Re: Vulnerability issues with installation of security update kb96
- From: "PA Bear [MS MVP]" <PABearMVP@xxxxxxxxx>
- Date: Fri, 5 Jun 2009 02:29:20 -0400
[OP is relying on the outdated application Patchlink to tell him what updates his computer(s) need, not AU/WU/MU, Harry.]
Harry Johnston [MVP] wrote:
FYI,
A contact within Microsoft informs me that this is a known issue and the
Office team is currently working on an update to correct it. In the
meantime, it was recommended that the pptview.exe file be renamed to
pptview.old to make vulnerability scanners happy.
Harry.
Harry Johnston [MVP] wrote:
Vic,
To clarify, neither Microsoft Update nor the WSUS server are saying
theat KB969615 is needed? Just a third-party product?
The fact that the vulnerable file is present does not necessarily mean
that there is a vulnerability, although I agree that it is an oddity
that should be investigated.
I'll see if I can reproduce the problem and scare some information out
of Microsoft.
Harry.
komapuk wrote:MowGreen,
We use a WSUS server to do all updates on our systems. All of the
MS office patches are approved and have been installed across the
network. The system in question is going to be used as a baseline for
future images. When we found that it had this vulnerability, we went
to Microsoft updates (which is what I said originially) and checked.
Microsoft said no additional updates were needed. We then scanned the
system again and we still have the same vulnerability show up. So we
then downloaded the actual update (KB969615 which updates the
powerpoint viewer 2003). When the update ran it informed us "There are
no products affected by this package installed on the system.". The
system in question also has the latest update for powerpoint on it
(KB957784) MS09-17. Once again if powerpoint viewer 2003 is part of
the full powerpoint installation, why does the Microsoft updater not
recognize that the program is on the system and update it. Also I ran
the scan across other systems on our network and they show the same
vulnerability, and when I investigate the file is there and it does
launch the powerpoint viewer. Since the version is the older version,
that means it is vulnerable to the exploit available against it.
Robear, Installing ppv, rebooting and then properly uninstalling
the ppv and then rebooting again, is not really a great solution
across an enterprise with over 1000 systems. Especially when the
viewer seems to be part of the normal installation of powerpoint.
Though I appreciate the feedback.
Vic
"MowGreen" wrote:
komapuk wrote:
Okay, here is the issue. This is similar to other issues listed in
this site but you need to have new post each time someone has the
same issue. I have windows xp systems (some with service pack 2
and the rest with sp 3), with MS Office 2003 (ms office is up to
date with patching). We have the full installation of powerpoint on
all of the systems. When I do vulnerability scans using Patchlink
as my security scanner it shows the powerpoint
viewer 2003 as a security risk. Now my systems do not have powerpoint
viewer 2003 installed. However, patchlink also provides the
location of the
the file it shows to be vulnerable. This is "File version for file
C:\Program Files\Microsoft Office\Office11\pptview.exe (11.0.8164.0)
is less than 11.0.8305.0
(date=2007/04/19)". Now when I got to this location I find the
file in question. When I double
click on the file it launches powerpoint viewer 2003. (Which is not
installed and not available for removal from the add/remove programs
location) So the vulnerability scanner is correct microsoft
powerpoint viewer is on the system and so is vulnerable. My question
is if the files which allow the viewer to be run on a system
(whether it is installed or not), why does the microsoft update not
allow the system to be patched.
why does the microsoft update not allow the system to be patched.1) How did you come to the above conclusion ?
2) Please explain how you came to conclude thatms office is up to date with patching
IF the systems are not opted in to Microsoft Update, then no Office
updates will be offered. As opposed to Windows Update which ONLY
updates the Operating System and it's components.
Are you trying to say that the update can not be installed via
Microsoft Update ?
Have the systems been scanned on the Office Update page ?
http://office.microsoft.com/en-us/downloads/maincatalog.aspx
The PowerPoint viewer is a component of PowerPoint, so it can not be
removed unless you uninstall PowerPoint. It can not be uninstalled by
itself from Add/Remove Programs.
http://www.microsoft.com/technet/security/Bulletin/MS09-017.mspx
The Office component discussed in this article is part of the Office>
Suite that I have installed on my system; however, I did not choose
to install this specific component. Will I be offered this update?
Yes, if the version of the Office Suite installed on your system
shipped with the component discussed
in this bulletin, the system will be offered updates for it whether
the component is installed or not.
The detection logic used to scan for affected systems is designed to
check for updates for all components that shipped with the
particular Office Suite and offer the updates to a system. Users who
choose not to apply an update for a component that is not installed,
but is included in the version of the Office Suite, will not
increase the security risk of that system. However, users who do
choose to install the update will not have a negative impact on the
security or performance of a system. For more information on this
issue, please see Microsoft Knowledge Base Article 830335.
MS09-017: Description of the security update for PowerPoint 2003: May
12, 2009
http://support.microsoft.com/kb/957784
MowGreen
===============
*-343-* FDNY
Never Forgotten
===============
.
- Follow-Ups:
- Re: Vulnerability issues with installation of security update kb96
- From: Harry Johnston [MVP]
- Re: Vulnerability issues with installation of security update kb96
- References:
- Re: Vulnerability issues with installation of security update kb96
- From: Harry Johnston [MVP]
- Re: Vulnerability issues with installation of security update kb96
- Prev by Date: Re: error message's
- Next by Date: Security Update for PowerPoint Viewer 2003 (KB969615) keeps poping
- Previous by thread: Re: Vulnerability issues with installation of security update kb96
- Next by thread: Re: Vulnerability issues with installation of security update kb96
- Index(es):
Relevant Pages
|
