|
|
Forum Thread: Insecure warnings for fully patched Access, Front Page and Outlook
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.
This thread was submitted in the following forum:
Problems and Questions Regarding 3rd Party Programs
| Grahamrice
| Insecure warnings for fully patched Access, Front Page and Outlook
|
|
|
by Grahamrice on 4th Dec, 2008 11:44
|
Posts: 2
User Since: 8th Aug, 2008
Secunia System Score: N/A
Location: N/A |
PSI is stating these programs are insecure, but my system is fully patched. The "Download Solution" links point to :-
a) KB947361 for Access and Front Page
b) KB946986 for Outlook
I downloaded these and tried to reinstall (on top of the existing patch), but got a Microsoft warning message "This update has already been applied.................."
Further information :-
a) These updates do not have a "delete" option, so I cannot REMOVE existing patches and install fresh versions. Both KB numbers do show up in the Add/Remove list (expanded to show updates), but do not allow removal.
b) Strangely both patches are for the March 2008 update.
c) KB947361 is a general Office patch, but PSI says Excel and Word are "patched" correctly!
It seems that I either ignore it or completely reinstall Office in the hope that it cures the problem.
Does anybody have any ideas?
I am using Office 2000 Premium, with Windows XP SP3 and IE7. |
|
|
| jerrykde
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by jerrykde on 4th Dec, 2008 18:06
|
Posts: 1
User Since: 23rd May, 2008
Secunia System Score: N/A
Location: N/A |
In my XP SP2 system PSI also lists MS Access and Frontpage as insecure.
After downloading MS patch I verified that this patch (KB953405) was
installed in September and is available according to Software installs
and Belarc Advisor. Why doesn't PSI detect it ? |
|
|
| erwaxman
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by erwaxman on 7th Dec, 2008 09:31
|
Posts: 39
User Since: 23rd Dec, 2007
Secunia System Score: 97%
Location: York, PA, US |
I am also running Office 2000 Premium with Windows XP SP3 and IE7.
PSI has been reporting for many weeks now that fully patched Access 2000, FrontPage 2000 and Outlook 2000 are insecure. Since I updated to PSI 1.0.0.1, every time I boot up I get a warning message about insecure programs.
I've been sending messages to Secunia about this problem ever since it began. I haven't received any reply.
I've been ignoring the warnings. I suggest that you do the same. I see no reason to uninstall/reinstall Office. The problem is not with Office, it's with PSI not properly detecting the versions of the three installed programs. Secunia will eventually find a way to resolve the problem, or it won't. Whether or not it does, the three programs aren't insecure, which is what really matters.
Sooner or later, Microsoft will create new patches for newly discovered security holes in the three programs. When we install those patches, perhaps then PSI will start detecting the versions correctly. |
|
|
| Agent_Smith
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by Agent_Smith on 7th Dec, 2008 20:19
|
Posts: 14
User Since: 6th Dec, 2008
Secunia System Score: 100%
Location: AR |
Are you sure it is fully patched?
See my other response to a similar issue:
http://secunia.com/community/forum/thread/show/675...
I had to upgrade to Microsoft Update and install the latest service pack for my office to fix it. |
|
|
| erwaxman
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by erwaxman on 7th Dec, 2008 21:54
|
Posts: 39
User Since: 23rd Dec, 2007
Secunia System Score: 97%
Location: York, PA, US |
on 7th Dec, 2008 20:19, Agent_Smith wrote:Are you sure it is fully patched?
See my other response to a similar issue:
http://secunia.com/community/forum/thread/show/675...
I had to upgrade to Microsoft Update and install the latest service pack for my office to fix it.
I'm running Office 2000 Premium SP3. I'm sure that it's fully patched. FRONTPG.EXE is 4.0.2.6625. MSACCESS.EXE is 9.0.0.6620. OUTLOOK.EXE is 9.0.0.6604. PSI is detecting all three as 9.0.0.3821, which is obviously incorrect.
When I try to install the two Microsoft patches that PSI says are required to make the three programs secure (KB946986 and KB947361), I get messages saying that the patches have already been installed. I knew that, of course, having installed the patches on 03/10/2008 when they first became available. KB946986 is for Outlook 2000; KB947361 is for Office 2000, which presumably means that it updated all of the Office programs.
PSI is correctly detecting that EXCEL.EXE is 9.0.0.8972; that POWERPNT.EXE is 9.0.0.8969; that MSPUB.EXE is 9.0.8932.0; and that WINWORD.EXE is 9.0.0.8970. It seems particularly strange that PSI is detecting the versions of some Office 2000 programs correctly and some incorrectly.
I've alerted Secunia to the problem several times. I haven't received a response to my feedback. I had hoped that PSI 1.0.0.1 would resolve the issue, but it didn't. I assume that Secunia is working on a resolution. |
|
|
| bobvance
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by bobvance on 12th Dec, 2008 22:02
|
Posts: 9
User Since: 12th Dec, 2008
Secunia System Score: N/A
Location: N/A |
This is a real PSI false positive.
I am having the same, exact problem as erwaxman, although my actual patched versions for Word & Excel = 9.0.0.8974.
The Access, Outlook, & Frontpage versions match his.
bv
|
|
|
| mcnemar
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by mcnemar on 19th Dec, 2008 12:04
|
Posts: 3
User Since: 19th Jan, 2008
Secunia System Score: 100%
Location: US |
I get a message saying "the expected version(s) were not found on your computer" when I try to install the patches. Help!
--
Thx much! |
|
|
| P.Bear
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by P.Bear on 19th Dec, 2008 14:14
|
Posts: 1
User Since: 21st Oct, 2008
Secunia System Score: 100%
Location: San Francisco Bay Area, US |
I've been having the same problems since I updated to Version 1; PSI seems to have lost the ability to update its database, on-the-fly, as thoroughly as it used to when updates are installed - especially thru Windows/Microsoft Update.
I've had to run a full scan manually in PSI at least twice now, after applying Windows updates, to get it to catch up and show my system is clean. If you go to the "Scan" tab in PSI and run a full system scan, it should then give you an accurate status report. |
|
|
| mcnemar
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by mcnemar on 19th Dec, 2008 15:35
|
Posts: 3
User Since: 19th Jan, 2008
Secunia System Score: 100%
Location: US |
Thx P. Bear, but when I try to do the updates, I get a "the expected version of the product was not found on your system" message and now it shows here on my profile that my score is 100%, yet when I scan it comes up at only 82%. Good thing this is free or it would be a real P.O.S.!
--
Thx much! |
|
|
| erwaxman
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by erwaxman on 19th Dec, 2008 18:18
|
Posts: 39
User Since: 23rd Dec, 2007
Secunia System Score: 97%
Location: York, PA, US |
on 19th Dec, 2008 14:14, P.Bear wrote:
I've been having the same problems since I updated to Version 1; PSI seems to have lost the ability to update its database, on-the-fly, as thoroughly as it used to when updates are installed - especially thru Windows/Microsoft Update.
I've had to run a full scan manually in PSI at least twice now, after applying Windows updates, to get it to catch up and show my system is clean. If you go to the "Scan" tab in PSI and run a full system scan, it should then give you an accurate status report.
It should, but it doesn't. Running a full scan manually produces the same results that an automatic scan produces. Re-scanning the individual programs does the same. PSI is scanning the correct executables in the correct locations, but it is not identifying the versions correctly. The problem seems to be limited to the three Microsoft Office programs, and it seems to apply to at least Office 2000, Office 2003 and Office XP. I'm not sure whether it applies to Office 2007. |
|
|
| erwaxman
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by erwaxman on 19th Dec, 2008 18:32
|
Posts: 39
User Since: 23rd Dec, 2007
Secunia System Score: 97%
Location: York, PA, US |
on 19th Dec, 2008 15:35, mcnemar wrote:
Thx P. Bear, but when I try to do the updates, I get a "the expected version of the product was not found on your system" message and now it shows here on my profile that my score is 100%, yet when I scan it comes up at only 82%. Good thing this is free or it would be a real P.O.S.!
