Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Vulnerability issues with installation of security update kb969615

microsoft.public.windowsupdate






Speedup My PC
Reply
  #1 (permalink)  
Old 05-18-2009
komapuk
 

Posts: n/a
Vulnerability issues with installation of security update kb969615
Okay, here is the issue. This is similar to other issues listed in this site
but you need to have new post each time someone has the same issue. I have
windows xp systems (some with service pack 2 and the rest with sp 3), with
MS Office 2003 (ms office is up to date with patching). We have the full
installation of powerpoint on all of the systems. When I do vulnerability
scans
using Patchlink as my security scanner it shows the powerpoint
viewer 2003 as a security risk. Now my systems do not have powerpoint
viewer 2003 installed. However, patchlink also provides the location of the
the file it shows to be vulnerable. This is "File version for file
C:\Program Files\Microsoft Office\Office11\pptview.exe (11.0.8164.0) is less
than 11.0.8305.0
(date=2007/04/19)".
Now when I got to this location I find the file in question. When I double
click on the file it launches powerpoint viewer 2003. (Which is not
installed and not available for removal from the add/remove programs
location) So the vulnerability scanner is correct microsoft powerpoint
viewer is on the system and so is vulnerable. My question is if the files
which allow the viewer to be run on a system (whether it is installed or
not), why does the microsoft update not allow the system to be patched.
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 05-18-2009
PA Bear [MS MVP]
 

Posts: n/a
Re: Vulnerability issues with installation of security update kb969615
1. Install PPV 2003 on these machines, reboot, then uninstall it (properly)
and reboot once more; or...

2. See the "How to obtain help..." section of
http://support.microsoft.com/kb/969615
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002


komapuk wrote:
> Okay, here is the issue. This is similar to other issues listed in this
> site
> but you need to have new post each time someone has the same issue. I have
> windows xp systems (some with service pack 2 and the rest with sp 3),
> with MS Office 2003 (ms office is up to date with patching). We have the
> full installation of powerpoint on all of the systems. When I do
> vulnerability scans
> using Patchlink as my security scanner it shows the powerpoint
> viewer 2003 as a security risk. Now my systems do not have powerpoint
> viewer 2003 installed. However, patchlink also provides the location of
> the
> the file it shows to be vulnerable. This is "File version for file
> C:\Program Files\Microsoft Office\Office11\pptview.exe (11.0.8164.0) is
> less
> than 11.0.8305.0
> (date=2007/04/19)".
> Now when I got to this location I find the file in question. When I
> double
> click on the file it launches powerpoint viewer 2003. (Which is not
> installed and not available for removal from the add/remove programs
> location) So the vulnerability scanner is correct microsoft powerpoint
> viewer is on the system and so is vulnerable. My question is if the files
> which allow the viewer to be run on a system (whether it is installed or
> not), why does the microsoft update not allow the system to be patched.


Reply With Quote
  #3 (permalink)  
Old 05-18-2009
MowGreen
 

Posts: n/a
Re: Vulnerability issues with installation of security update kb969615
komapuk wrote:

> Okay, here is the issue. This is similar to other issues listed in this site
> but you need to have new post each time someone has the same issue. I have
> windows xp systems (some with service pack 2 and the rest with sp 3), with
> MS Office 2003 (ms office is up to date with patching). We have the full
> installation of powerpoint on all of the systems. When I do vulnerability
> scans
> using Patchlink as my security scanner it shows the powerpoint
> viewer 2003 as a security risk. Now my systems do not have powerpoint
> viewer 2003 installed. However, patchlink also provides the location of the
> the file it shows to be vulnerable. This is "File version for file
> C:\Program Files\Microsoft Office\Office11\pptview.exe (11.0.8164.0) is less
> than 11.0.8305.0
> (date=2007/04/19)".
> Now when I got to this location I find the file in question. When I double
> click on the file it launches powerpoint viewer 2003. (Which is not
> installed and not available for removal from the add/remove programs
> location) So the vulnerability scanner is correct microsoft powerpoint
> viewer is on the system and so is vulnerable. My question is if the files
> which allow the viewer to be run on a system (whether it is installed or
> not), why does the microsoft update not allow the system to be patched.



> why does the microsoft update not allow the system to be patched.


1) How did you come to the above conclusion ?

2) Please explain how you came to conclude that
> ms office is up to date with patching



IF the systems are not opted in to Microsoft Update, then no Office
updates will be offered. As opposed to Windows Update which ONLY updates
the Operating System and it's components.
Are you trying to say that the update can not be installed via Microsoft
Update ?


Have the systems been scanned on the Office Update page ?
http://office.microsoft.com/en-us/do...incatalog.aspx

The PowerPoint viewer is a component of PowerPoint, so it can not be
removed unless you uninstall PowerPoint. It can not be uninstalled by
itself from Add/Remove Programs.

http://www.microsoft.com/technet/sec.../MS09-017.mspx

> The Office component discussed in this article is part of the Office Suite that I have installed on
> my system; however, I did not choose to install this specific component. Will I be offered this update?
>
> Yes, if the version of the Office Suite installed on your system shipped with the component discussed
> in this bulletin, the system will be offered updates for it whether the component is installed or not.
> The detection logic used to scan for affected systems is designed to check for updates for all
> components that shipped with the particular Office Suite and offer the updates to a system. Users
> who choose not to apply an update for a component that is not installed, but is included in the
> version of the Office Suite, will not increase the security risk of that system. However, users who
> do choose to install the update will not have a negative impact on the security or performance of a
> system. For more information on this issue, please see Microsoft Knowledge Base Article 830335.



