Microsoft knew of the vulnerability in March, but did not release an update. Instead, it told users that they should simply uninstall the software.
In a blog post, Microsoft now recommends that:
all customers using Producer 2003 upgrade to the new version.
The company says it is not aware of any exploitations of the bug, but is worried that attackers might be able to use it to install unauthorized software on victims' computers.