You get "the expected version of the product was not found on your system" when you try to apply a patch meant for another version of the product.
When you go to Microsoft Update (http://update.microsoft.com/microsoftupdate/v6/def...) or Office Update (http://office.microsoft.com/en-us/downloads/mainca...), does it indicate that security patches are available for your Office products? If Microsoft says that your products are up-to-date, then PSI is wrong. If Microsoft says that security patches are available, you should install the patches and then return to either Microsoft Update or Office Update to make sure that the patches have been installed properly. Again, if Microsoft says that your products are up-to-date and PSI says that they're insecure, PSI is wrong.
|
|
|
| mcnemar
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by mcnemar on 19th Dec, 2008 18:38
|
Posts: 3
User Since: 19th Jan, 2008
Secunia System Score: 100%
Location: US |
Thanks waxman. I thought so, but I wanted to be sure, especially with all the identity theft going on. Can you tell I'm not very tech savvy?...:-]
--
Thx much! |
|
|
| A Fox Squirrel
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by A Fox Squirrel on 19th Dec, 2008 19:04
|
Posts: 12
User Since: 8th Dec, 2008
Secunia System Score: 98%
Location: N/A |
Ran into a minor problem with Secunia PSI.
The program says both Word & Excel are insecure. (I use MS Office 2000,SB Edition for Excel;Word 2000 for Word.)Run on WinXP Pro SP3 fully updated.
I was initially puzzled since I ran Microsoft Update the day before, & they had no updates whatsoever for anything. I opened and ran their direct download link for each (both were MS Kb files). Both gave me a message that they were not for any program on my computer.
Reran Microsoft Update & they still had no updates.
Secunia PSI says I have Excel version 9.0.0.2719, and Word version 9.0.0.2717. Everything I check on my computer says that I have version 9.0.0.2720 on both!
Rebboted & ran Secunia PSI again with same result – insecure! Go figure!!! Just one more proof that Secunia PSI needs to look into this problem. |
|
|
| csi
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by csi on 19th Dec, 2008 21:09, last edited on 19th Dec, 2008 21:09
|
Posts: 28
User Since: 12th Aug, 2008
Secunia System Score: N/A
Location: N/A |
on 7th Dec, 2008 21:54, erwaxman wrote:
I'm running Office 2000 Premium SP3. I'm sure that it's fully patched.
Access 9.0.0.6620
Excel 9.0.0.8972
Outlook 9.0.0.6604
Powerpoint 9.0.0.8969
Word 9.0.0.8970
Frontpage 4.0.2.6625
Publisher 9.0.8932.0
This is odd! It seems that everybody has different "fully patched" Office 2000 versions?
Access 9.0.8968 SP-3
Excel 9.0.8968 SP-3
Outlook 2000 SP3 9.0.0.8968
Powerpoint 2000 SP-3 9.0.6620
Word 2000 9.0.8968 SP-3
--
Cebop INN, Pentium M 740, 1733 MHz, 2 GB DDR2 SO-DIMM 533MHZ, XP SP3, PSI 1.500. |
|
|
| vdohe
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by vdohe on 19th Dec, 2008 21:56, last edited on 19th Dec, 2008 21:56
|
Posts: 1
User Since: 6th Feb, 2008
Secunia System Score: N/A
Location: N/A |
This problem is not limited to XP users -- I get the warnings under Vista Home Premium (for Access 2000, International English version 9.0.8968 SP-3, which Secunia identifies as version 9.0.0.2720). If I do a renewed scan just on this program (using an icon on the tab for insecure programs), then Secunia congratulates me for having fixed the problem -- but will not "remember" this once I close the program.
It's a small problem and I've decided just to live with it. Secunia PSI is a wonderful program -- and free! -- so I can live with a little imperfection.
P.S. I recently installed Firefox as my default browser. It made no difference regarding this particular problem. |
|
|
| erwaxman
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by erwaxman on 19th Dec, 2008 22:23
|
Posts: 39
User Since: 23rd Dec, 2007
Secunia System Score: 97%
Location: York, PA, US |
on 19th Dec, 2008 21:09, csi wrote:
This is odd! It seems that everybody has different "fully patched" Office 2000 versions?
Access 9.0.8968 SP-3
Excel 9.0.8968 SP-3
Outlook 2000 SP3 9.0.0.8968
Powerpoint 2000 SP-3 9.0.6620
Word 2000 9.0.8968 SP-3
There are two ways to determine the version number of a Microsoft program.
If I go to each program's Help > About, I find the following:
Access 2000 SP3 -- 9.0.8968
Excel 2000 SP3 -- 9.0.8968
FrontPage 2000 SP3 -- 4.0.2.6625
Outlook 2000 SP3 -- 9.0.0.8968
PowerPoint 2000 SP3 -- 9.0.8969
Publisher 2000 SP3 -- no version listed
Word 2000 SP3 -- 9.0.0.8968
If I look at each program's executable, which is what PSI does, I find the following:
MSACCESS.EXE -- 9.0.0.6620
EXCEL.EXE -- 9.0.0.8974
FRONTPG.EXE -- 4.0.2.6625
OUTLOOK.EXE -- 9.0.0.6604
POWERPNT.EXE -- 9.0.0.8969
MSPUB.EXE -- 9.0.8932.0
WINWORD.EXE -- 9.0.0.8974
Leaving aside FrontPage and Publisher, which you apparently don't have, your versions and my Help > About versions are the same, except for PowerPoint. It's possible that you're missing the latest patch for PowerPoint.
In no case is there a 9.0.0.3821, which is what PSI is detecting. |
|
|
| csi
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by csi on 19th Dec, 2008 23:02
|
Posts: 28
User Since: 12th Aug, 2008
Secunia System Score: N/A
Location: N/A |
Hi, thank you for answering. So I'm going to try to update Powerpoint yet.
At last, it seems to be more likely a Microsoft problem, than a Secunia problem, because Office 2000 doesn't obtain official support any more, as far as I know.
--
Cebop INN, Pentium M 740, 1733 MHz, 2 GB DDR2 SO-DIMM 533MHZ, XP SP3, PSI 1.500. |
|
|
| erwaxman
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by erwaxman on 19th Dec, 2008 23:24
|
Posts: 39
User Since: 23rd Dec, 2007
Secunia System Score: 97%
Location: York, PA, US |
on 19th Dec, 2008 23:02, csi wrote:
At last, it seems to be more likely a Microsoft problem, than a Secunia problem, because Office 2000 doesn't obtain official support any more, as far as I know.
Office 2000 still receives security support and security patches.
The problem is with PSI not correctly detecting the version of certain installed Office programs. It correctly detects the version of other Office programs. The problem is not limited to Office 2000 programs -- Office 2003 and Office XP are also affected.
It is proper to read an entire thread before adding your comments. That way you don't waste everyone's time by adding irrelevant comments or by raising issues that have already been settled. |
|
|
| csi
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by csi on 20th Dec, 2008 00:20
|
Posts: 28
User Since: 12th Aug, 2008
Secunia System Score: N/A
Location: N/A |
Sorry for that. I must have missed these important details ...
Thanks for explaining.
--
Cebop INN, Pentium M 740, 1733 MHz, 2 GB DDR2 SO-DIMM 533MHZ, XP SP3, PSI 1.500. |
|
|
| Pseudonym
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by Pseudonym on 20th Dec, 2008 09:09
|
Posts: 5
User Since: 6th Dec, 2008
Secunia System Score: N/A
Location: N/A |
Same problem here with recognised Version
MS Access 2003 11.0.8166.0
MS Infopath 2003 11.0.8165.0
Suggested Download KB953404 shows already installed message.
|
|
|
| BigDave_39
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by BigDave_39 on 20th Dec, 2008 09:15
|
Posts: 175
User Since: 26th Nov, 2008
Secunia System Score: N/A
Location: Washington, DC, US |
I don't think this is a PSI problem, but more of a problem with the way Microsoft issues their patches.
