Description of the Office XP security update: October 12, 2004 (832332)


The information in this article applies to:

  • Microsoft Office XP
  • Microsoft Access 2002
  • Microsoft Excel 2002
  • Microsoft FrontPage 2002
  • Microsoft Outlook 2002
  • Microsoft PowerPoint 2002
  • Microsoft Publisher 2002
  • Microsoft Word 2002

SUMMARY

Microsoft has released an update to Microsoft Office XP. This article describes how to download and install this Office XP security update.

INTRODUCTION

This update fixes a vulnerability where a specially crafted image could allow for an attacker's code to run on a computer because of a vulnerability in the graphics interpreter code.

Microsoft has released security bulletin MS04-028. The security bulletin contains all the relevant information about the security update, including the file manifest information and the deployment options. To view the complete security bulletin, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx

The following lists the release history for Office XP:
  • Office XP security update: KB832332 version 1.0 - Released September 14, 2004
  • Office XP security update: KB832332 version 2.0 - Released October 12, 2004
The Office XP security update: KB832332 version 2.0 that was released October 12, 2004, addresses a patching issue that occurs when you apply the update on a computer where Microsoft Windows Installer 3.0 is installed. We recommend that all users who have Microsoft Windows XP Service Pack 2 (SP2) installed run the current version of the update even if an earlier version is installed.

MORE INFORMATION

Prerequisites

Before you install this security update, make sure that your computer meets the following prerequisites.

Client update

Before you install the client update, install Microsoft Office XP Service Pack 3 (SP3).

For more information about how to install Office XP Service Pack 3, click the following article number to view the article in the Microsoft Knowledge Base:

832671 Description of Microsoft Office XP Service Pack 3

Administrative update

Before you install the administrative update, install Microsoft Office XP Service Pack 2 (SP2) or a later version.

For more information about how to obtain the different service packs for Office XP, click the following article number to view the article in the Microsoft Knowledge Base:

307841 How to obtain the latest Office XP service pack

Microsoft Windows Installer 2.0

Before you install this security update, you must install Windows Installer 2.0 or a later version. Both Microsoft Windows XP and Microsoft Windows 2000 Service Pack 3 include Windows Installer 2.0 or a later version. To install the latest version of the Windows Installer, visit one of the following Microsoft Web sites.

Microsoft Windows 95, Microsoft Windows 98, and Microsoft Windows Millennium Edition (Me):

http://www.microsoft.com/downloads/details.aspx?FamilyID=cebbacd8-c094-4255-b702-de3bb768148f%20&displaylang=en

Microsoft Windows NT 4.0 and Microsoft Windows 2000:

http://www.microsoft.com/downloads/details.aspx?FamilyID=4b6140f9-2d36-4977-8fa1-6f8a0f5dca8f&DisplayLang=en

back to top

How to download and install the update

If you installed Office XP from a CD, follow the instructions in the following "Client update" section. If you installed your Office XP product from a server location, the server administrator must update the server location with the administrative update and then deploy that update to your computer. If you are a server administrator, follow the instructions in the following "Administrative update" section.

Client update

There are two methods that you can use to install the security update if you installed Office XP from a CD. We recommend that you install the client update by using the Microsoft Office Update Web site. The Office Update Web site detects your installation of Microsoft Office and prompts you to install the updates that make sure that your Office installation is up-to-date. Method 1: Use the Office Update Web siteUse the Office Update Web site to automatically install all the latest updates that include all available service packs and public updates.
  1. Visit the following Microsoft Web site:

    http://office.microsoft.com/OfficeUpdate/default.aspx

  2. Click Check for Updates.
  3. After detection is complete, you receive a list of recommended updates for your approval. Click Start Installation to complete the process.
Method 2: Install only the Office XP security update: KB832332Note If you install Officexp-kb832332-v2-fullfile-enu.exe on a client that is running Office XP SP2 instead of Office XP SP3, the SP2 text that is displayed in the About program dialog box in each Office application is updated to SP3. This does not mean that Office XP SP3 has been installed. You must still install Office XP SP3 for your Office installation to be completely updated. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

328294 The About dialog box reports a service pack version that is different from what is expected in Office XP and Office 2003

  1. To download the update, visit the following Microsoft Web site:

    http://www.microsoft.com/downloads/details.aspx?FamilyId=7D128614-6D34-49DF-8D63-6C17E9A2D312

    Note A localized version of the update is also available at this Web site.
  2. Click Open to download and to install the Officexp-kb832332-v2-client-enu.exe file.
  3. If you are prompted to install the security update, click Yes.
  4. Click Yes to accept the license agreement.
  5. Insert your Office XP CD when you are prompted, and then click OK.
  6. When you receive a message that indicates the installation was successful, click OK.
Note After you install the security update, you cannot remove it. To revert to the installation that existed before you installed this security update, you must remove Office XP and then install it again from the original CD.

