The bugs were not in Microsoft's code, but in Oracle's Outside In libraries, which Microsoft licenses to display file attachments in a browser rather than to open them in a locally-stored application, like Microsoft Word. The vulnerabilities were within code that parses those attachments.

In July,

Storms and Miller pointed out that because the Outside In vulnerabilities have been exploited by hackers for months, enterprises running SharePoint 2010 should apply MS12-067 as soon as possible.

Other bulletins issued today addressed vulnerabilities in , as well as Server 2003, Server 2008 and Server 2008 RS; and , versions 2000 and later, including SQL Server 2012, which shipped just six months ago.

Windows 8, which has not yet officially launched, and Server 2012, which has, were not affected by any of Tuesday's updates. An update to Internet Explorer 10 (IE10) in Windows 8 and Server 2012, however, shipped Monday to .