From my experience, Microsofts office patches requires prerequisites before they will install, e.g. certain office service packs to be installed and all previous office patches as well - before you can install these security patches.
I have successfully upgraded my "Windows Update" to "Microsoft Update" and it solved my office problems quickly.
Do you guys use Microsoft Update (NOT "Windows" Update) to update your office applications?
Go to "Windows Update" (with IE) and choose to upgrade to "Microsoft Update":
http://windowsupdate.microsoft.com/
--
Big Dave |
|
|
| A Fox Squirrel
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by A Fox Squirrel on 20th Dec, 2008 18:19, last edited on 20th Dec, 2008 18:19
|
Posts: 12
User Since: 8th Dec, 2008
Secunia System Score: 98%
Location: N/A |
BigDave 39:
I use Microsoft Update, and it showed 0 updates in all categories.
(Used Custom Install)
|
|
|
| erwaxman
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by erwaxman on 20th Dec, 2008 19:08
|
Posts: 39
User Since: 23rd Dec, 2007
Secunia System Score: 97%
Location: York, PA, US |
on 20th Dec, 2008 09:15, BigDave_39 wrote:I don't think this is a PSI problem, but more of a problem with the way Microsoft issues their patches.
From my experience, Microsofts office patches requires prerequisites before they will install, e.g. certain office service packs to be installed and all previous office patches as well - before you can install these security patches.
I have successfully upgraded my "Windows Update" to "Microsoft Update" and it solved my office problems quickly.
Do you guys use Microsoft Update (NOT "Windows" Update) to update your office applications?
Go to "Windows Update" (with IE) and choose to upgrade to "Microsoft Update":
http://windowsupdate.microsoft.com/
If what you're suggesting were true, PSI would detect NONE of the Office programs as secure, which is not what is happening. Only Access, FrontPage and Outlook are being detected as insecure. I have all of the previous Office patches installed, and I'm sure that all of the other posters can say the same.
As for using Microsoft Update rather than Windows Update, see my post of 19th Dec 2008 18:32. Anyone who hasn't updated to Microsoft Update should do so. But it's also possible to use Office Update for Office programs. Using either Microsoft Update or Office Update, I am offered no Office patches.
I'm no Microsoft apologist. When Microsoft screws up, which it frequently does, I don't hesitate to jump all over it with hobnail boots. This problem is not Microsoft's fault. PSI is misdetecting the version of properly installed, properly updated, properly patched programs. The programs in question happen to be Microsoft programs, which, unless someone can demonstrate otherwise, is the extent of Microsoft's involvement in the situation. |
|
|
| bobvance
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by bobvance on 20th Dec, 2008 22:03
|
Posts: 9
User Since: 12th Dec, 2008
Secunia System Score: N/A
Location: N/A |
It is a PSI problem -- the program is clearly getting the wrong versions of the files.
But, I'm not complaining -- just informing.
It hasn't led me astray on other apps yet.
I was skeptical when I first looked at using PSI, but I'm actually impressed at how well it does and like it. I have put it on all my personal computers.
So what that the security page currently has a couple of Office issues. I just ignore them and notice any additions -- no big deal to me. It's not like the program is constantly bugging me about the "problems". The discrepancy *would* be a problem in a corporate situation, but...
bv |
|
|
| erwaxman
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by erwaxman on 20th Dec, 2008 23:27
|
Posts: 39
User Since: 23rd Dec, 2007
Secunia System Score: 97%
Location: York, PA, US |
PSI is an enormously helpful and extremely useful program. That Secunia offers it at no cost to non-commercial users is admirable.
Secunia generally responds fairly quickly to users' concerns and suggestions. But it hasn't responded to any messages about this issue, so far as I'm aware. It certainly hasn't responded to me, and I've been telling it about this issue since the issue first surfaced many weeks ago.
Because Microsoft Office programs are used by so many people, and because new security holes are found in the programs on a regular basis, keeping the programs secure is a constant struggle. If you see a notification from PSI that you have unpatched security threats every time you boot up your computer, eventually you may stop paying attention to PSI notifications. You may miss a notification that isn't a false positive. It may even be a notification about a Microsoft program.
Secunia really needs to address this issue. At the very least, it ought to post a message to this thread letting us know that it is aware of the issue and is working to resolve it. |
|
|
| A Fox Squirrel
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by A Fox Squirrel on 22nd Dec, 2008 00:47
|
Posts: 12
User Since: 8th Dec, 2008
Secunia System Score: 98%
Location: N/A |
Updated Secunia PSI to V 1.0.0.3. I don't see where the version is given (it's usually under Help or in properties). Revo doesn't list Secunia's version either.
The problem is that many MS programs when patched do not change the version in the .exe file (right click file, ck. properties), but does change it in the 'about' window under 'help'. Secunia checks the .exe file, and says insecure. Somehow Revo finds and displays the correct version. Maybe Secunia should ask Revo how it determines MS versions.
Update link:
http://secunia.com/vulnerability_scanning/personal...
Last update 12/17/08.
Doesn't solve MS version problem. |
|
|
| erwaxman
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by erwaxman on 22nd Dec, 2008 01:04
|
Posts: 39
User Since: 23rd Dec, 2007
Secunia System Score: 97%
Location: York, PA, US |
on 22nd Dec, 2008 00:47, A Fox Squirrel wrote:Updated Secunia PSI to V 1.0.0.3. I don't see where the version is given (it's usually under Help or in properties). Revo doesn't list Secunia's version either.
The problem is that many MS programs when patched do not change the version in the .exe file (right click file, ck. properties), but does change it in the 'about' window under 'help'. Secunia checks the .exe file, and says insecure. Somehow Revo finds and displays the correct version. Maybe Secunia should ask Revo how it determines MS versions.
Update link:
http://secunia.com/vulnerability_scanning/personal...
Last update 12/17/08.
Doesn't solve MS version problem.
See my post of 19th Dec 2008 22:23 above. The executable version number is sometimes higher than the Help > About version number. In no case is it 9.0.0.3821, the version number that PSI is detecting. I don't know how PSI is coming up with 9.0.0.3821. That goes double for FrontPage 2000.
|
|
|
| erwaxman
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by erwaxman on 22nd Dec, 2008 02:20
|
Posts: 39
User Since: 23rd Dec, 2007
Secunia System Score: 97%
Location: York, PA, US |
on 22nd Dec, 2008 00:47, A Fox Squirrel wrote:
Somehow Revo finds and displays the correct version. Maybe Secunia should ask Revo how it determines MS versions.
Revo Uninstaller gets version information from the registry. It lists only programs that write to the registry. If the version number does not appear in the registry, as is the case with PSI, no version number appears in Revo Uninstaller.
Revo Uninstaller does not list Microsoft Office programs individually. In my system it lists "Microsoft Office 2000 SR-1 Premium" and "Microsoft Office 2000 SR-1 Disc 2." The version shown in both cases is 9.00.9327.
So, saying that "somehow Revo finds and displays the correct version" is grossly untrue. Revo Uninstaller does no such thing.
There is no perfect way to detect every program in a system, and there is no perfect way to detect the version of every program that is detected. That said, the way that PSI goes about the task is probably the best way to do it.
