2. See the "How to obtain help..." section of
http://support.microsoft.com/kb/969615
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002
1) How did you come to the above conclusion ?
2) Please explain how you came to conclude that
> ms office is up to date with patching
IF the systems are not opted in to Microsoft Update, then no Office
updates will be offered. As opposed to Windows Update which ONLY updates
the Operating System and it's components.
Are you trying to say that the update can not be installed via Microsoft
Update ?
Have the systems been scanned on the Office Update page ?
http://office.microsoft.com/en-us/downloads/maincatalog.aspx
The PowerPoint viewer is a component of PowerPoint, so it can not be
removed unless you uninstall PowerPoint. It can not be uninstalled by
itself from Add/Remove Programs.
http://www.microsoft.com/technet/security/Bulletin/MS09-017.mspx
> The Office component discussed in this article is part of the Office Suite that I have installed on
> my system; however, I did not choose to install this specific component. Will I be offered this update?
>
> Yes, if the version of the Office Suite installed on your system shipped with the component discussed
> in this bulletin, the system will be offered updates for it whether the component is installed or not.
> The detection logic used to scan for affected systems is designed to check for updates for all
> components that shipped with the particular Office Suite and offer the updates to a system. Users
> who choose not to apply an update for a component that is not installed, but is included in the
> version of the Office Suite, will not increase the security risk of that system. However, users who
> do choose to install the update will not have a negative impact on the security or performance of a
> system. For more information on this issue, please see Microsoft Knowledge Base Article 830335.
MS09-017: Description of the security update for PowerPoint 2003: May
12, 2009
http://support.microsoft.com/kb/957784
MowGreen
===============
*-343-* FDNY
Never Forgotten
===============
PA Bear [MS MVP] wrote:
> 1. Install PPV 2003 on these machines, reboot, then uninstall it
> (properly)
> and reboot once more; or...
>
> 2. See the "How to obtain help..." section of
> http://support.microsoft.com/kb/969615
>
Robear,
Installing ppv, rebooting and then properly uninstalling the ppv and
then rebooting again, is not really a great solution across an enterprise
with over 1000 systems. Especially when the viewer seems to be part of the
normal installation of powerpoint. Though I appreciate the feedback.
Vic
All Office 2K3's are at SP3, correct ?
KB969615 updates Pptview.exe to V. 11.0.8305.0
KB955784 updates Pptview.exe to V. 11.0.8307.0
Going by the File version levels it appears the proper patch sequence is
to apply KB969615 first, then apply KB955784.
Apparently, since KB955784 was applied first, when you attempt to
install KB969615 it's detecting the higher file version and you
subsequently receive the " no products affected " message.
MU is detecting the higher file version, too.
BUT, you state that Pptview.exe is at a lower file version than either
of the updates would leave it, correct ?
Please post the Versions of Pptview.exe and Pp7x32.dll from at least one
of the systems where KB955784 is installed, Vic.
Did you experience difficulties installing KB956500, which is similar to
KB969615 as it updates the same files as KB956500 does ?
MowGreen
===============
*-343-* FDNY
Never Forgotten
===============
To clarify, neither Microsoft Update nor the WSUS server are saying theat
KB969615 is needed? Just a third-party product?
The fact that the vulnerable file is present does not necessarily mean that
there is a vulnerability, although I agree that it is an oddity that should be
investigated.
I'll see if I can reproduce the problem and scare some information out of Microsoft.
Harry.
Tested it on my system which had not gotten the kb955784 patch.
It still would not allow me to do KB969615.
Last night I had my system update to KB955784.
The current version of the pptview.exe is 11.0.8164 (this is in the
office11 folder under the program files -> MS office)
The current version of pp7x32.dll is 11.0.8305
Had no other problems with updates. Just the strange situation here.
Now what vulnerable to exploit in powerpoint viewer? Is it the executable or
is it a dll?
KB955784 updates Powerpnt.exe, *not* Pptview.exe, to V. 11.0.8307.0
and Pp7x32.dll to V. 11.0.8305.0.
@Vic ... suggest you check the Version level of Powerpnt.exe as
Pp7x32.dll is now at the correct Version level when KB955784 is installed.
The Vulnerability Information is shown here:
http://www.microsoft.com/technet/security/bulletin/ms09-017.mspx
The chart under Severity Ratings and Vulnerability Identifiers shows
which vulnerabilities are present in PowerPoint 2003 SP3, *none* of
which are rated as Critical.
MowGreen
===============
*-343-* FDNY
Never Forgotten
===============
> I think I know where the confusion lies here ... KB969615 is *not*
> intended for anything but PowerPoint Viewer 2003.
> KB955784 is intended for PowerPoint 2003.
>
> KB955784 updates Powerpnt.exe, *not* Pptview.exe, to V. 11.0.8307.0
> and Pp7x32.dll to V. 11.0.8305.0.
Yeah, but it's suspicious that the file pptview.exe exists in both products but
is only updated in one of them. There may well be a reason why it isn't
necessary to update it in PowerPoint 2003, but I'd like MS to confirm that this
is the case. It's fairly unusual.
Harry.
PP7 Memory Corruption Vulnerability - CVE-2009-0225
PP7 Memory Corruption Vulnerability - CVE-2009-1128
PP7 Memory Corruption Vulnerability - CVE-2009-1129
Maybe you can decipher if updating Pp7x32.dll is what mitigates the vuln
in Pptview.exe when it's a component of PP2003 SP3. I can't.
MowGreen
===============
*-343-* FDNY
Never Forgotten
===============
Harry Johnston [MVP] wrote:
> MowGreen wrote:
>
>> I think I know where the confusion lies here ... KB969615 is *not*
>> intended for anything but PowerPoint Viewer 2003.
>> KB957784 is intended for PowerPoint 2003.
>>
>> KB957784 updates Powerpnt.exe, *not* Pptview.exe, to V. 11.0.8307.0
>> and Pp7x32.dll to V. 11.0.8305.0.
>
>
> Yeah, but it's suspicious that the file pptview.exe exists in both
> products but is only updated in one of them. There may well be a reason
> why it isn't necessary to update it in PowerPoint 2003, but I'd like MS
> to confirm that this is the case. It's fairly unusual.
>
> Harry.
>
>
>>
>> @Vic ... suggest you check the Version level of Powerpnt.exe as
>> Pp7x32.dll is now at the correct Version level when KB957784 is
A contact within Microsoft informs me that this is a known issue and the Office
team is currently working on an update to correct it. In the meantime, it was
recommended that the pptview.exe file be renamed to pptview.old to make
vulnerability scanners happy.
Harry.
> [OP is relying on the outdated application Patchlink to tell him what
> updates his computer(s) need, not AU/WU/MU, Harry.]
Yes, but MS have confirmed that the file in question should indeed have been
updated, so basically Patchlink got it right.
No word on whether the failure to update the file actually represents an
exploitable vulnerability or not, although my best guess is that it doesn't.
Harry.