Re: Vulnerability issues with installation of security update kb96
- From: komapuk <komapuk@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 20 May 2009 07:46:02 -0700
Okay,
Latest update.
Patchlink (formerly Harrisstat) now lists on the website that the
vulnerability for the powerpoint viewer is a false positive. So they say
there is no vulnerability.
Tested it on my system which had not gotten the kb955784 patch.
It still would not allow me to do KB969615.
Last night I had my system update to KB955784.
The current version of the pptview.exe is 11.0.8164 (this is in the
office11 folder under the program files -> MS office)
The current version of pp7x32.dll is 11.0.8305
Had no other problems with updates. Just the strange situation here.
Now what vulnerable to exploit in powerpoint viewer? Is it the executable or
is it a dll?
"Harry Johnston [MVP]" wrote:
Vic,.
To clarify, neither Microsoft Update nor the WSUS server are saying theat
KB969615 is needed? Just a third-party product?
The fact that the vulnerable file is present does not necessarily mean that
there is a vulnerability, although I agree that it is an oddity that should be
investigated.
I'll see if I can reproduce the problem and scare some information out of Microsoft.
Harry.
komapuk wrote:
MowGreen,
We use a WSUS server to do all updates on our systems. All of the MS
office patches are approved and have been installed across the network. The
system in question is going to be used as a baseline for future images. When
we found that it had this vulnerability, we went to Microsoft updates (which
is what I said originially) and checked. Microsoft said no additional updates
were needed. We then scanned the system again and we still have the same
vulnerability show up. So we then downloaded the actual update (KB969615
which updates the powerpoint viewer 2003). When the update ran it informed us
"There are no products affected by this package installed on the system.".
The system in question also has the latest update for powerpoint on it
(KB957784) MS09-17. Once again if powerpoint viewer 2003 is part of the full
powerpoint installation, why does the Microsoft updater not recognize that
the program is on the system and update it.
Also I ran the scan across other systems on our network and they show the
same vulnerability, and when I investigate the file is there and it does
launch the powerpoint viewer. Since the version is the older version, that
means it is vulnerable to the exploit available against it.
Robear,
Installing ppv, rebooting and then properly uninstalling the ppv and
then rebooting again, is not really a great solution across an enterprise
with over 1000 systems. Especially when the viewer seems to be part of the
normal installation of powerpoint. Though I appreciate the feedback.
Vic
"MowGreen" wrote:
komapuk wrote:
Okay, here is the issue. This is similar to other issues listed in this site
but you need to have new post each time someone has the same issue. I have
windows xp systems (some with service pack 2 and the rest with sp 3), with
MS Office 2003 (ms office is up to date with patching). We have the full
installation of powerpoint on all of the systems. When I do vulnerability
scans
using Patchlink as my security scanner it shows the powerpoint
viewer 2003 as a security risk. Now my systems do not have powerpoint
viewer 2003 installed. However, patchlink also provides the location of the
the file it shows to be vulnerable. This is "File version for file
C:\Program Files\Microsoft Office\Office11\pptview.exe (11.0.8164.0) is less
than 11.0.8305.0
(date=2007/04/19)".
Now when I got to this location I find the file in question. When I double
click on the file it launches powerpoint viewer 2003. (Which is not
installed and not available for removal from the add/remove programs
location) So the vulnerability scanner is correct microsoft powerpoint
viewer is on the system and so is vulnerable. My question is if the files
which allow the viewer to be run on a system (whether it is installed or
not), why does the microsoft update not allow the system to be patched.
why does the microsoft update not allow the system to be patched.1) How did you come to the above conclusion ?
2) Please explain how you came to conclude that
ms office is up to date with patching
IF the systems are not opted in to Microsoft Update, then no Office
updates will be offered. As opposed to Windows Update which ONLY updates
the Operating System and it's components.
Are you trying to say that the update can not be installed via Microsoft
Update ?
Have the systems been scanned on the Office Update page ?
http://office.microsoft.com/en-us/downloads/maincatalog.aspx
The PowerPoint viewer is a component of PowerPoint, so it can not be
removed unless you uninstall PowerPoint. It can not be uninstalled by
itself from Add/Remove Programs.
http://www.microsoft.com/technet/security/Bulletin/MS09-017.mspx
The Office component discussed in this article is part of the Office Suite that I have installed on>
my system; however, I did not choose to install this specific component. Will I be offered this update?
Yes, if the version of the Office Suite installed on your system shipped with the component discussed
in this bulletin, the system will be offered updates for it whether the component is installed or not.
The detection logic used to scan for affected systems is designed to check for updates for all
components that shipped with the particular Office Suite and offer the updates to a system. Users
who choose not to apply an update for a component that is not installed, but is included in the
version of the Office Suite, will not increase the security risk of that system. However, users who
do choose to install the update will not have a negative impact on the security or performance of a
system. For more information on this issue, please see Microsoft Knowledge Base Article 830335.
MS09-017: Description of the security update for PowerPoint 2003: May
12, 2009
http://support.microsoft.com/kb/957784
MowGreen
===============
*-343-* FDNY
Never Forgotten
===============
- Follow-Ups:
- References:
- Vulnerability issues with installation of security update kb969615
- From: komapuk
- Re: Vulnerability issues with installation of security update kb969615
- From: MowGreen
- Re: Vulnerability issues with installation of security update kb96
- From: komapuk
- Re: Vulnerability issues with installation of security update kb96
- From: Harry Johnston [MVP]
- Vulnerability issues with installation of security update kb969615
- Prev by Date: RE: update (KB951847)
- Next by Date: Could not start automatic updates access denied
- Previous by thread: Re: Vulnerability issues with installation of security update kb96
- Next by thread: Re: Vulnerability issues with installation of security update kb96
- Index(es):
Relevant Pages
|