The mystery is why PSI isn't able to detect the correct versions of Access, FrontPage and Outlook while at the same time it is able to detect the correct versions of other Office programs. |
|
|
| A Fox Squirrel
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by A Fox Squirrel on 22nd Dec, 2008 02:29
|
Posts: 12
User Since: 8th Dec, 2008
Secunia System Score: 98%
Location: N/A |
erwaxman -
Apparently sometimes they don't change either! SLOPPY!! I haven't had that problem with MS Office 2000 SB Edition (both Word & Excel). The help designation has always beeen changed (as far as I know). Revo agrees with the 'help' designation. Secunia agrees with the 'properties' designation. The help version is the latest of the two. |
|
|
| erwaxman
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by erwaxman on 22nd Dec, 2008 02:47
|
Posts: 39
User Since: 23rd Dec, 2007
Secunia System Score: 97%
Location: York, PA, US |
on 22nd Dec, 2008 02:29, A Fox Squirrel wrote:
erwaxman -
Apparently sometimes they don't change either! SLOPPY!! I haven't had that problem with MS Office 2000 SB Edition (both Word & Excel). The help designation has always beeen changed (as far as I know). Revo agrees with the 'help' designation. Secunia agrees with the 'properties' designation. The help version is the latest of the two.
Everything that you've said so far is incorrect, irrelevant or unintelligible. Did you read my Dec. 19 post? Did you read either of today's posts?
Revo Uninstaller doesn't list individual Office programs. Consequently, Revo Uninstaller doesn't "agree" with Help > About where individual Office programs are concerned. The version that Revo Uninstaller lists for Microsoft Office in my system "agrees" with the version of none of the individual programs.
PSI detects the versions of Word and Excel correctly. The problem is only with Access, FrontPage and Outlook.
The version of a program listed in Help > About is not necessarily the highest numbered version. Again, did you read my Dec. 19 post?
Please don't waste everyone's time by posting nonsense like "apparently sometimes they don't change either." Apparently sometimes what don't "change" either? |
|
|
| A Fox Squirrel
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by A Fox Squirrel on 22nd Dec, 2008 03:49
|
Posts: 12
User Since: 8th Dec, 2008
Secunia System Score: 98%
Location: N/A |
You got an attitude,erwaxman! lighten up!
If you would calm down and READ the posts, you'll see we have DIFFERENT versions of MS 2000!
I read your post, but I read it carefully, and noted that we're talking different apples - macintosh & delicious!
My Revo lists my version of Office 2000 AND WORD 2000 correctly. If this form allowed a screen shot, I could show you.
Secunia does not list MY VERSION of Excel or Word correctly.
Take a deep breath, read the posts CAREFULLY, THINK, and then respond. |
|
|
| erwaxman
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by erwaxman on 22nd Dec, 2008 06:39, last edited on 22nd Dec, 2008 06:39
|
Posts: 39
User Since: 23rd Dec, 2007
Secunia System Score: 97%
Location: York, PA, US |
on 22nd Dec, 2008 03:49, A Fox Squirrel wrote:
You got an attitude,erwaxman! lighten up!
If you would calm down and READ the posts, you'll see we have DIFFERENT versions of MS 2000!
I read your post, but I read it carefully, and noted that we're talking different apples - macintosh & delicious!
My Revo lists my version of Office 2000 AND WORD 2000 correctly. If this form allowed a screen shot, I could show you.
Secunia does not list MY VERSION of Excel or Word correctly.
Take a deep breath, read the posts CAREFULLY, THINK, and then respond.
I'm calm, cool, collected and still annoyed. I read your posts very carefully the first time around. I just read them again. What I said before now includes your latest post as well as your previous posts: Everything that you've said so far is incorrect, irrelevant or unintelligible.
The various versions of Office 2000 contain different combinations of the exact same programs. If memory serves, Small Business, which you have, doesn't include Access or PowerPoint. Many versions don't include Publisher. I have Premium, which includes all of the programs. But regardless of which version of Office 2000 a person has, Word 2000 is the exact same program in every version. Excel 2000 is the exact same program in every version. Every version that contains Outlook 2000 contains the exact same Outlook 2000. Every version that contains Access 2000 contains the exact same Access 2000. The only differences among Office 2000 versions concern which combination of programs is included in which version. So, although you and I have different versions of Office 2000, whichever Office 2000 programs we have in common are the exact same programs. Your Word 2000 and my Word 2000 are the exact same Word 2000. Your Excel 2000 and my Excel 2000 are the exact same Excel 2000. The only difference between your version and my version of Office 2000 is that my version includes programs that yours doesn't. Got it? Have I cleared that up for you?
If you want to send me a screen shot showing that Revo lists Word 2000 and other Office 2000 programs as individual programs rather than just as Office 2000, send it to [deleted]. That's a throwaway address that I can shut down if it gets inundated with spam.
The version number of PSI appears in the lower right-hand corner of the PSI window, on what amounts to the PSI status bar. It also appears on the Version tab of psi.exe Properties.
You say that PSI does not list your versions of Excel and Word correctly. Does PSI says that your versions of Excel and Word are insecure? If it doesn't, why did you mention what is otherwise a completely irrelevant piece of information?
You don't say that PSI lists your version of Outlook incorrectly or that it says that your version of Outlook is insecure. Does PSI do either of those things? Do you have FrontPage 2000 in your system? If so, what does PSI say about it? You probably don't have Access, but if you do, the same question applies. This entire thread exists only because PSI is reporting Outlook, FrontPage and Access as insecure. If you don't have those programs, or if you have them but PSI isn't reporting them as insecure, why the hell did you post to this thread?
I've earned the right to have an attitude. I've been working hard to get a problem resolved. You've done nothing so far except confuse matters and waste my time. To add insult to injury, you don't even appear to be affected by the problem. |
|
|
| bobvance
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by bobvance on 22nd Dec, 2008 17:15
|
Posts: 9
User Since: 12th Dec, 2008
Secunia System Score: N/A
Location: N/A |
================================================== =========
> This entire thread exists only because PSI
> is reporting Outlook, FrontPage and Access as insecure.
================================================== =========
Yes. That is the bottom line!
(Just to keep proper perspective amidst the voluminous text in this thread :>)
bv |
|
|
| A Fox Squirrel
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by A Fox Squirrel on 22nd Dec, 2008 22:28
|
Posts: 12
User Since: 8th Dec, 2008
Secunia System Score: 98%
Location: N/A |
To answer your (erwaxman) specific comments:
1. Irrelevant – You should READ the heading of this thread, which incidentally YOU didn’t start.
“This thread was submitted in the following forum:
Problems and Questions Regarding 3rd Party Programs
Relating to this vendor: Microsoft
And, this specific program: Microsoft Office 2000” (screenshot)
Therefore my comments on Office 2000 ARE relevant, and that’s why I posted to this thread.
Lesson to be learned: You are not the only person in the universe.
2. As to your large 2nd paragraph, YOU are totally and completely wrong! You obviously haven’t been around long enough to begin to think like a computer or a programmer, but it will come in time. While the programming of the Word component is very similar in each version of Office 2000, the various Office 2000 programs are not. MS Office 2000 SB Edition only contains Word, Excel, Outlook, PowerPoint, Access, and FrontPage. It’s program contains cross references to the other programs, but NOT to those also included in other versions of Office 2000. When a revision is made to Publisher, for example, my SB Edition is NOT patched, but your version is. Therefore, versions are different for different Office programs. They even have to start with different version numbers to differentiate which goes on which CD. THINK about how this must work. Your WINWORD.EXE is 9.0.0.8970, while mine is 9.0.0.2720, and Secunia says it’s 9.0.0.2717 and insecure. (screenshot)
3. You say Revo doesn’t list these separately. Mine does, and I know why. I have both Office 2000 and Word 2000. I must have loaded Excel from Office 2000, and Word from Word 2000. When I look at the folder where Secunia says it found the Word version, it’s under Office 2000 on my C: drive. My copy of Revo lists both. Note the version number doesn’t agree with Secunia. (Screenshot)
4. Thank you for the location of Secunia’s version number – I was looking for it in ‘help’, where most programs show it. I tried properties. (screenshot) Do you see a version tab? I don’t.