MS09-017: Description of the security update for PowerPoint 2003: May
12, 2009
http://support.microsoft.com/kb/957784


MowGreen
===============
*-343-* FDNY
Never Forgotten
===============
Reply With Quote
  #4 (permalink)  
Old 05-18-2009
PA Bear [MS MVP]
 

Posts: n/a
Re: Vulnerability issues with installation of security update kb969615
BroMow brings up a good point: Does http://windowsupdate.microsoft.com take
the machine to Windows Update website or Microsoft Update website? (I had
been assuming the latter.)


PA Bear [MS MVP] wrote:
> 1. Install PPV 2003 on these machines, reboot, then uninstall it
> (properly)
> and reboot once more; or...
>
> 2. See the "How to obtain help..." section of
> http://support.microsoft.com/kb/969615
>
> komapuk wrote:
>> Okay, here is the issue. This is similar to other issues listed in this
>> site
>> but you need to have new post each time someone has the same issue. I
>> have
>> windows xp systems (some with service pack 2 and the rest with sp 3),
>> with MS Office 2003 (ms office is up to date with patching). We have the
>> full installation of powerpoint on all of the systems. When I do
>> vulnerability scans
>> using Patchlink as my security scanner it shows the powerpoint
>> viewer 2003 as a security risk. Now my systems do not have powerpoint
>> viewer 2003 installed. However, patchlink also provides the location of
>> the
>> the file it shows to be vulnerable. This is "File version for file
>> C:\Program Files\Microsoft Office\Office11\pptview.exe (11.0.8164.0) is
>> less
>> than 11.0.8305.0
>> (date=2007/04/19)".
>> Now when I got to this location I find the file in question. When I
>> double
>> click on the file it launches powerpoint viewer 2003. (Which is not
>> installed and not available for removal from the add/remove programs
>> location) So the vulnerability scanner is correct microsoft powerpoint
>> viewer is on the system and so is vulnerable. My question is if the files
>> which allow the viewer to be run on a system (whether it is installed or
>> not), why does the microsoft update not allow the system to be patched.


Reply With Quote
  #5 (permalink)  
Old 05-19-2009
komapuk
 

Posts: n/a
Re: Vulnerability issues with installation of security update kb96
MowGreen,
We use a WSUS server to do all updates on our systems. All of the MS
office patches are approved and have been installed across the network. The
system in question is going to be used as a baseline for future images. When
we found that it had this vulnerability, we went to Microsoft updates (which
is what I said originially) and checked. Microsoft said no additional updates
were needed. We then scanned the system again and we still have the same
vulnerability show up. So we then downloaded the actual update (KB969615
which updates the powerpoint viewer 2003). When the update ran it informed us
"There are no products affected by this package installed on the system.".
The system in question also has the latest update for powerpoint on it
(KB957784) MS09-17. Once again if powerpoint viewer 2003 is part of the full
powerpoint installation, why does the Microsoft updater not recognize that
the program is on the system and update it.
Also I ran the scan across other systems on our network and they show the
same vulnerability, and when I investigate the file is there and it does
launch the powerpoint viewer. Since the version is the older version, that
means it is vulnerable to the exploit available against it.

Robear,
Installing ppv, rebooting and then properly uninstalling the ppv and
then rebooting again, is not really a great solution across an enterprise
with over 1000 systems. Especially when the viewer seems to be part of the
normal installation of powerpoint. Though I appreciate the feedback.
Vic




"MowGreen" wrote:

> komapuk wrote:
>
> > Okay, here is the issue. This is similar to other issues listed in this site
> > but you need to have new post each time someone has the same issue. I have
> > windows xp systems (some with service pack 2 and the rest with sp 3), with
> > MS Office 2003 (ms office is up to date with patching). We have the full
> > installation of powerpoint on all of the systems. When I do vulnerability
> > scans
> > using Patchlink as my security scanner it shows the powerpoint
> > viewer 2003 as a security risk. Now my systems do not have powerpoint
> > viewer 2003 installed. However, patchlink also provides the location of the
> > the file it shows to be vulnerable. This is "File version for file
> > C:\Program Files\Microsoft Office\Office11\pptview.exe (11.0.8164.0) is less
> > than 11.0.8305.0
> > (date=2007/04/19)".
> > Now when I got to this location I find the file in question. When I double
> > click on the file it launches powerpoint viewer 2003. (Which is not
> > installed and not available for removal from the add/remove programs
> > location) So the vulnerability scanner is correct microsoft powerpoint
> > viewer is on the system and so is vulnerable. My question is if the files
> > which allow the viewer to be run on a system (whether it is installed or
> > not), why does the microsoft update not allow the system to be patched.

>
>
> > why does the microsoft update not allow the system to be patched.

