Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Windows Update and Secunia PSI vs KB2464594

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft Office 2010

This thread has been marked as locked.
Original-Paulie-D Windows Update and Secunia PSI vs KB2464594
Member 8th May, 2011 06:57
Ranking: 10
Posts: 25
User Since: 8th May, 2011
System Score: N/A
Location: US
Hello. I've read a similar thread on this forum in regard to this situation. However, it was locked, despite offering no outcome or resolve:
https://secunia.com/community/forum/thread/show/81...

On Windows 7 Ultimate, both Windows Update and Security PSI are reporting that KB2464594 is applicable. Microsoft's support page for that KB is: http://support.microsoft.com/kb/2464594

Under "File Information", the KB page offers details on the 4 files in their properly-patched state:

File-name File-version File-size Date-Time
Msppt.olb 12.0.6501.5000 369,040 12-Mar-2009 08:17
Powerpnt.exe 12.0.6545.5000 521,080 13-Aug-2010 21:00
Ppcore.dll 12.0.6550.5000 8,492,920 21-Nov-2010 03:40
Pptpia.dll 12.0.6501.5000 350,064 12-Mar-2009 08:17

In particular, Secunia PSI lists only one file as vulnerable:
C:\Program Files\Microsoft Office\Office14\powerpnt.exe
Version 14.0.4754.1000

What interesting is the seemingly incomplete info on Secunia's "additional information" page for this item (seen by expanding the entry and then double-clicking where it says "You can double-click this row for additional information and options":

This program was detected as Insecure, it is strongly recommended that you apply the latest security patch from the vendor of the program.

The version detected of Microsoft PowerPoint 2010 was 14.0.4754.1000 while the latest version including one or more security fixes is ?? empty.


Regardless, comparing the version# listed in Secunia PSI to Microsoft's KB page, it becomes apparent that something is awry. In fact, while all 4 of the files listed in the KB are indeed present on my system, only one file has a version# prior to 14: PPTPIA.DLL is listed as:
File description: Microsoft.Office.Interopt.PowerPoint
File version: 12.0.4518.1014
Date modified: 10/26/2006 9:07 PM
Product name: 2007 Microsoft Office system
Original filename: PowerPoint Primary Interop Assembly

Based on the KB article, it would appear that this file is the true vulnerability.

Either way, Microsoft and Secunia PSI are currently reporting this as applicable .. but the patch fails to install.

Any suggestions? I would prefer not to ignore the warning in Secunia PSI as well as not hide the update in Windows Updates.

Thank you.

Original-Paulie-D RE: Windows Update and Secunia PSI vs KB2464594
Member 8th May, 2011 07:00
Score: 10
Posts: 25
User Since: 8th May 2011
System Score: N/A
Location: US
Secunia Troubleshoot Report:

---START---

Program Name:
Microsoft PowerPoint 2010

Security State:
Insecure

Download Link:
http://update.microsoft.com/microsoftupdate/

Missing Microsoft Patches (KB numbers):
KB2464594

Instances Found:
C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE, version: 14.0.4754.1000

Last System Scan (localtime):
6. May 2011, 11:13

Operating System:
Microsoft Windows 7,

---END---
Was this reply relevant?
+0
-0
Original-Paulie-D RE: Windows Update and Secunia PSI vs KB2464594
Member 8th May, 2011 07:27
Score: 10
Posts: 25
User Since: 8th May 2011
System Score: N/A
Location: US
Last edited on 8th May, 2011 07:31
Windows Update fails with error: Code 80070643 Windows Update encountered an unknown error.