5. No one has the right to have an attitude. That’s childish. As you see, I am affected by the problem. You may not believe it, but it’s bigger than you. We’re all trying, and the confusion is you. Most versions of MS Office have the same problems. I’ve seen complaints on Office 2000, Office 2003 and Office 2007, and it covers a variety of programs in each.
6. I’m posting this on the forum to correct the obvious misstatements you’ve posted. (Without the screenshots) The right thing to do is acknowledge the receipt of the screenshots on the forum, and that they support my comments.
|
|
|
| erwaxman
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by erwaxman on 23rd Dec, 2008 03:26, last edited on 23rd Dec, 2008 03:26
|
Posts: 39
User Since: 23rd Dec, 2007
Secunia System Score: 97%
Location: York, PA, US |
on 22nd Dec, 2008 22:28, A Fox Squirrel wrote:
To answer your (erwaxman) specific comments:
1. Irrelevant – You should READ the heading of this thread, which incidentally YOU didn’t start.
“This thread was submitted in the following forum:
Problems and Questions Regarding 3rd Party Programs
Relating to this vendor: Microsoft
And, this specific program: Microsoft Office 2000” (screenshot)
Therefore my comments on Office 2000 ARE relevant, and that’s why I posted to this thread.
Lesson to be learned: You are not the only person in the universe.
Just because your comments are about Office 2000 doesn't make them relevant. The topic of the thread is "Insecure warnings for fully patched Access, FrontPage and Outlook." None of your comments have been about insecure warnings for fully patched Access, FrontPage and Outlook. That makes your comments irrelevant.
The fact that I didn't start this thread is irrelevant. So is the fact that I did start a similar thread in one of the other Secunia forums. What matters is that my comments posted to this thread, except perhaps for those dealing with your nonsense, have been pertinent to the topic of the thread. Your comments, not so much.
For instance, you introduced irrelevant information about Revo Uninstaller and how it allegedly finds and displays the correct version of programs. The version information that Revo Uninstaller (and many similar programs) displays is found in the registry. Many programs do not write to the registry; many that do write to the registry do not include version information in what they write to the registry; and some that do include version information when they write to the registry do not update that information when the program is updated. Revo Uninstaller is not designed to do what PSI is designed to do. PSI bases its version information on what is found in a program executable's properties, which is the only sensible way to do what PSI is designed to do.
Lesson learned: I am not the only person in the universe. You cannot know how relieved I am to learn that there are other people in the universe. I was sooooo lonely.
on 22nd Dec, 2008 22:28, A Fox Squirrel wrote:
2. As to your large 2nd paragraph, YOU are totally and completely wrong! You obviously haven’t been around long enough to begin to think like a computer or a programmer, but it will come in time. While the programming of the Word component is very similar in each version of Office 2000, the various Office 2000 programs are not. MS Office 2000 SB Edition only contains Word, Excel, Outlook, PowerPoint, Access, and FrontPage. It’s program contains cross references to the other programs, but NOT to those also included in other versions of Office 2000. When a revision is made to Publisher, for example, my SB Edition is NOT patched, but your version is. Therefore, versions are different for different Office programs. They even have to start with different version numbers to differentiate which goes on which CD. THINK about how this must work. Your WINWORD.EXE is 9.0.0.8970, while mine is 9.0.0.2720, and Secunia says it’s 9.0.0.2717 and insecure. (screenshot)
I learned how to write FORTRAN IV programs for mainframe computers in graduate school in 1967, which is probably before you were born. I've been working with computers ever since, although it has been a long time since I last wrote any FORTRAN IV programs. I don't appreciate being lectured by someone who undoubtedly needs a checklist to get his computer turned on each morning.
In my large paragraph I specifically said that the various versions of Office 2000 contain different combinations of programs. First you say that I'm totally and completely wrong, then you tell me that the various versions of Office 2000 contain different combinations of programs. You are a moron.
Furthermore, you apparently don't understand that Office 2000 itself is not a program. Office 2000 is a suite with multiple editions. Each edition is composed of a unique set of programs. Word 2000 is the exact same program in every Office 2000 edition which contains it (which is every Office 2000 edition). The version number of winword.exe (the Word 2000 executable) may vary from edition to edition, but the program is identical in every edition of Office 2000. Publisher 2000 isn't contained in every Office 2000 edition, but in every edition in which it is contained, it is the same program. The version number of mspub.exe (the Publisher 2000 executable) may vary from edition to edition, but the program is identical in every edition of Office 2000 in which it is contained.
When Microsoft issues a Word 2000 security patch, it issues only one patch. It does not issue separate and distinct patches for Word 2000 Small Business Edition, Word 2000 Premium Edition and so forth. When Microsoft issues an Office 2000 security patch, the patch contains fixes for more than one Office 2000 program (say, Word, Excel and Outlook). Again, there is just one patch; there are not separate and distinct patches for Office 2000 Small Business Edition, Office 2000 Premium Edition and so forth. If your edition of Office 2000 does not contain a program for which there is a fix included in an Office 2000 patch, guess what? The fix is not applied. The patch searches for specific executables to fix, and if a particular executable does not exist in the system that it is examining, it notes that fact and then searches for the next specific executable listed. If the patch is for an individual program and the executable has already been fixed, you'll get a message saying that the patch has already been installed. If you're running Office 2000 and downloaded the patch for Office 2003 by mistake, you'll get the "expected version of the product was not found on your system" message.
Check out the Microsoft Security Bulletin Summary for December 2008(http://www.microsoft.com/technet/security/bulletin...). Go to Bulletin Information > Affected Software and Download Locations > Microsoft Office Suites and Software. Under each bulletin number you'll see separate patches for Office 2000, Office XP, Office 2003, Office 2007 and so forth. What you won't see and will never see is more than one patch for Office 2000, more than one patch for Office XP, more than one patch for Office 2003, more than one patch for Office 2007 or more than one patch for any of the other suites and programs listed, unless there are separate patches for individual programs contained within a particular suite. For Office 2007, for instance, there are separate patches for Word 2007 and Outlook 2007; but there is only one patch for Word 2007 (all editions) and one patch for Outlook 2007 (all editions).
The screen shot that you sent me does show that PSI lists Microsoft Excel 2000 9.0.0.2719 and Microsoft Word 2000 9.0.0.2717 as insecure. Where does PSI indicate that the two executables (excel.exe and winword.exe) are located? Please examine the properties of both executables. What are the version numbers? (Do not tell me what Revo Uninstaller shows. It doesn't matter what Revo Uninstaller shows.) Please go to Microsoft Update. Does Microsoft Update indicate that there are patches available for either of the programs?
on 22nd Dec, 2008 22:28, A Fox Squirrel wrote:
3. You say Revo doesn’t list these separately. Mine does, and I know why. I have both Office 2000 and Word 2000. I must have loaded Excel from Office 2000, and Word from Word 2000. When I look at the folder where Secunia says it found the Word version, it’s under Office 2000 on my C: drive. My copy of Revo lists both. Note the version number doesn’t agree with Secunia. (Screenshot)
I must admit that it didn't occur to me that someone would have both an Office 2000 CD and a Word 2000 CD; would use the Office 2000 CD to install Excel 2000 but not Word 2000; would use the Word 2000 CD to install Word 2000; and wouldn't get around to mentioning those facts until now. (Please don't try to explain this, unless you want to provide more evidence demonstrating that my teddybear's IQ is higher than yours.) Suffice it to say that, if you had installed Word 2000 from your Office 2000 CD, Revo Uninstaller would list only Microsoft Office 2000 Small Business and would not list Microsoft Word 2000. What Revo Uninstaller shows, of course, is of absolutely no importance to this thread.
on 22nd Dec, 2008 22:28, A Fox Squirrel wrote:
4. Thank you for the location of Secunia’s version number – I was looking for it in ‘help’, where most programs show it. I tried properties. (screenshot) Do you see a version tab? I don’t.