>
> 1) How did you come to the above conclusion ?
>
> 2) Please explain how you came to conclude that
> > ms office is up to date with patching

>
>
> IF the systems are not opted in to Microsoft Update, then no Office
> updates will be offered. As opposed to Windows Update which ONLY updates
> the Operating System and it's components.
> Are you trying to say that the update can not be installed via Microsoft
> Update ?
>
>
> Have the systems been scanned on the Office Update page ?
> http://office.microsoft.com/en-us/do...incatalog.aspx
>
> The PowerPoint viewer is a component of PowerPoint, so it can not be
> removed unless you uninstall PowerPoint. It can not be uninstalled by
> itself from Add/Remove Programs.
>
> http://www.microsoft.com/technet/sec.../MS09-017.mspx
>
> > The Office component discussed in this article is part of the Office Suite that I have installed on
> > my system; however, I did not choose to install this specific component. Will I be offered this update?
> >
> > Yes, if the version of the Office Suite installed on your system shipped with the component discussed
> > in this bulletin, the system will be offered updates for it whether the component is installed or not.
> > The detection logic used to scan for affected systems is designed to check for updates for all
> > components that shipped with the particular Office Suite and offer the updates to a system. Users
> > who choose not to apply an update for a component that is not installed, but is included in the
> > version of the Office Suite, will not increase the security risk of that system. However, users who
> > do choose to install the update will not have a negative impact on the security or performance of a
> > system. For more information on this issue, please see Microsoft Knowledge Base Article 830335.

>
>
> MS09-017: Description of the security update for PowerPoint 2003: May
> 12, 2009
> http://support.microsoft.com/kb/957784
>
>
> MowGreen
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>

Reply With Quote
  #6 (permalink)  
Old 05-19-2009
MowGreen
 

Posts: n/a
Re: Vulnerability issues with installation of security update kb96
Thanks for providing more details, Vic. Knowing that the system is
updating via WSUS as opposed to MU explains things ... somewhat.
Let's see if I have the patch sequence correct here ...
KB957784 is installed first, then the attempt to install KB969615
results in the "no products affected by this package are installed on
this system", is that correct ?

All Office 2K3's are at SP3, correct ?

KB969615 updates Pptview.exe to V. 11.0.8305.0
KB955784 updates Pptview.exe to V. 11.0.8307.0

Going by the File version levels it appears the proper patch sequence is
to apply KB969615 first, then apply KB955784.
Apparently, since KB955784 was applied first, when you attempt to
install KB969615 it's detecting the higher file version and you
subsequently receive the " no products affected " message.
MU is detecting the higher file version, too.

BUT, you state that Pptview.exe is at a lower file version than either
of the updates would leave it, correct ?

Please post the Versions of Pptview.exe and Pp7x32.dll from at least one
of the systems where KB955784 is installed, Vic.

Did you experience difficulties installing KB956500, which is similar to
KB969615 as it updates the same files as KB956500 does ?


MowGreen
===============
*-343-* FDNY
Never Forgotten
===============



komapuk wrote:

> MowGreen,
> We use a WSUS server to do all updates on our systems. All of the MS
> office patches are approved and have been installed across the network. The
> system in question is going to be used as a baseline for future images. When
> we found that it had this vulnerability, we went to Microsoft updates (which
> is what I said originially) and checked. Microsoft said no additional updates
> were needed. We then scanned the system again and we still have the same
> vulnerability show up. So we then downloaded the actual update (KB969615
> which updates the powerpoint viewer 2003). When the update ran it informed us
> "There are no products affected by this package installed on the system.".
> The system in question also has the latest update for powerpoint on it
> (KB957784) MS09-17. Once again if powerpoint viewer 2003 is part of the full
> powerpoint installation, why does the Microsoft updater not recognize that
> the program is on the system and update it.
> Also I ran the scan across other systems on our network and they show the
> same vulnerability, and when I investigate the file is there and it does
> launch the powerpoint viewer. Since the version is the older version, that
> means it is vulnerable to the exploit available against it.
>
> Robear,
> Installing ppv, rebooting and then properly uninstalling the ppv and
> then rebooting again, is not really a great solution across an enterprise
> with over 1000 systems. Especially when the viewer seems to be part of the
> normal installation of powerpoint. Though I appreciate the feedback.
> Vic
>
>
>
>
> "MowGreen" wrote:
>
>
>>komapuk wrote:
>>
>>
>>>Okay, here is the issue. This is similar to other issues listed in this site
>>>but you need to have new post each time someone has the same issue. I have
>>>windows xp systems (some with service pack 2 and the rest with sp 3), with
>>>MS Office 2003 (ms office is up to date with patching). We have the full
>>>installation of powerpoint on all of the systems. When I do vulnerability
>>>scans
>>> using Patchlink as my security scanner it shows the powerpoint
>>> viewer 2003 as a security risk. Now my systems do not have powerpoint
>>> viewer 2003 installed. However, patchlink also provides the location of the
>>> the file it shows to be vulnerable. This is "File version for file
>>>C:\Program Files\Microsoft Office\Office11\pptview.exe (11.0.8164.0) is less
>>>than 11.0.8305.0
>>> (date=2007/04/19)".
>>> Now when I got to this location I find the file in question. When I double
>>> click on the file it launches powerpoint viewer 2003. (Which is not
>>> installed and not available for removal from the add/remove programs
>>> location) So the vulnerability scanner is correct microsoft powerpoint
>>>viewer is on the system and so is vulnerable. My question is if the files
>>>which allow the viewer to be run on a system (whether it is installed or
>>>not), why does the microsoft update not allow the system to be patched.

>>
>>
>>>why does the microsoft update not allow the system to be patched.

