Re: Vulnerability issues with installation of security update kb96
- From: "Harry Johnston [MVP]" <harry@xxxxxxxxxxxxxxxxxx>
- Date: Wed, 20 May 2009 11:24:47 +1200
Vic,
To clarify, neither Microsoft Update nor the WSUS server are saying theat KB969615 is needed? Just a third-party product?
The fact that the vulnerable file is present does not necessarily mean that there is a vulnerability, although I agree that it is an oddity that should be investigated.
I'll see if I can reproduce the problem and scare some information out of Microsoft.
Harry.
komapuk wrote:
MowGreen,.
We use a WSUS server to do all updates on our systems. All of the MS office patches are approved and have been installed across the network. The system in question is going to be used as a baseline for future images. When we found that it had this vulnerability, we went to Microsoft updates (which is what I said originially) and checked. Microsoft said no additional updates were needed. We then scanned the system again and we still have the same vulnerability show up. So we then downloaded the actual update (KB969615 which updates the powerpoint viewer 2003). When the update ran it informed us "There are no products affected by this package installed on the system.". The system in question also has the latest update for powerpoint on it (KB957784) MS09-17. Once again if powerpoint viewer 2003 is part of the full powerpoint installation, why does the Microsoft updater not recognize that the program is on the system and update it. Also I ran the scan across other systems on our network and they show the same vulnerability, and when I investigate the file is there and it does launch the powerpoint viewer. Since the version is the older version, that means it is vulnerable to the exploit available against it.
Robear, Installing ppv, rebooting and then properly uninstalling the ppv and then rebooting again, is not really a great solution across an enterprise with over 1000 systems. Especially when the viewer seems to be part of the normal installation of powerpoint. Though I appreciate the feedback.
Vic
"MowGreen" wrote:
komapuk wrote:
Okay, here is the issue. This is similar to other issues listed in this site but you need to have new post each time someone has the same issue. I have windows xp systems (some with service pack 2 and the rest with sp 3), with MS Office 2003 (ms office is up to date with patching). We have the full installation of powerpoint on all of the systems. When I do vulnerability scans using Patchlink as my security scanner it shows the powerpoint
viewer 2003 as a security risk. Now my systems do not have powerpoint
viewer 2003 installed. However, patchlink also provides the location of the
the file it shows to be vulnerable. This is "File version for file C:\Program Files\Microsoft Office\Office11\pptview.exe (11.0.8164.0) is less than 11.0.8305.0
(date=2007/04/19)". Now when I got to this location I find the file in question. When I double
click on the file it launches powerpoint viewer 2003. (Which is not
installed and not available for removal from the add/remove programs
location) So the vulnerability scanner is correct microsoft powerpoint viewer is on the system and so is vulnerable. My question is if the files which allow the viewer to be run on a system (whether it is installed or not), why does the microsoft update not allow the system to be patched.
why does the microsoft update not allow the system to be patched.1) How did you come to the above conclusion ?
2) Please explain how you came to conclude thatms office is up to date with patching
IF the systems are not opted in to Microsoft Update, then no Office updates will be offered. As opposed to Windows Update which ONLY updates the Operating System and it's components.
Are you trying to say that the update can not be installed via Microsoft Update ?
Have the systems been scanned on the Office Update page ?
http://office.microsoft.com/en-us/downloads/maincatalog.aspx
The PowerPoint viewer is a component of PowerPoint, so it can not be removed unless you uninstall PowerPoint. It can not be uninstalled by itself from Add/Remove Programs.
http://www.microsoft.com/technet/security/Bulletin/MS09-017.mspx
The Office component discussed in this article is part of the Office Suite that I have installed on my system; however, I did not choose to install this specific component. Will I be offered this update?>Yes, if the version of the Office Suite installed on your system shipped with the component discussed
in this bulletin, the system will be offered updates for it whether the component is installed or not.
The detection logic used to scan for affected systems is designed to check for updates for all components that shipped with the particular Office Suite and offer the updates to a system. Users who choose not to apply an update for a component that is not installed, but is included in the version of the Office Suite, will not increase the security risk of that system. However, users who do choose to install the update will not have a negative impact on the security or performance of a system. For more information on this issue, please see Microsoft Knowledge Base Article 830335.
MS09-017: Description of the security update for PowerPoint 2003: May 12, 2009
http://support.microsoft.com/kb/957784
MowGreen
===============
*-343-* FDNY
Never Forgotten
===============
- Follow-Ups:
- References:
- Prev by Date: Error Code 8009200D
- Next by Date: Re: .NET update for May
- Previous by thread: Re: Vulnerability issues with installation of security update kb96
- Next by thread: Re: Vulnerability issues with installation of security update kb96
- Index(es):
Relevant Pages
|
