Should customers not want Service Pack 3 to be automatically installed, they will have to opt out of Microsoft's update service.Microsoft plans to start pushing out the third service pack for Office 2003
via its automatic update service beginning Feb. 27.
That means that the service pack will be automatically installed on the
machines of those customers who have signed up for Microsoft Update and who
have not yet installed Office 2003 Service Pack 3.
Should customers not want the service pack to be automatically installed,
they will have to opt out of the update service, as Microsoft is not providing
a way to block Office 2003 SP3 exclusively, a spokesperson told eWEEK.
But Microsoft is encouraging customers to install the service pack.
"Microsoft Update continues to be an opt-in service and any customers
wishing to remove themselves from the service can do so at any time, although
we do not recommend that users do so. That said, because of the impact this
service pack has on end-user security, we highly recommend that any customer
who has not downloaded it does so," Reed Shaffner, product manager for
Office, told eWEEK Jan. 28.
The Office team has previously said customers would be given between three
and six months' notice before a service pack is distributed automatically via
Microsoft Update, and that they would be given a heads-up at least 30 days in
advance of a service pack being pushed out through an automatic update service.
The software giant served notice Jan. 28 that Office 2003 SP3, which was released last September, will be distributed automatically
via Microsoft Update beginning Feb. 27.
"This means that those customers who have not already installed SP3 and
that have chosen to receive updates automatically will start to receive the
service pack as early as February 27," Microsoft said in a statement, adding
that the rollout will take time and so not every customer will see the service
pack on Feb. 27.
A white paper that was released alongside the service pack in
September 2007 said this update makes it easier to work with the Windows Vista
operating system, exchange files with people who use the 2007 Microsoft Office
system, and interact with servers in the 2007 release.
The white paper also informed users that legacy file formats created using
Microsoft Office programs had been disabled by default to increase security, as
hackers could more easily find vulnerabilities in the older formats. IT
administrators could also change the settings to allow specific document
formats, if needed, the paper said.
This information was largely overlooked by most users who installed SP3,
only to find that some Microsoft Office Excel 2003, Microsoft Office PowerPoint
2003, Microsoft Office Word 2003 and Corel Draw (.cdr) file formats are
blocked.
This resulted in a surge of criticism earlier in January, including from
Gerard Metrailler, Corel's director of graphics product management, who told
eWEEK that the company had unsuccessfully tried to determine the basis on
which its .cdr files were categorized as less secure.
Microsoft responded to the criticism from Corel and others by providing
a way for customers to unblock the files that were shut off by default
when they installed Office 2003 SP3.
Shaffner also told eWEEK Jan. 4. that the company had erred when it stated
that the file formats themselves were less secure, which was not the case.
Rather, it was the parsing code that Office 2003 used to open and save the file
types that was less secure, he said.
/ 9 