>>
>>1) How did you come to the above conclusion ?
>>
>>2) Please explain how you came to conclude that
>>
>>>ms office is up to date with patching

>>
>>
>>IF the systems are not opted in to Microsoft Update, then no Office
>>updates will be offered. As opposed to Windows Update which ONLY updates
>>the Operating System and it's components.
>>Are you trying to say that the update can not be installed via Microsoft
>>Update ?
>>
>>
>>Have the systems been scanned on the Office Update page ?
>>http://office.microsoft.com/en-us/do...incatalog.aspx
>>
>>The PowerPoint viewer is a component of PowerPoint, so it can not be
>>removed unless you uninstall PowerPoint. It can not be uninstalled by
>>itself from Add/Remove Programs.
>>
>>http://www.microsoft.com/technet/sec.../MS09-017.mspx
>>
>>
>>>The Office component discussed in this article is part of the Office Suite that I have installed on
>>>my system; however, I did not choose to install this specific component. Will I be offered this update?

>>
>> >

>>
>>>Yes, if the version of the Office Suite installed on your system shipped with the component discussed
>>>in this bulletin, the system will be offered updates for it whether the component is installed or not.
>>>The detection logic used to scan for affected systems is designed to check for updates for all
>>>components that shipped with the particular Office Suite and offer the updates to a system. Users
>>>who choose not to apply an update for a component that is not installed, but is included in the
>>>version of the Office Suite, will not increase the security risk of that system. However, users who
>>>do choose to install the update will not have a negative impact on the security or performance of a
>>>system. For more information on this issue, please see Microsoft Knowledge Base Article 830335.

>>
>>
>>MS09-017: Description of the security update for PowerPoint 2003: May
>>12, 2009
>>http://support.microsoft.com/kb/957784
>>
>>
>>MowGreen
>>===============
>> *-343-* FDNY
>>Never Forgotten
>>===============
>>

Reply With Quote
  #7 (permalink)  
Old 05-19-2009
PA Bear [MS MVP]
 

Posts: n/a
Re: Vulnerability issues with installation of security update kb96
[[Forwarded to WSUS newsgroup via crosspost]]

MowGreen wrote:
> Thanks for providing more details, Vic. Knowing that the system is
> updating via WSUS as opposed to MU explains things ... somewhat.
> Let's see if I have the patch sequence correct here ...
> KB957784 is installed first, then the attempt to install KB969615
> results in the "no products affected by this package are installed on
> this system", is that correct ?
>
> All Office 2K3's are at SP3, correct ?
>
> KB969615 updates Pptview.exe to V. 11.0.8305.0
> KB955784 updates Pptview.exe to V. 11.0.8307.0
>
> Going by the File version levels it appears the proper patch sequence is
> to apply KB969615 first, then apply KB955784.
> Apparently, since KB955784 was applied first, when you attempt to
> install KB969615 it's detecting the higher file version and you
> subsequently receive the " no products affected " message.
> MU is detecting the higher file version, too.
>
> BUT, you state that Pptview.exe is at a lower file version than either
> of the updates would leave it, correct ?
>
> Please post the Versions of Pptview.exe and Pp7x32.dll from at least one
> of the systems where KB955784 is installed, Vic.
>
> Did you experience difficulties installing KB956500, which is similar to
> KB969615 as it updates the same files as KB956500 does ?
>
>
> MowGreen
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>
>
>
> komapuk wrote:
>
>> MowGreen,
>> We use a WSUS server to do all updates on our systems. All of the MS
>> office patches are approved and have been installed across the network.
>> The
>> system in question is going to be used as a baseline for future images.
>> When we found that it had this vulnerability, we went to Microsoft
>> updates
>> (which is what I said originially) and checked. Microsoft said no
>> additional updates were needed. We then scanned the system again and we
>> still have the same vulnerability show up. So we then downloaded the
>> actual update (KB969615 which updates the powerpoint viewer 2003). When
>> the update ran it informed us "There are no products affected by this
>> package installed on the system.". The system in question also has the
>> latest update for powerpoint on it (KB957784) MS09-17. Once again if
>> powerpoint viewer 2003 is part of the full powerpoint installation, why
>> does the Microsoft updater not recognize that the program is on the
>> system
>> and update it. Also I ran the scan across other systems on our network
>> and they show the
>> same vulnerability, and when I investigate the file is there and it does
>> launch the powerpoint viewer. Since the version is the older version,
>> that
>> means it is vulnerable to the exploit available against it.
>>
>> Robear,
>> Installing ppv, rebooting and then properly uninstalling the ppv and
>> then rebooting again, is not really a great solution across an enterprise
>> with over 1000 systems. Especially when the viewer seems to be part of
>> the
>> normal installation of powerpoint. Though I appreciate the feedback.
>> Vic
>>
>>
>>
>>
>> "MowGreen" wrote:
>>
>>
>>> komapuk wrote:
>>>
>>>
>>>> Okay, here is the issue. This is similar to other issues listed in this
>>>> site but you need to have new post each time someone has the same
>>>> issue. I
>>>> have windows xp systems (some with service pack 2 and the rest with
>>>> sp 3), with MS Office 2003 (ms office is up to date with patching). We
>>>> have the full
>>>> installation of powerpoint on all of the systems. When I do
>>>> vulnerability
>>>> scans
>>>> using Patchlink as my security scanner it shows the powerpoint
>>>> viewer 2003 as a security risk. Now my systems do not have powerpoint
>>>> viewer 2003 installed. However, patchlink also provides the location of
>>>> the the file it shows to be vulnerable. This is "File version for file
>>>> C:\Program Files\Microsoft Office\Office11\pptview.exe (11.0.8164.0) is
>>>> less than 11.0.8305.0
>>>> (date=2007/04/19)".
>>>> Now when I got to this location I find the file in question. When I
>>>> double click on the file it launches powerpoint viewer 2003. (Which is
>>>> not
>>>> installed and not available for removal from the add/remove programs
>>>> location) So the vulnerability scanner is correct microsoft powerpoint
>>>> viewer is on the system and so is vulnerable. My question is if the
>>>> files
>>>> which allow the viewer to be run on a system (whether it is installed
>>>> or
>>>> not), why does the microsoft update not allow the system to be patched.
>>>
>>>
>>>> why does the microsoft update not allow the system to be patched.
>>>
>>> 1) How did you come to the above conclusion ?
>>>
>>> 2) Please explain how you came to conclude that
>>>
>>>> ms office is up to date with patching
>>>
>>>
>>> IF the systems are not opted in to Microsoft Update, then no Office
>>> updates will be offered. As opposed to Windows Update which ONLY updates
>>> the Operating System and it's components.
>>> Are you trying to say that the update can not be installed via Microsoft
>>> Update ?
>>>
>>>
>>> Have the systems been scanned on the Office Update page ?
>>> http://office.microsoft.com/en-us/do...incatalog.aspx
>>>
>>> The PowerPoint viewer is a component of PowerPoint, so it can not be
>>> removed unless you uninstall PowerPoint. It can not be uninstalled by
>>> itself from Add/Remove Programs.
>>>
>>> http://www.microsoft.com/technet/sec.../MS09-017.mspx
>>>
>>>
>>>> The Office component discussed in this article is part of the Office
>>>> Suite that I have installed on my system; however, I did not choose to
>>>> install this specific component.
>>>> Will I be offered this update?
>>>
>>>>
>>>
>>>> Yes, if the version of the Office Suite installed on your system
>>>> shipped
>>>> with the component discussed in this bulletin, the system will be
>>>> offered updates for it whether the component is installed or not. The
>>>> detection logic used to scan for affected systems is designed to check
>>>> for updates for all components that shipped with the particular Office
>>>> Suite and offer the updates to a system. Users who choose not to apply
>>>> an update for a component that is not installed,
>>>> but is included in the version of the Office Suite, will not increase
>>>> the security risk of that system. However, users who do choose to
>>>> install the update will not have a negative impact on the
>>>> security or performance of a system. For more information on this
>>>> issue,
>>>> please see Microsoft Knowledge Base Article 830335.
>>>
>>>
>>> MS09-017: Description of the security update for PowerPoint 2003: May
>>> 12, 2009
>>> http://support.microsoft.com/kb/957784
>>>
>>>
>>> MowGreen
>>> ===============
>>> *-343-* FDNY
>>> Never Forgotten
>>> ===============


