security update for Microsoft Outlook 2002: October 13, 2009

Microsoft has released security bulletin MS09-060. To view the complete security bulletin, visit one of the following Microsoft Web sites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:Virus Solution and Security Center

Local support according to your country: International Support


Known issues with this security update

  • This update changes the CLSID of the Outlook View Control and sets the killbit for the previous CLSID to make sure that the earlier version of the control cannot be instantiated in Internet Explorer. The new CLSID is {261B8CA9-3BAF-4BD0-B0C2-BF04286785C6}. The old CLSID is {0006F063-0000-0000-C000-000000000046}. If you are using the Outlook View Control in a compiled or managed application, you may have to update your solution to reference the new CLSID. Solutions that use Visual Basic for Applications in Microsoft Office do not have to be updated and will continue to function as expected.
  • After you install this update, the Outlook View Control may not function in programs that use Forms 2.0 functionality. To resolve this issue, install the following security update for Microsoft Office XP:
    974556 MS09-060: Description of the security update for Office XP: October 13, 2009
  • If you uninstall this update, the Outlook View Control may not function as expected. This occurs because uninstalling this update removes components that will affect the performance of the Outlook View Control. To resolve the issue, you must repair Office 2002 to reinstall those components. To do this, follow these steps:
    1. Start an Office program.
    2. On the Help menu, click Detect and Repair.
    3. Click Start.
    4. Click Ignore if the Close Office Programs dialog box displays the following message (where program is any Office program that is currently running):
      In order to correctly pick up or restore your settings, the following programs must be closed:
      Microsoft program
    5. After the repair process is complete, click OK when you receive the following message (where edition is the version of Office that you have installed, such as Microsoft Office Professional Edition 2002):
      Microsoft Office edition Setup completed successfully.


You must have Microsoft Office XP Service Pack 3 (SP3) installed to apply this security update.

For more information about how to obtain Office XP Service Pack 3, click the following article number to view the article in the Microsoft Knowledge Base:
307841 How to obtain the latest Office XP service pack

Replacement information

This security update replaces the following security update:
946985 MS08-015: Description of the security update for Outlook 2002: March 11, 2008
The English (United States) version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Microsoft Outlook 2002

File nameFile versionFile sizeDateTimePlatform
Exsec32.dll10.0.6856.0339,96811-Sep-200903:11Not Applicable
Msoutl.olb10.0.6732.0207,55211-Sep-200903:16Not Applicable
Oladd.fae10.0.6751.0187,07211-Sep-200903:17Not Applicable
Olappt.fae10.0.6751.0170,69611-Sep-200903:19Not Applicable
Oljrnl.fae10.0.6713.0137,92011-Sep-200903:20Not Applicable
Olmail.fae10.0.6711.0133,82411-Sep-200903:22Not Applicable
Oltask.fae10.0.6751.0166,60011-Sep-200903:23Not Applicable
Outlvbs.dll10.0.6856.040,96011-Sep-200903:34Not Applicable
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE Off10 office10 OL10

Article ID: 973702 - Last Review: 05/08/2012 21:52:00 - Revision: 5.0

Microsoft Outlook 2002 Standard Edition

  • kbsurveynew kbfix kbbug kbsecvulnerability kbsecbulletin kbsecurity kbqfe kbexpertiseinter KB973702