45% failure rate MS011-055

(imported topic written by ktm_200091)

Not sure about this one…

MS11-055: Vulnerability in Microsoft Visio Could Allow Remote Code Execution - Visio 2003 SP3 (Local/Network Installation)

patch says that it is about visio, relevance check looks like it is more for office 2003

Machines which are failing seem to have

Office 2003

DO NOT HAVE Visio 2003

Do have Visio 2007 Viewer

Can someone from IBM check this one out?

(imported comment written by liuhoting91)

So according to Microsoft’s website on MS11-055 Frequently Asked Questions, this patch should actually apply to systems regardless of whether they have Visio 2003 as long as they have some vulnerable component (Office 2003):

I have a non-vulnerable version of Microsoft Office 2003 software installed, why am I being offered this update?

Although the attack vector for exploiting the vulnerability described in CVE-2010-3148 is through Microsoft Visio 2003, the vulnerable code exists in a shared component of Microsoft Office. Some non-affected software, such as Microsoft Office 2003 Suite and Microsoft Office 2003 standalone programs, contain the vulnerable shared component of Microsoft Office, but because they do not access the vulnerable code, they are not affected by this vulnerability. However, since the vulnerable code is present, this update will be offered.

So a machine having or not having Visio shouldn’t make a difference in whether MS11-055 should apply. We’ve tried this patch with systems that have Office 2003 and Visio 2007 Viewer and found that it seems to work, so I think a deeper investigation will be needed to get to the bottom of this one.

I would encourage you to make a support case so that we can track and debug your problem better.

(imported comment written by ktm_200091)

a second action to re-apply this patch got the number down significantly. Also I applied to my test group and most users were not logged in, once they logged in some of the PCs switched to completed without any action.

wierd patch.