Reply With Quote
  #8 (permalink)  
Old 05-20-2009
Harry Johnston [MVP]
 

Posts: n/a
Re: Vulnerability issues with installation of security update kb96
Vic,

To clarify, neither Microsoft Update nor the WSUS server are saying theat
KB969615 is needed? Just a third-party product?

The fact that the vulnerable file is present does not necessarily mean that
there is a vulnerability, although I agree that it is an oddity that should be
investigated.

I'll see if I can reproduce the problem and scare some information out of Microsoft.

Harry.

komapuk wrote:
> MowGreen,
> We use a WSUS server to do all updates on our systems. All of the MS
> office patches are approved and have been installed across the network. The
> system in question is going to be used as a baseline for future images. When
> we found that it had this vulnerability, we went to Microsoft updates (which
> is what I said originially) and checked. Microsoft said no additional updates
> were needed. We then scanned the system again and we still have the same
> vulnerability show up. So we then downloaded the actual update (KB969615
> which updates the powerpoint viewer 2003). When the update ran it informed us
> "There are no products affected by this package installed on the system.".
> The system in question also has the latest update for powerpoint on it
> (KB957784) MS09-17. Once again if powerpoint viewer 2003 is part of the full
> powerpoint installation, why does the Microsoft updater not recognize that
> the program is on the system and update it.
> Also I ran the scan across other systems on our network and they show the
> same vulnerability, and when I investigate the file is there and it does
> launch the powerpoint viewer. Since the version is the older version, that
> means it is vulnerable to the exploit available against it.
>
> Robear,
> Installing ppv, rebooting and then properly uninstalling the ppv and
> then rebooting again, is not really a great solution across an enterprise
> with over 1000 systems. Especially when the viewer seems to be part of the
> normal installation of powerpoint. Though I appreciate the feedback.
> Vic
>
>
>
>
> "MowGreen" wrote:
>
>> komapuk wrote:
>>
>>> Okay, here is the issue. This is similar to other issues listed in this site
>>> but you need to have new post each time someone has the same issue. I have
>>> windows xp systems (some with service pack 2 and the rest with sp 3), with
>>> MS Office 2003 (ms office is up to date with patching). We have the full
>>> installation of powerpoint on all of the systems. When I do vulnerability
>>> scans
>>> using Patchlink as my security scanner it shows the powerpoint
>>> viewer 2003 as a security risk. Now my systems do not have powerpoint
>>> viewer 2003 installed. However, patchlink also provides the location of the
>>> the file it shows to be vulnerable. This is "File version for file
>>> C:\Program Files\Microsoft Office\Office11\pptview.exe (11.0.8164.0) is less
>>> than 11.0.8305.0
>>> (date=2007/04/19)".
>>> Now when I got to this location I find the file in question. When I double
>>> click on the file it launches powerpoint viewer 2003. (Which is not
>>> installed and not available for removal from the add/remove programs
>>> location) So the vulnerability scanner is correct microsoft powerpoint
>>> viewer is on the system and so is vulnerable. My question is if the files
>>> which allow the viewer to be run on a system (whether it is installed or
>>> not), why does the microsoft update not allow the system to be patched.

