In November 2010, Microsoft released the first Security Bulletin (MS10-079) against an Office 2010 component, in this case Microsoft Word. Approximately 6 months had elapsed since Office 2010 launched in May and while it's good for such a widely used product to be available for so long without any reported issues, we were naturally disappointed to release the first bulletin affecting Office 2010. The issue was part of a group of 32 issues reported to us by an external researcher. All of the issues were located in file parsing code, primarily in the code used for reading Word document files (.doc extension). It is worth noting that only one of these issues affected Word 2010. In that case, the specific issue wasn't actually reported against Word 2010 but it is standard practice for us to test all supported versions of products and this was how we determined that Word 2010 was affected.
During development of Office 2010, the Office Team and members of the Microsoft Engineering Center (MSEC) organization, performed a number of actions to increase protections for file parsing code. These actions are what helped protect Word 2010 users from the vulnerabilities mitigated by Security Bulletin MS 10-079. These actions included:
