So according to Microsoft’s website on MS11-055 Frequently Asked Questions, this patch should actually apply to systems regardless of whether they have Visio 2003 as long as they have some vulnerable component (Office 2003):
–
I have a non-vulnerable version of Microsoft Office 2003 software installed, why am I being offered this update?
Although the attack vector for exploiting the vulnerability described in CVE-2010-3148 is through Microsoft Visio 2003, the vulnerable code exists in a shared component of Microsoft Office. Some non-affected software, such as Microsoft Office 2003 Suite and Microsoft Office 2003 standalone programs, contain the vulnerable shared component of Microsoft Office, but because they do not access the vulnerable code, they are not affected by this vulnerability. However, since the vulnerable code is present, this update will be offered.
–
So a machine having or not having Visio shouldn’t make a difference in whether MS11-055 should apply. We’ve tried this patch with systems that have Office 2003 and Visio 2007 Viewer and found that it seems to work, so I think a deeper investigation will be needed to get to the bottom of this one.
I would encourage you to make a support case so that we can track and debug your problem better.
a second action to re-apply this patch got the number down significantly. Also I applied to my test group and most users were not logged in, once they logged in some of the PCs switched to completed without any action.