>>
>>> why does the microsoft update not allow the system to be patched.

>> 1) How did you come to the above conclusion ?
>>
>> 2) Please explain how you came to conclude that
>>> ms office is up to date with patching

>>
>> IF the systems are not opted in to Microsoft Update, then no Office
>> updates will be offered. As opposed to Windows Update which ONLY updates
>> the Operating System and it's components.
>> Are you trying to say that the update can not be installed via Microsoft
>> Update ?
>>
>>
>> Have the systems been scanned on the Office Update page ?
>> http://office.microsoft.com/en-us/do...incatalog.aspx
>>
>> The PowerPoint viewer is a component of PowerPoint, so it can not be
>> removed unless you uninstall PowerPoint. It can not be uninstalled by
>> itself from Add/Remove Programs.
>>
>> http://www.microsoft.com/technet/sec.../MS09-017.mspx
>>
>>> The Office component discussed in this article is part of the Office Suite that I have installed on
>>> my system; however, I did not choose to install this specific component. Will I be offered this update?
>> >
>>> Yes, if the version of the Office Suite installed on your system shipped with the component discussed
>>> in this bulletin, the system will be offered updates for it whether the component is installed or not.
>>> The detection logic used to scan for affected systems is designed to check for updates for all
>>> components that shipped with the particular Office Suite and offer the updates to a system. Users
>>> who choose not to apply an update for a component that is not installed, but is included in the
>>> version of the Office Suite, will not increase the security risk of that system. However, users who
>>> do choose to install the update will not have a negative impact on the security or performance of a
>>> system. For more information on this issue, please see Microsoft Knowledge Base Article 830335.

>>
>> MS09-017: Description of the security update for PowerPoint 2003: May
>> 12, 2009
>> http://support.microsoft.com/kb/957784
>>
>>
>> MowGreen
>> ===============
>> *-343-* FDNY
>> Never Forgotten
>> ===============
>>

Reply With Quote
  #9 (permalink)  
Old 05-20-2009
komapuk
 

Posts: n/a
Re: Vulnerability issues with installation of security update kb96
Okay,
Latest update.
Patchlink (formerly Harrisstat) now lists on the website that the
vulnerability for the powerpoint viewer is a false positive. So they say
there is no vulnerability.

Tested it on my system which had not gotten the kb955784 patch.
It still would not allow me to do KB969615.
Last night I had my system update to KB955784.
The current version of the pptview.exe is 11.0.8164 (this is in the
office11 folder under the program files -> MS office)
The current version of pp7x32.dll is 11.0.8305
Had no other problems with updates. Just the strange situation here.

Now what vulnerable to exploit in powerpoint viewer? Is it the executable or
is it a dll?

"Harry Johnston [MVP]" wrote:

