Word security update for October 2012 affects Outlook

A security update has been released for Word 2003, Word 2007 and Word 2010 which also affects the respective versions of Outlook. It is recommended to install this security update as soon as possible.


Microsoft Security Bulletin MS12-064
This security update resolves two privately reported vulnerabilities in Microsoft Office. The more severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

How is Microsoft Outlook affected by the vulnerabilities?
Outlook is not directly affected because the vulnerabilities exist in Microsoft Word. However, if Word is the selected email reader, which is the default case in Microsoft Outlook 2007 and Outlook 2010, then an attacker could leverage Outlook for the email attack vector to exploit CVE-2012-2528 by sending a specially crafted RTF email message to the target user.

View: Microsoft Security Bulletin MS12-064

Note: If you have Microsoft Update configured to also update other Microsoft applications, then this update will also also be offered via Microsoft Update or has already been updated automatically for you.