Hey, you know what? I don't see a version tab either! But that's because the screen shot that you sent me shows the properties of your PSI shortcut, not the PSI executable (psi.exe). You, Mr. Computer Genius, apparently don't know the difference between a shortcut and an executable. Your arrogance is exceeded only by your ignorance, you dildo.
on 22nd Dec, 2008 22:28, A Fox Squirrel wrote:
5. No one has the right to have an attitude. That’s childish. As you see, I am affected by the problem. You may not believe it, but it’s bigger than you. We’re all trying, and the confusion is you. Most versions of MS Office have the same problems. I’ve seen complaints on Office 2000, Office 2003 and Office 2007, and it covers a variety of programs in each.
No one has the right to have an attitude? Well, if you say so. Your all-knowingness has been firmly established. Wait, I got that wrong. What has been firmly established is your know-it-all-ness.
The topic of this thread is insecure warnings for fully patched Access, FrontPage and Outlook. You are not affected by insecure warnings for fully patched Access, FrontPage and Outlook. Unless you've been holding out on us, PSI must show that any of those programs that are in your system are secure. Your problem MAY be insecure warnings for fully patched Excel and Word. It has not yet been established that those programs are fully patched in your system. You'll forgive me if I don't take your word for it that there are posts complaining legitimately about insecure warnings for fully patched Office programs other than Access, FrontPage and Outlook.
In several of my posts I've mentioned that the problem of insecure warnings for fully patched Access, FrontPage and Outlook is affecting at least Office 2000, Office XP and Office 2003. As I've already mentioned, I'm running only Office 2000. So, contrary to your suggestion, I have no trouble believing that the problem is bigger than me. (Ooh, you can't possibly know how hard it is for me to say that. It causes me tremendous pain to say something that senseless.)
I agree that you are trying. You are very trying. I deny, however, that the confusion is me. I am not one with the confusion, which sounds terribly Zen. Just to be clear, I'm not the least bit confused. You aren't confused either. You don't know enough to be confused.
on 22nd Dec, 2008 22:28, A Fox Squirrel wrote:
6. I’m posting this on the forum to correct the obvious misstatements you’ve posted. (Without the screenshots) The right thing to do is acknowledge the receipt of the screenshots on the forum, and that they support my comments.
I always try to do the right thing, so I hereby acknowledge receiving your screenshots. They show that:
(1) the topic of this thread is insecure warnings for fully patched Access, FrontPage and Outlook, about which you've had nothing relevant to say;
(2) PSI is showing that Excel 2000 and Word 2000 in your system are insecure, which, for all we know, may be true;
(3) Revo Uninstaller lists both Office 2000 and Word 2000 as being installed in your system (because you didn't install Word 2000 from your Office 2000 CD, a fact heretofore omitted), which is of no importance here because what Revo Uninstaller shows is irrelevant here; and
(4) you don't know the difference between a shortcut and an executable.
As for my posts, the only "obvious misstatements" that they contained were caused by misinformation that you posted or by crucial information that you failed to post. Now that you've provided better information, I've been able to correct my previous misstatements. Thank you for your assistance in that regard. |
|
|
| A Fox Squirrel
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by A Fox Squirrel on 23rd Dec, 2008 05:28, last edited on 23rd Dec, 2008 05:28
|
Posts: 12
User Since: 8th Dec, 2008
Secunia System Score: 98%
Location: N/A |
Sorry erwaxman, you still don’t see that this problem is an overall MS Office problem, affecting more than just your selfish interests. What don’t you understand about “Relating to this vendor: Microsoft
And, this specific program: Microsoft Office 2000”?
I’m also sorry to say that I never programmed in Fortran IV; my programming was in Fortran and FortranII, and some Basic on an Amiga. It’s also been a long time since I used them.
And I was working on computers in 1957. Have you heard of the IBM 650? 64K, 4000 6AU6 vacuum tubes, etc.
Microsoft says my Word is up-to-date, no patches outstanding. If Word has only one current version, why is my version different from your patched version? Others have the same question. I’m glad to see that you agree with me that “The version number of winword.exe (the Word 2000 executable) may vary from edition to edition …” (quote is copy/paste from your post). That’s a major point I’ve been trying to get you to see.
To answer your questions on my versions of Word & Excel that are listed as insecure, Secunia shows they are both in my Office folder, and the detail shows their .exe file. The versions shown in those files’ properties are as shown in the screenshot – 9.0.0.2717 and 9.0.0.2719. Microsoft update (custom) shows 0 updates for every category. The ‘help’ dropdown in both programs shows the same version, 9.0.0.2720.
If you look at vdohe’s post 1, Secunia considers Access version 9.0.0.2720 as secure, even though it ‘forgets’ it later. This is different from your secure Access version, but the same as my ‘help’ shows..
BTW, I have no use for Outlook, PowerPoint, Access, and FrontPage so they are not installed. If I install Access, would that make my comments relevant?
|
|
|
| erwaxman
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by erwaxman on 23rd Dec, 2008 12:00, last edited on 23rd Dec, 2008 12:00
|
Posts: 39
User Since: 23rd Dec, 2007
Secunia System Score: 97%
Location: York, PA, US |
on 23rd Dec, 2008 05:28, A Fox Squirrel wrote:
Sorry erwaxman, you still don’t see that this problem is an overall MS Office problem, affecting more than just your selfish interests.
Let me get this straight. I'm trying to keep this thread on topic. You keep trying to hijack it. And I'm the one who's being selfish?
Why don't you start your own thread? Try this for a topic: "Insecure warnings for fully patched Excel and Word." Run it up the ol' flagpole. See if anyone salutes.
on 23rd Dec, 2008 05:28, A Fox Squirrel wrote:
What don’t you understand about “Relating to this vendor: Microsoft
And, this specific program: Microsoft Office 2000”?
What I don't understand is why you think that's important. Secunia's formatted wording is set up to deal with programs. Microsoft Office 2000 isn't a program, it's a suite that comes in half a dozen different flavors. Not every issue that involves Microsoft Office 2000 has to be, or should be, discussed in this particular thread. Again, stop trying to hijack this thread. Start your own thread.
on 23rd Dec, 2008 05:28, A Fox Squirrel wrote:
I’m also sorry to say that I never programmed in Fortran IV; my programming was in Fortran and FortranII, and some Basic on an Amiga. It’s also been a long time since I used them. And I was working on computers in 1957. Have you heard of the IBM 650? 64K, 4000 AU6U vacuum tubes, etc.
Good grief, you're even more of an antique than I am. But whereas "older but wiser" applies to me, "senile" seems to apply to you. Have you figured out the difference between a shortcut and an executable yet?
on 23rd Dec, 2008 05:28, A Fox Squirrel wrote:
Microsoft says my Word is up-to-date, no patches outstanding. If Word has only one current version, why is my version different from your patched version? Others have the same question. I’m glad to see that you agree with me that “The version number of winword.exe (the Word 2000 executable) may vary from edition to edition …” (quote is copy/paste from your post). That’s a major point I’ve been trying to get you to see.
A fully patched and current Word 2000 is a fully patched and current Word 2000, regardless of its executable's version number. As you pointed out somewhere in this ridiculous exchange, the version numbers are different so that the edition to which a particular executable belongs can be identified. Swap your fully patched and current copy of Word for my fully patched and current copy of Word, and vice versa, and neither one of us would be able to tell that the swap had been made, if the copies were configured identically before the swap took place. PSI might have a nervous breakdown when it tried to figure out what had happened, but my copy of Word would work in your system and your copy of Word would work in my system without missing a beat.
on 23rd Dec, 2008 05:28, A Fox Squirrel wrote:
To answer your questions on my versions of Word & Excel that are listed as insecure, Secunia shows they are both in my Office folder, and the detail shows their .exe file. The versions shown in those files’ properties are as shown in the screenshot – 9.0.0.2717 and 9.0.0.2719. Microsoft update (custom) shows 0 updates for every category. The ‘help’ dropdown in both programs shows the same version, 9.0.0.2720.