> Vic,
>
> To clarify, neither Microsoft Update nor the WSUS server are saying theat
> KB969615 is needed? Just a third-party product?
>
> The fact that the vulnerable file is present does not necessarily mean that
> there is a vulnerability, although I agree that it is an oddity that should be
> investigated.
>
> I'll see if I can reproduce the problem and scare some information out of Microsoft.
>
> Harry.
>
> komapuk wrote:
> > MowGreen,
> > We use a WSUS server to do all updates on our systems. All of the MS
> > office patches are approved and have been installed across the network. The
> > system in question is going to be used as a baseline for future images. When
> > we found that it had this vulnerability, we went to Microsoft updates (which
> > is what I said originially) and checked. Microsoft said no additional updates
> > were needed. We then scanned the system again and we still have the same
> > vulnerability show up. So we then downloaded the actual update (KB969615
> > which updates the powerpoint viewer 2003). When the update ran it informed us
> > "There are no products affected by this package installed on the system.".
> > The system in question also has the latest update for powerpoint on it
> > (KB957784) MS09-17. Once again if powerpoint viewer 2003 is part of the full
> > powerpoint installation, why does the Microsoft updater not recognize that
> > the program is on the system and update it.
> > Also I ran the scan across other systems on our network and they show the
> > same vulnerability, and when I investigate the file is there and it does
> > launch the powerpoint viewer. Since the version is the older version, that
> > means it is vulnerable to the exploit available against it.
> >
> > Robear,
> > Installing ppv, rebooting and then properly uninstalling the ppv and
> > then rebooting again, is not really a great solution across an enterprise
> > with over 1000 systems. Especially when the viewer seems to be part of the
> > normal installation of powerpoint. Though I appreciate the feedback.
> > Vic
> >
> >
> >
> >
> > "MowGreen" wrote:
> >
> >> komapuk wrote:
> >>
> >>> Okay, here is the issue. This is similar to other issues listed in this site
> >>> but you need to have new post each time someone has the same issue. I have
> >>> windows xp systems (some with service pack 2 and the rest with sp 3), with
> >>> MS Office 2003 (ms office is up to date with patching). We have the full
> >>> installation of powerpoint on all of the systems. When I do vulnerability
> >>> scans
> >>> using Patchlink as my security scanner it shows the powerpoint
> >>> viewer 2003 as a security risk. Now my systems do not have powerpoint
> >>> viewer 2003 installed. However, patchlink also provides the location of the
> >>> the file it shows to be vulnerable. This is "File version for file
> >>> C:\Program Files\Microsoft Office\Office11\pptview.exe (11.0.8164.0) is less
> >>> than 11.0.8305.0
> >>> (date=2007/04/19)".
> >>> Now when I got to this location I find the file in question. When I double
> >>> click on the file it launches powerpoint viewer 2003. (Which is not
> >>> installed and not available for removal from the add/remove programs
> >>> location) So the vulnerability scanner is correct microsoft powerpoint
> >>> viewer is on the system and so is vulnerable. My question is if the files
> >>> which allow the viewer to be run on a system (whether it is installed or
> >>> not), why does the microsoft update not allow the system to be patched.
> >>
> >>> why does the microsoft update not allow the system to be patched.
> >> 1) How did you come to the above conclusion ?
> >>
> >> 2) Please explain how you came to conclude that
> >>> ms office is up to date with patching
> >>
> >> IF the systems are not opted in to Microsoft Update, then no Office
> >> updates will be offered. As opposed to Windows Update which ONLY updates
> >> the Operating System and it's components.
> >> Are you trying to say that the update can not be installed via Microsoft
> >> Update ?
> >>
> >>
> >> Have the systems been scanned on the Office Update page ?
> >> http://office.microsoft.com/en-us/do...incatalog.aspx
> >>
> >> The PowerPoint viewer is a component of PowerPoint, so it can not be
> >> removed unless you uninstall PowerPoint. It can not be uninstalled by
> >> itself from Add/Remove Programs.
> >>
> >> http://www.microsoft.com/technet/sec.../MS09-017.mspx
> >>
> >>> The Office component discussed in this article is part of the Office Suite that I have installed on
> >>> my system; however, I did not choose to install this specific component. Will I be offered this update?
> >> >
> >>> Yes, if the version of the Office Suite installed on your system shipped with the component discussed
> >>> in this bulletin, the system will be offered updates for it whether the component is installed or not.
> >>> The detection logic used to scan for affected systems is designed to check for updates for all
> >>> components that shipped with the particular Office Suite and offer the updates to a system. Users
> >>> who choose not to apply an update for a component that is not installed, but is included in the
> >>> version of the Office Suite, will not increase the security risk of that system. However, users who
> >>> do choose to install the update will not have a negative impact on the security or performance of a
> >>> system. For more information on this issue, please see Microsoft Knowledge Base Article 830335.
> >>
> >> MS09-017: Description of the security update for PowerPoint 2003: May
> >> 12, 2009
> >> http://support.microsoft.com/kb/957784
> >>
> >>
> >> MowGreen
> >> ===============
> >> *-343-* FDNY
> >> Never Forgotten
> >> ===============
> >>

>

Reply With Quote
  #10 (permalink)  
Old 05-20-2009
MowGreen
 

Posts: n/a
Re: Vulnerability issues with installation of security update kb96
I think I know where the confusion lies here ... KB969615 is *not*
intended for anything but PowerPoint Viewer 2003.
KB955784 is intended for PowerPoint 2003.

KB955784 updates Powerpnt.exe, *not* Pptview.exe, to V. 11.0.8307.0
and Pp7x32.dll to V. 11.0.8305.0.

@Vic ... suggest you check the Version level of Powerpnt.exe as
Pp7x32.dll is now at the correct Version level when KB955784 is installed.

The Vulnerability Information is shown here:
http://www.microsoft.com/technet/sec.../ms09-017.mspx

The chart under Severity Ratings and Vulnerability Identifiers shows
which vulnerabilities are present in PowerPoint 2003 SP3, *none* of
which are rated as Critical.


MowGreen
===============
*-343-* FDNY
Never Forgotten
===============



komapuk wrote:

