The Outlook 2002 Security Patch: KB828040 helps to address a flaw that could enable an attacker to bypass the blocking capabilities of Microsoft Outlook 2002 command-line parameters. The appropriate warning dialog boxes will now display in such an event.

Information on the client version of the Outlook 2002 Security Patch: KB828040 is available from the Microsoft Download Center.

Toolbox   The full-file version of Outlook 2002 Security Patch: KB828040 consists of one Windows Installer patch file (OUTLOOKff.msp) packaged in a self-extracting executable (officexp-kb828040-fullfile-enu.exe). You can find this downloadable file on the Office XP Resource Kit Downloads page.

Localized versions of this update are listed later in this article in the section titled "Localized versions of the Outlook 2002 security patch."

 Note    The full-file version of the Outlook 2002 security patch will install successfully on Office XP Service Pack 1 (SP-1) or Service Pack 2 (SP2) installations.

Strategies for updating your Outlook 2002 installations

Administrative updates provide full-file replacement of all files changed by a service pack or product update. They can be used in one of two ways:

• To update an administrative installation point.

  After the administrative image is patched, users recache and reinstall Office on their computers from that point. Users must be able to connect to the administrative image on the network.

• To update client computers directly.

  Because administrative updates install complete files, rather than patched files, the administrative update can correctly replace any files that have been modified with previous updates without requiring the source. So users can apply them even when they do not have access to an administrative installation point or the CD.

  ---

   Note    In some cases, users applying a full-file patch might be prompted for the source. For example, if a user has a corrupt Office file and a new version of that file is not included in the update, then Office will prompt the user for the source. In Office 2000, unversioned files and multilingual files can also result in a source requirement.

  ---

Applying full-file patches to clients

The recommended method for distributing the administrative version of the Outlook 2002 security patch is to apply it directly to client computers. This approach allows you to maintain an unmodified baseline administrative image and manage the patching process on the client side. In this scenario, client computers do not become unsynchronized with a patched administrative image, and tasks such as install on demand and detect and repair continue to work correctly regardless of which patches users have applied.

 Note   In Microsoft Office XP, only full-file updates released after Office XP Service Pack 2 (including Office XP SP2 itself) can be applied directly to client computers. Previous full-file updates were designed to update administrative images and fail when applied to client installations.

For more information about applying administrative patches directly to client computers, see Strategies for Updating Office 2000 Installations.

Patching an administrative installation point

If you support users in an environment where Office can be recached and reinstalled promptly each time the administrative installation point is patched, you may choose to apply the Outlook 2002 security patch to the administrative image and then recache and reinstall Office on client computers. If you can impose a consistent update process throughout your organization, this method has the additional benefit of automatically giving new clients that install from the administrative image the updated version. However, if there is a delay in updating some clients, they become unsynchronized with the patched administrative image.

For detailed procedures on how to update an administrative installation point and then recache and reinstall Office on client computers, see Deploying Product Updates from an Administrative Installation Point.

Localized versions of the Outlook 2002 security patch

Localized versions of the Outlook 2002 security patch are available in the following languages and can be downloaded from the Office 2003 Resource Kit Localized Downloads page:

Files changed by the Outlook 2002 security patch

The following table lists the files changed by the full-file Outlook 2002 security patch. If you need to confirm whether a share has been updated, you can check the related file version number.

List of features updated by the Outlook 2002 security patch

If you update your administrative installation point and recache and reinstall Outlook 2002 on client computers, you run a command line that includes the REINSTALL=[list of features] property. This property specifies whether you want to reinstall specific features or reinstall all applications on the administrative image.

For the Outlook 2002 security patch, the value for [list of features] is as follows:

OUTLOOKNonBootFiles,OUTLOOKFiles

Optionally, you can substitute the parameter REINSTALL=ALL to reinstall all Office components on the client computer. For detailed procedures on how to patch an administrative image and update client computers, see Deploying Product Updates from an Administrative Installation Point.

Related link

For an overview of Outlook 2002 Security Patch: KB828040, see Outlook 2002 Security Patch: March 9, 2004 in the Microsoft Knowledge Base.