Okay, PSI appears to be having a problem detecting the correct version of Excel and Word, at least in your system. At the risk of repeating myself, you should start a new thread to bring the problem to Secunia's attention and to see whether anyone aside from you is experiencing a problem with PSI calling fully patched Excel and Word insecure.
on 23rd Dec, 2008 05:28, A Fox Squirrel wrote:
If you look at vdohe’s post 1, Secunia considers Access version 9.0.0.2720 as secure, even though it ‘forgets’ it later. This is different from your secure Access version, but the same as my ‘help’ shows..
Huh? I get the impression that you're trying to make a point, but you're not succeeding. What is "the same as my 'help' shows.." supposed to mean? You don't have Access installed in your system. If you're trying to say that vdohe's fully patched and current Access is somehow different from my fully patched and current Access because its executable has a different version number, please stifle.
on 23rd Dec, 2008 05:28, A Fox Squirrel wrote:
BTW, I have no use for Outlook, PowerPoint, Access, and FrontPage so they are not installed. If I install Access, would that make my comments relevant?
Nope. I'm not sure that anything would make your comments relevant. But it might be interesting to see what PSI would detect if you installed Access and applied all the patches necessary to bring it up to date.
Just out of curiosity, let's see how different your Excel and Word are from mine:
My copy of excel.exe is 7,237,677 bytes. How large is yours?
My copy of winword.exe is 8,835,124 bytes. How large is yours?
My copy of excel9.olb is 624KB and 03/19/1999. What about yours?
My copy of excel.pip is 1.30KB and 11/15/1998. What about yours?
My copy of msowc.dll is 2,978KB and 12/03/2007. What about yours?
My copy of mso9.dll is 5,465KB and 02/04/2008. What about yours?
My copy of msword9.olb is 536KB and 03/17/1999. What about yours?
My copy of sbcmjrnl.dll is 64KB and 02/23/1999. What about yours?
My copy of wdread.txt is 29KB and 01/27/2000. What about yours?
My copy of word.pip is 1.39KB and 09/10/1998. What about yours?
My copy of xl5en32.olb is 224KB and 01/06/1999. What about yours?
My copy of xlcall32.dll is 32KB and 07/12/2007. What about yours?
My copy of xlread9.txt is 45KB and 01/27/2000. What about yours?
|
|
|
| A Fox Squirrel
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by A Fox Squirrel on 23rd Dec, 2008 18:41
|
Posts: 12
User Since: 8th Dec, 2008
Secunia System Score: 98%
Location: N/A |
Boy, are you narrow-minded! Try thinking outside the box. The problem covers MS Office, not a specific portion of that family. Take off your blinders. We’re all trying to solve the same problem.
A version indicates a unique package of software, not a particular file. Unique is the key. If something changes in a help file, the program is given a revised version number. Otherwise it would not be unique. Could be any number of call files that have changed. It does not have to be the main processing files. Version numbers are not changed arbitrarily.
Be prepared for a surprise!
Just out of curiosity, let's see how different your Excel and Word are from mine:
My copy of excel.exe is 7,237,677 bytes. How large is yours?
7,151,661 bytes 3/20/1999
My copy of winword.exe is 8,835,124 bytes. How large is yours?
8,798,260 bytes 3/18/1999
My copy of excel9.olb is 624KB and 03/19/1999. What about yours?
Same
My copy of excel.pip is 1.30KB and 11/15/1998. What about yours?
Same
My copy of msowc.dll is 2,978KB and 12/03/2007. What about yours?
Don’t have this file!
My copy of mso9.dll is 5,465KB and 02/04/2008. What about yours?
5453KB 3/21/1999
My copy of msword9.olb is 536KB and 03/17/1999. What about yours?
Same
My copy of sbcmjrnl.dll is 64KB and 02/23/1999. What about yours?
Don’t have this file!
My copy of wdread.txt is 29KB and 01/27/2000. What about yours?
28KB 3/19/1999
My copy of word.pip is 1.39KB and 09/10/1998. What about yours?
Same
My copy of xl5en32.olb is 224KB and 01/06/1999. What about yours?
Same
My copy of xlcall32.dll is 32KB and 07/12/2007. What about yours?
32KB 8/31/1998
My copy of xlread9.txt is 45KB and 01/27/2000. What about yours?
45KB 3/20/1999
For the files I don’t have, I searched my entire C: drive, using the advanced options (sub-folders, hidden, system).
Now stop the ‘exactly the same’ nonsense!
|
|
|
| erwaxman
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by erwaxman on 23rd Dec, 2008 19:54, last edited on 23rd Dec, 2008 19:54
|
Posts: 39
User Since: 23rd Dec, 2007
Secunia System Score: 97%
Location: York, PA, US |
on 23rd Dec, 2008 18:41, A Fox Squirrel wrote:
My copy of excel.exe is 7,237,677 bytes. How large is yours?
7,151,661 bytes 3/20/1999
My copy of winword.exe is 8,835,124 bytes. How large is yours?
8,798,260 bytes 3/18/1999
Well, there's your problem. My files are dated 10/24/2008. Which means that they've been patched. Yours are the original files. They're going on 10 years old. They've never been patched. Do you have KB958435 installed? KB956328? KB951582? KB947361? Do you even have Service Pack 3 installed? I take back what I said about swapping my files for yours. I don't want your unpatched files. You keep 'em.
on 23rd Dec, 2008 18:41, A Fox Squirrel wrote:
Now stop the ‘exactly the same’ nonsense!
Consider me stopped. Your files aren't fully patched and current. Mine are. If yours were fully patched and current, they'd be identical to mine, except for the version numbers.
Believe me, don't believe me, I don't care. Start your own thread, don't start your own thread, I don't care. I've wasted all the time on you that I'm going to waste. I'm done responding to you. |
|
|
| A Fox Squirrel
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by A Fox Squirrel on 23rd Dec, 2008 21:39
|
Posts: 12
User Since: 8th Dec, 2008
Secunia System Score: 98%
Location: N/A |
None are so blind as those who will not see! And boy, are you blind!
I do not have the full Office Suite installed. The KB updates you quoted do not apply to my configuration. When I try to run them, I get the message “The expected version of the product was not found on your system.”
SP3 is installed (in fact, I had the beta).
MSUpdate says I have NO UPDATES that need installing. You don’t believe Microsoft. I also ran Belarc, and they say I have one item, Q951748. This concerns DNS. When I try to run it MS instructs me to turn on Automatic Update (which has always been on). You don’t believe Belarc, either. When I run Secunia, it tells me to install MS updates, which give me the same “not found on your system”, and we know Secunia has problems.
I didn’t realize I was communicating with God. Goodby.
|
|
|
| csi
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by csi on 25th Dec, 2008 14:47
|
Posts: 28
User Since: 12th Aug, 2008
Secunia System Score: N/A
Location: N/A |
on 23rd Dec, 2008 05:28, A Fox Squirrel wrote:
If Word has only one current version, why is my version different from your patched version? Others have the same question.
Thank you for working out the point very clearly. I think the Microsoft patch history is to such an extent complicated and therefore error-prone.