> Okay,
> Latest update.
> Patchlink (formerly Harrisstat) now lists on the website that the
> vulnerability for the powerpoint viewer is a false positive. So they say
> there is no vulnerability.
>
> Tested it on my system which had not gotten the kb955784 patch.
> It still would not allow me to do KB969615.
> Last night I had my system update to KB955784.
> The current version of the pptview.exe is 11.0.8164 (this is in the
> office11 folder under the program files -> MS office)
> The current version of pp7x32.dll is 11.0.8305
> Had no other problems with updates. Just the strange situation here.
>
> Now what vulnerable to exploit in powerpoint viewer? Is it the executable or
> is it a dll?
>
> "Harry Johnston [MVP]" wrote:
>
>
>>Vic,
>>
>>To clarify, neither Microsoft Update nor the WSUS server are saying theat
>>KB969615 is needed? Just a third-party product?
>>
>>The fact that the vulnerable file is present does not necessarily mean that
>>there is a vulnerability, although I agree that it is an oddity that should be
>>investigated.
>>
>>I'll see if I can reproduce the problem and scare some information out of Microsoft.
>>
>> Harry.
>>
>>komapuk wrote:
>>
>>>MowGreen,
>>> We use a WSUS server to do all updates on our systems. All of the MS
>>>office patches are approved and have been installed across the network. The
>>>system in question is going to be used as a baseline for future images. When
>>>we found that it had this vulnerability, we went to Microsoft updates (which
>>>is what I said originially) and checked. Microsoft said no additional updates
>>>were needed. We then scanned the system again and we still have the same
>>>vulnerability show up. So we then downloaded the actual update (KB969615
>>>which updates the powerpoint viewer 2003). When the update ran it informed us
>>>"There are no products affected by this package installed on the system.".
>>>The system in question also has the latest update for powerpoint on it
>>>(KB957784) MS09-17. Once again if powerpoint viewer 2003 is part of the full
>>>powerpoint installation, why does the Microsoft updater not recognize that
>>>the program is on the system and update it.
>>>Also I ran the scan across other systems on our network and they show the
>>>same vulnerability, and when I investigate the file is there and it does
>>>launch the powerpoint viewer. Since the version is the older version, that
>>>means it is vulnerable to the exploit available against it.
>>>
>>>Robear,
>>> Installing ppv, rebooting and then properly uninstalling the ppv and
>>>then rebooting again, is not really a great solution across an enterprise
>>>with over 1000 systems. Especially when the viewer seems to be part of the
>>>normal installation of powerpoint. Though I appreciate the feedback.
>>> Vic
>>>
>>>
>>>
>>>
>>>"MowGreen" wrote:
>>>
>>>
>>>>komapuk wrote:
>>>>
>>>>
>>>>>Okay, here is the issue. This is similar to other issues listed in this site
>>>>>but you need to have new post each time someone has the same issue. I have
>>>>>windows xp systems (some with service pack 2 and the rest with sp 3), with
>>>>>MS Office 2003 (ms office is up to date with patching). We have the full
>>>>>installation of powerpoint on all of the systems. When I do vulnerability
>>>>>scans
>>>>> using Patchlink as my security scanner it shows the powerpoint
>>>>> viewer 2003 as a security risk. Now my systems do not have powerpoint
>>>>> viewer 2003 installed. However, patchlink also provides the location of the
>>>>> the file it shows to be vulnerable. This is "File version for file
>>>>>C:\Program Files\Microsoft Office\Office11\pptview.exe (11.0.8164.0) is less
>>>>>than 11.0.8305.0
>>>>> (date=2007/04/19)".
>>>>> Now when I got to this location I find the file in question. When I double
>>>>> click on the file it launches powerpoint viewer 2003. (Which is not
>>>>> installed and not available for removal from the add/remove programs
>>>>> location) So the vulnerability scanner is correct microsoft powerpoint
>>>>>viewer is on the system and so is vulnerable. My question is if the files
>>>>>which allow the viewer to be run on a system (whether it is installed or
>>>>>not), why does the microsoft update not allow the system to be patched.
>>>>
>>>>>why does the microsoft update not allow the system to be patched.
>>>>
>>>>1) How did you come to the above conclusion ?
>>>>
>>>>2) Please explain how you came to conclude that
>>>>
>>>>>ms office is up to date with patching
>>>>
>>>>IF the systems are not opted in to Microsoft Update, then no Office
>>>>updates will be offered. As opposed to Windows Update which ONLY updates
>>>>the Operating System and it's components.
>>>>Are you trying to say that the update can not be installed via Microsoft
>>>>Update ?
>>>>
>>>>
>>>>Have the systems been scanned on the Office Update page ?
>>>>http://office.microsoft.com/en-us/do...incatalog.aspx
>>>>
>>>>The PowerPoint viewer is a component of PowerPoint, so it can not be
>>>>removed unless you uninstall PowerPoint. It can not be uninstalled by
>>>>itself from Add/Remove Programs.
>>>>
>>>>http://www.microsoft.com/technet/sec.../MS09-017.mspx
>>>>
>>>>
>>>>>The Office component discussed in this article is part of the Office Suite that I have installed on
>>>>>my system; however, I did not choose to install this specific component. Will I be offered this update?
>>>>
>>>> >
>>>>
>>>>>Yes, if the version of the Office Suite installed on your system shipped with the component discussed
>>>>>in this bulletin, the system will be offered updates for it whether the component is installed or not.
>>>>>The detection logic used to scan for affected systems is designed to check for updates for all
>>>>>components that shipped with the particular Office Suite and offer the updates to a system. Users
>>>>>who choose not to apply an update for a component that is not installed, but is included in the
>>>>>version of the Office Suite, will not increase the security risk of that system. However, users who
>>>>>do choose to install the update will not have a negative impact on the security or performance of a
>>>>>system. For more information on this issue, please see Microsoft Knowledge Base Article 830335.
>>>>
>>>>MS09-017: Description of the security update for PowerPoint 2003: May
>>>>12, 2009
>>>>http://support.microsoft.com/kb/957784
>>>>
>>>>
>>>>MowGreen
>>>>===============
>>>> *-343-* FDNY
>>>>Never Forgotten
>>>>===============
>>>>

>>

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problems with installation of security update kb969615 andersbp microsoft.public.windowsupdate 13 02-14-2010 19:12
Microsoft Issues Security Advisory for Zero-Day Excel Vulnerability Steve Security News 0 02-24-2009 22:00
[Security Update released] Vulnerability in Internet Explorer Could Allow Remote Code Execution Vincenzo Di Russo [MVP] microsoft.public.internetexplorer.general 12 12-20-2008 17:20
RE: Windows Update driver download & installation issues... =?Utf-8?B?d2lucGl0dA==?= microsoft.public.windows.vista hardware devices 2 07-03-2007 17:00
RE: Windows Update driver download & installation issues... =?Utf-8?B?Y21paG0=?= microsoft.public.windows.vista hardware devices 0 12-20-2006 01:55




All times are GMT +1. The time now is 22:44.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120