Administrative update

If you are the server administrator, follow these steps to download the administrative update:
  1. In Windows Explorer, create a new folder on drive C, and then name the folder Kb832332.
  2. To download the full-file update, visit the following Microsoft Web site:

    http://www.microsoft.com/downloads/details.aspx?FamilyId=7D128614-6D34-49DF-8D63-6C17E9A2D312

    Note A localized version of the full-file update is also available at this Web site.
  3. Click Save to save the Officexp-kb832332-v2-fullfile-enu.exe file to the Kb832332 folder.
  4. In Windows Explorer, double-click Officexp-kb832332-v2-fullfile-enu.exe.
  5. If you are prompted to install the update, click Yes.
  6. Click Yes to accept the license agreement.
  7. In the Type the location where you want to place the extracted files box, type C:\Kb832332, and then click OK.
  8. Click Start, click Run, type the following command, and then click OK:

    msiexec /a admin path\msi file /p c:\kb832332\msp file shortfilenames=true

    In this command, replace the following placeholders with the correct information:
    • Replace admin path with the path of your administrative installation point for Office XP, for example, C:\OfficeXP.
    • Replace msi file with the .msi database package for the Office XP product, for example, Proplus.msi.
    • Replace msp file with the name of the administrative update.
    Note You can append /qb+ to the command line so that the Office XP Administrative Installation dialog box and the End User License Agreement dialog box do not appear.
  9. To deploy the update to the client workstations, click Start, click Run, and then type the following command in the Open box:

    msiexec /i admin path\msi file reinstall=feature list reinstallmode=vomu

    In the command, replace the placeholders with the correct information. In this command, replace feature list with the list of case-sensitive feature names that have to be reinstalled for the update. To install all features, you can use the reinstall=all parameter, or you can install the ProductFiles feature.
For more information about how to update your administrative installation and how to deploy the security update to client workstations, click the following article number to view the article in the Microsoft Knowledge Base:

301348 How to install public updates to administrative installations of Office XP

How to determine whether the update is installed

This security update contains updated versions of the following files:

File name  Version
----------------------
Mso.dll    10.0.6714.0

To determine the version of an Office XP program that is installed on your computer, follow these steps.

Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type Mso.dll, and then click Search.
  4. In the list of files, right-click the Mso.dll file, and then click Properties.
  5. On the Version tab, determine the Office XP version that is installed on your computer.
For more information about how to determine the version of Office XP on your computer, click the following article number to view the article in the Microsoft Knowledge Base:

291331 How to check the version of Office XP

Note If the Office XP security update: KB832332 is already installed successfully on your computer, you receive the following error message when you try to install the Office XP security update: KB832332:
This update has already been applied or is included in an update that has already been applied.

List of issues that are fixed by the update

The Office XP security update: KB832332 fixes the issues that are described in the following Microsoft Knowledge Base articles:

829349 Description of the Office XP post-Service Pack 3 hotfix package for MSO.DLL: May 9, 2004

The Office XP security update: KB832332 also fixes the following issues.

An image that you inserted appears as a small red X

When you save an Office XP document as HTML, or when you view the Office document as a Web page, an image that you inserted may appear as a small red X.

An Office XP program closes unexpectedly, and you receive an error message

When you run an Office XP program, you may receive the following error message:
Microsoft program has encountered a problem and needs to close. We are sorry for the inconvenience.
If you view the details of the error message, you receive an error signature that is similar to one of the following items. 
Application Name  Application Version  Module Name  Module Version  Offset
----------------------------------------------------------------------------
Excel.exe         10.0.4302.0          Mso.dll      10.0.4219.0     00004d7a
Excel.exe         10.0.4302.0          Mso.dll      10.0.4219.0     00005ae9
Excel.exe         10.0.4524.0          Mso.dll      10.0.4219.0     00004d7a
Excel.exe         10.0.4524.0          Mso.dll      10.0.4219.0     00005ae9
Excel.exe         10.0.5815.0          Mso.dll      10.0.4219.0     00005ae9
Msaccess.exe      10.0.2627.1          Mso.dll      10.0.4219.0     00004d7a
Msaccess.exe      10.0.2627.1          Mso.dll      10.0.4219.0     00005ae9
Msaccess.exe      10.0.4302.0          Mso.dll      10.0.4219.0     00004d7a
Msaccess.exe      10.0.4302.0          Mso.dll      10.0.4219.0     00005ae9
Msaccess.exe      10.0.4510.0          Mso.dll      10.0.4219.0     00005ae9
Mspub.exe         10.0.2621.0          Mso.dll      10.0.4219.0     00005ae9
Mspub.exe         10.0.4128.0          Mso.dll      10.0.4219.0     00005ae9
Outlook.exe       10.0.2627.1          Mso.dll      10.0.4219.0     00005ae9
Outlook.exe       10.0.4024.0          Mso.dll      10.0.4219.0     00004d7a
Outlook.exe       10.0.4024.0          Mso.dll      10.0.4219.0     00005ae9
Outlook.exe       10.0.4510.0          Mso.dll      10.0.4219.0     00004d7a
Outlook.exe       10.0.4510.0          Mso.dll      10.0.4219.0     00005ae9
Outlook.exe       10.0.5320.0          Mso.dll      10.0.4219.0     00005ae9
Outlook.exe       10.0.5703.0          Mso.dll      10.0.4219.0     00005ae9
Outlook.exe       10.0.5709.0          Mso.dll      10.0.4219.0     00005ae9
Powerpnt.exe      10.0.2623.0          Mso.dll      10.0.4219.0     00005ae9
Powerpnt.exe      10.0.4205.0          Mso.dll      10.0.4219.0     00004d7a
Powerpnt.exe      10.0.4205.0          Mso.dll      10.0.4219.0     00005ae9
Winword.exe       10.0.2627.0          Mso.dll      10.0.4219.0     00005ae9
Winword.exe       10.0.3416.0          Mso.dll      10.0.4219.0     00004d7a
Winword.exe       10.0.4219.0          Mso.dll      10.0.4219.0     00004d7a
Winword.exe       10.0.4219.0          Mso.dll      10.0.4219.0     00005ae9
Winword.exe       10.0.4524.0          Mso.dll      10.0.4219.0     00004d7a
Winword.exe       10.0.4524.0          Mso.dll      10.0.4219.0     00005ae9
Winword.exe       10.0.5522.0          Mso.dll      10.0.4219.0     00004d7a
Winword.exe       10.0.5522.0          Mso.dll      10.0.4219.0     00005ae9
Winword.exe       10.0.5815.0          Mso.dll      10.0.4219.0     00004d7a
Winword.exe       10.0.5815.0          Mso.dll      10.0.4219.0     00005ae9

REFERENCES

If you are an administrator, you may want to install all required Graphics Device Interface Plus (GDI+) security updates in one batch process. For more information about how to create and use a batch file to silently install multiple GDI+ security updates, click the following article number to view the article in the Microsoft Knowledge Base:

885885 How to create and use a batch file to silently install multiple GDI+ security updates

For more information a known issue that may occur when you install the original version of this update, released September 14, on a Windows XP Service Pack 2-based computer, click the following article number to view the article in the Microsoft Knowledge Base:

885876 Important information that you must know about the MS04-028 security updates if you are using Windows XP Service Pack 2

For more information about deployment, click the following article numbers to view the articles in the Microsoft Knowledge Base:

885920 How to obtain and use the MS04-028 Enterprise Update Scanning Tool in environments that use Systems Management Server 2003 and Systems Management Server 2.0

886988 How to obtain and use the MS04-028 Enterprise Update Scanning Tool in environments that do not use Systems Management Server

Modification Type:MinorLast Reviewed:8/17/2006
Keywords:ATdownload KbSECBulletin kbSecurity kbUpdate KB832332 kbAudEndUser kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.