--
Cebop INN, Pentium M 740, 1733 MHz, 2 GB DDR2 SO-DIMM 533MHZ, XP SP3, PSI 1.500. |
|
|
| catnip2008
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by catnip2008 on 25th Dec, 2008 16:33
|
Posts: 4
User Since: 26th Nov, 2008
Secunia System Score: N/A
Location: N/A |
Your problem might have something to do with SP3. You might look into it, there are a number of articles advising against installing SP3 as it has the potential to cause problems with existing apps. I have an XP system and use "Windows Secrets" (WindowsSecrets.com) as an information source apart from Microsoft's Knowledge Base. I haven't installed SP3 yet and probably won't. If it ain't broke, don't fix it and XP SP2 is working just fine. |
|
|
| csi
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by csi on 25th Dec, 2008 17:21
|
Posts: 28
User Since: 12th Aug, 2008
Secunia System Score: N/A
Location: N/A |
Thanks for answering. Here is spoken of Service Pack 3 for Office, not for Win XP. ;)
--
Cebop INN, Pentium M 740, 1733 MHz, 2 GB DDR2 SO-DIMM 533MHZ, XP SP3, PSI 1.500. |
|
|
| erwaxman
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by erwaxman on 25th Dec, 2008 23:27, last edited on 25th Dec, 2008 23:27
|
Posts: 39
User Since: 23rd Dec, 2007
Secunia System Score: 97%
Location: York, PA, US |
on 25th Dec, 2008 14:47, csi wrote:
Thank you for working out the point very clearly. I think the Microsoft patch history is to such an extent complicated and therefore error-prone.
As I've insisted whenever the issue has been raised, the various editions of Office 2000 -- Premium, Standard, Small Business and so forth -- contain different sets of Office programs. The Premium edition includes all of the Office programs. Some of the other editions include Publisher 2000; some don't. Some of the other editions include Access 2000; some don't. And so forth.
The Word 2000 executable is winword.exe. Because there are multiple editions of Office 2000, and because Word 2000 is included in all editions of Office 2000, winword.exe comes in several versions (i.e., there are several winword.exe files, each with a version number corresponding to one of the Office 2000 editions). All Word 2000 winword.exe files created on the same date are identical, despite the fact that they have different version numbers.
Thus, the Word 2000 in the Office 2000 Premium edition is the exact same program as the Word 2000 in the Office 2000 Small Business edition. When Microsoft develops a security patch for Word, it issues a single file that patches ALL VERSIONS of Word 2000. It doesn't issue a different file for each version. Likewise it issues a single file for all versions of Word 2003, a single file for all versions of Word XP and a single file for all versions of Word 2007, because Word 2000, Word 2003, Word XP and Word 2007 are different programs. If you have Word 2000 installed in your system, and you try to install a patch for Word 2003 or Word XP or Word 2007, you will get an error message telling you that the expected product couldn't be found in your system.
The problem giving rise to this thread is that PSI is misreading the version number of various Office program executables. In my case, I'm running Office 2000 Premium SP3, fully patched. PSI is misidentifying frontpg.exe 4.0.2.6625 as frontpg.exe 9.0.0.3821 and is calling it insecure. PSI is misidentifying msaccess.exe 9.0.0.6620 as msaccess.exe 9.0.0.3281 and is calling it insecure. PSI is misidentifying outlook.exe 9.0.0.6604 as outlook.exe 9.0.0.3821 and is calling it insecure. PSI is doing the same thing regarding a variety of Office 2000, Office 2003, Office XP and Office 2007 executables. None of the files in question is a securty threat. The warnings are all false positives.
Office program executables undeniably have multiple version numbers, because Office suites have multiple editions. But PSI ought to be able to read correctly the version number of ANY and EVERY file that it examines, regardless of whether or not that file is a Microsoft file and regardless of whether that file is an executable or some other kind of file. For whatever reason, PSI is misreading a wide variety of Office files, each of which has a version number clearly indicated. It's hard to see how that could be Microsoft's fault.
Furthermore, given the information contained in other threads in this forum, PSI is also misidentifying the version number and calling insecure various non-Microsoft programs.
Secunia really needs to let us know what it is doing to resolve this issue of false positives. If it doesn't, users are soon going to stop taking any PSI security threat warnings seriously, which would be very unfortunate.
|
|
|
| brucej4
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by brucej4 on 9th Apr, 2009 19:11
|
Posts: 2
User Since: 25th Jan, 2008
Secunia System Score: N/A
Location: US |
As of 4/9/2009, I am still getting false positives on Access, FrontPage, Outlook, and Project 2000 (which I have not seen anyone else mention.)
Secunia detected version is 9.0.0.3821, which is wrong for all of them.
I have reported these to Secunia multiple times without any response.
PSI version is 1.0.0.4.
|
|
|
| creibens
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by creibens on 27th Jun, 2009 21:04
|
Posts: 2
User Since: 16th Nov, 2008
Secunia System Score: N/A
Location: N/A |
on 9th Apr, 2009 19:11, brucej4 wrote:
As of 4/9/2009, I am still getting false positives on Access, FrontPage, Outlook, and Project 2000 (which I have not seen anyone else mention.)
Secunia detected version is 9.0.0.3821, which is wrong for all of them.
I have reported these to Secunia multiple times without any response.
PSI version is 1.0.0.4.
I recently installed Microsoft Access 2000 Runtime (because a newly bought program requires it), and now I have the same problem.
My PSI version is 1.5.0.0. |
|
|
| erwaxman
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by erwaxman on 27th Jun, 2009 22:09
|
Posts: 39
User Since: 23rd Dec, 2007
Secunia System Score: 97%
Location: York, PA, US |
After I installed the Microsoft Office security patches that were released on June 9, PSI stopped reporting Access 2000 and Outlook 2000 as insecure. PSI still reports FrontPage 2000 as insecure. Apparently the June patches didn't make any changes to FrontPage.
I'm running PSI 1.5.0.0. |
|
|
| creibens
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by creibens on 27th Jun, 2009 22:42
|
Posts: 2
User Since: 16th Nov, 2008
Secunia System Score: N/A
Location: N/A |
on 27th Jun, 2009 22:09, erwaxman wrote:
After I installed the Microsoft Office security patches that were released on June 9
Where did you get these patches? Neither Windows Update nor Microsoft Update offer such patches.
BTW: I am running Windows Vista 64 bit German
|
|
|
| erwaxman
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by erwaxman on 27th Jun, 2009 22:58
|
Posts: 39
User Since: 23rd Dec, 2007
Secunia System Score: 97%
Location: York, PA, US |
on 27th Jun, 2009 22:42, creibens wrote:
Where did you get these patches? Neither Windows Update nor Microsoft Update offer such patches.
BTW: I am running Windows Vista 64 bit German
Microsoft Security Bulletin Summary for June 2009:
http://www.microsoft.com/technet/security/bulletin...
Look under Affected Software and Download Locations.
All Microsoft security patches are, or at least are supposed to be, offered through Automatic Updates and Microsoft Updates. I'm not sure whether patches for Office products are offered through Windows Updates.
|
|
|
| Snerfel
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by Snerfel on 3rd Nov, 2009 08:33
|
Posts: 3
User Since: 2nd Nov, 2009
Secunia System Score: N/A
Location: N/A |
Thanks guys, for the info about Front Page 2000
and the "entertaining" thread.
Gonna just have to ignore that warning, since
Secunia apparently isn't going to do anything
about it.
I wonder why I don't get the warning for Access
or Outlook. |
|
|
| erwaxman
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by erwaxman on 3rd Nov, 2009 11:27
|
Posts: 39
User Since: 23rd Dec, 2007
Secunia System Score: 97%
Location: York, PA, US |
on 3rd Nov, 2009 08:33, Snerfel wrote:
I wonder why I don't get the warning for Access
or Outlook.
Probably because you installed the Microsoft Office security patches that were released on June 9.
|
|
|
| Snerfel
| RE: Insecure warnings for fully patched Access, Front Page and Ou...
|
|
|
by Snerfel on 3rd Nov, 2009 18:31
|
Posts: 3
User Since: 2nd Nov, 2009
Secunia System Score: N/A
Location: N/A |
Yes. Thank you, E. R.
Tired last night. Remembered what
you said about 5 minutes after posting.
Sorry, about that chief!
(Apologizing(TM) - "The right thing to do
when you are wrong". Are you listening
Mr. AFox Squirrel?) |
|
|
|
