MORE INFORMATION

The version of Office Web Components that is included with both Commerce Server 2000 and Commerce Server 2002 does not contain the Office security patch that is included in Q328130. To resolve this issue, update your Commerce Server installation with the next available service pack. For Commerce Server 2000, this is Service Pack 3 (SP3) or later, and for Commerce Server 2002, this is Service Pack 1 (SP1) or later.

Note that just installing the Office Security Patch does not update the Office Web Components for future installations of Business Desk on client computers. Additionally, updating your installation of Commerce Server with the latest service pack does not address the vulnerability on your Business Desk client computers. The Office Web Components are installed when you use the Analysis Reporting features of Commerce Server through Business Desk. If you have already unpacked the Business Desk and used (and therefore installed) the Office Web Components from your Commerce Server virtual root (where the Office Web Components are installed during product installation), you must apply the patch in the Office security update (Q328130).

When you apply this patch to any Business Desk system that is using the Office Web Components (that is, to Business Desk clients that are using Analysis Reporting features), you are not vulnerable to the issues that are outlined in the Office security bulletin.

If none of your Business Desk client computers are using the Analysis Reporting feature (that is, you do not have the Office Web Components installed), you do not have to apply this patch to your Commerce Server or Business Desk installations.