%windir%\windowsupdate.log entries:

2011-05-08 01:16:18:821 1040 d9c AU #############
2011-05-08 01:16:18:821 1040 d9c AU ## START ## AU: Download updates
2011-05-08 01:16:18:821 1040 d9c AU #########
2011-05-08 01:16:18:821 1040 d9c AU # Approved updates = 1
2011-05-08 01:16:18:821 1040 d9c AU AU initiated download, updateId = {16158981-D915-4B50-B451-FD76232C3BB4}.100, callId = {70762B79-992A-4CE7-8980-51602AA302D0}
2011-05-08 01:16:18:821 1040 d9c AU Setting AU scheduled install time to 2011-05-08 07:00:00
2011-05-08 01:16:18:821 1040 d9c AU Successfully wrote event for AU health state:0
2011-05-08 01:16:18:821 1040 d9c AU AU setting pending client directive to 'Download Progress'
2011-05-08 01:16:18:837 1040 d9c AU Successfully wrote event for AU health state:0
2011-05-08 01:16:18:837 1040 d9c AU # Pending download calls = 1
2011-05-08 01:16:18:837 1040 d9c AU <<## SUBMITTED ## AU: Download updates
2011-05-08 01:16:18:837 1040 d9c AU Successfully wrote event for AU health state:0
2011-05-08 01:16:18:837 1040 1374 Report CWERRepor ter::HandleEvents - WER report upload completed with status 0x8
2011-05-08 01:16:18:837 1040 1374 Report WER Report sent: 7.5.7601.17514 0x80070643 16158981-D915-4B50-B451-FD76232C3BB4 Install 101 Unmanaged
2011-05-08 01:16:18:837 1040 1374 Report CWERRepor ter finishing event handling. (00000000)
2011-05-08 01:16:18:837 1040 1574 AU Getting featured update notifications. fIncludeDismissed = true
2011-05-08 01:16:18:837 1040 1574 AU No featured updates available.
2011-05-08 01:16:18:853 1040 1374 DnldMgr ******** *****
2011-05-08 01:16:18:853 1040 1374 DnldMgr ** START ** DnldMgr: Downloading updates [CallerId = AutomaticUpdates]
2011-05-08 01:16:18:853 1040 1374 DnldMgr ******** *
2011-05-08 01:16:18:853 1040 1374 DnldMgr * Call ID = {70762B79-992A-4CE7-8980-51602AA302D0}
2011-05-08 01:16:18:853 1040 1374 DnldMgr * Priority = 2, Interactive = 0, Owner is system = 1, Explicit proxy = 0, Proxy session id = -1, ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}
2011-05-08 01:16:18:853 1040 1374 DnldMgr * Updates to download = 1
2011-05-08 01:16:18:853 1040 1374 Agent * Title = Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
2011-05-08 01:16:18:853 1040 1374 Agent * UpdateId = {16158981-D915-4B50-B451-FD76232C3BB4}.100
2011-05-08 01:16:18:853 1040 1374 Agent * Bundles 1 updates:
2011-05-08 01:16:18:853 1040 1374 Agent * {F507DD33-B9C4-4C79-A238-7BE9F3F7C5E9}.100
2011-05-08 01:16:18:853 1040 1374 DnldMgr ******** *** DnldMgr: Regulation Refresh [Svc: {7971F918-A847-4430-9279-4A52D1EFE18D}] ***********
2011-05-08 01:16:18:853 1040 1374 DnldMgr Contacti ng regulation server for 1 updates.
2011-05-08 01:16:18:853 1040 1574 AU Getting featured update notifications. fIncludeDismissed = true
2011-05-08 01:16:18:853 1040 1574 AU No featured updates available.
2011-05-08 01:16:18:915 1040 1374 Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A 847-4430-9279-4A52D1EFE18D\wuredir.cab:
2011-05-08 01:16:19:009 1040 1374 Misc Microsoft signed: Yes
2011-05-08 01:16:19:009 1040 1374 PT URL for regulation server found in server config.
2011-05-08 01:16:19:009 1040 1374 DnldMgr Regulati on server path: https://www.update.microsoft.com/v6/UpdateRegulati...
2011-05-08 01:16:33:345 1040 1374 DnldMgr * Regulation call complete. 0x00000000
2011-05-08 01:16:33:345 1040 1374 DnldMgr ******** *** DnldMgr: New download job [UpdateId = {F507DD33-B9C4-4C79-A238-7BE9F3F7C5E9}.100] ***********
2011-05-08 01:16:33:345 1040 1374 DnldMgr * Queueing update for download handler request generation.
2011-05-08 01:16:33:345 1040 1374 DnldMgr Generati ng download request for update {F507DD33-B9C4-4C79-A238-7BE9F3F7C5E9}.100
2011-05-08 01:16:33:485 1040 1374 Handler MSP download: file powerpoint.cab already exists in sandbox directory (C:\Windows\SoftwareDistribution\Download\0ca856cc 21d83df5cc56331251974534)
2011-05-08 01:16:33:517 1040 1374 DnldMgr ******** *** DnldMgr: New download job [UpdateId = {F507DD33-B9C4-4C79-A238-7BE9F3F7C5E9}.100] ***********
2011-05-08 01:16:33:517 1040 1374 DnldMgr * All files for update were already downloaded and are valid.
2011-05-08 01:16:33:517 1040 1374 Agent *********
2011-05-08 01:16:33:517 1040 1374 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdates]
2011-05-08 01:16:33:517 1040 d9c AU >>## RESUMED ## AU: Download update [UpdateId = {16158981-D915-4B50-B451-FD76232C3BB4}, succeeded]
2011-05-08 01:16:33:517 1040 1374 Agent ********** ***
2011-05-08 01:16:33:517 1040 1374 Report CWERRepor ter finishing event handling. (00000000)
2011-05-08 01:16:33:517 1040 d9c AU #########
2011-05-08 01:16:33:517 1040 d9c AU ## END ## AU: Download updates
2011-05-08 01:16:33:517 1040 d9c AU #############
2011-05-08 01:16:33:532 1040 d9c AU Setting AU scheduled install time to 2011-05-08 07:00:00
2011-05-08 01:16:33:532 1040 d9c AU Successfully wrote event for AU health state:0
2011-05-08 01:16:33:532 1040 d9c AU AU setting pending client directive to 'Install Approval'
2011-05-08 01:16:33:532 1040 d9c AU Successfully wrote event for AU health state:0
2011-05-08 01:16:33:532 1040 344 AU Getting featured update notifications. fIncludeDismissed = true
2011-05-08 01:16:33:532 1040 344 AU No featured updates available.
2011-05-08 01:16:33:829 1040 1c8 AU Launched new AU client for directive 'Install Approval', session id = 0x2
2011-05-08 01:16:38:540 1040 1374 Report REPORT EVENT: {F23D5358-8FDB-4713-9C56-A4E48312170D} 2011-05-08 01:16:33:532-0400 1 188 102 {00000000-0000-0000-00 00-000000000000} 0 0 AutomaticUpdates Success Cont ent Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on ?Sunday, ?May ?08, ?2011 at 3:00 AM: - Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
2011-05-08 01:16:38:540 1040 1374 Report CWERRepor ter finishing event handling. (00000000)
Was this reply relevant?
+0
-0
ddmarshall RE: Windows Update and Secunia PSI vs KB2464594
Dedicated Contributor 8th May, 2011 13:50
Score: 1210
Posts: 961
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Last edited on 8th May, 2011 14:13
The log doesn't tell you much. It's just a generic error code.
http://support.microsoft.com/kb/958052

Have you tried downloading the complete KB from the Download Center and installing it instead of using Microsoft Update?

The filenames reported in the PSI scan results are those used to detect the presence and version of the of the product. That is not necessarily the file with the vulnerability.

If you do not make any progress, contact Microsoft on 1-866-PCSAFETY . As you have Office 2010, it would appear that you should not be offered this update. This may be a problem that affects people who have updated from Office 2007 to Office 2010.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
Original-Paulie-D RE: Windows Update and Secunia PSI vs KB2464594
Member 8th May, 2011 15:21
Score: 10
Posts: 25
User Since: 8th May 2011
System Score: N/A
Location: US
Last edited on 8th May, 2011 15:23
DDMarshall,
Yes; of course. Thanks for asking, regardless.

Same failed results. I'll try again and see if anything else was logged in the WU log file. I'll blog it here, if so.

I can't recall if this particular computer was upgraded from Office 2007 to 2010. It would appear as such, based on these results. I don't have time, unfortunately, to deal with M$ Support right now. I'll be monitoring the net for the time being and leave this patch as "pending."

Hopefully, Secunia PSI will draw further attention to this obvious flaw.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer