MS09-017 went out fine when it was initially released until it was modified with the stuff below, I have tried for days to download the file and each time I check the sha1 value it comes up with “4ffed0a0c6b2defb256811883abc2d5ded4579eb” due to desktop churn this patch is steadily growing higher and higher on the unpatched list. What is the recommended action??? Make a copy of the fixlet and modify the sha1 value???
MS09-017: Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution - Office 2003 SP3 (Local/Network Install)
Patches for Windows (English)
DescriptionImportant Note: Microsoft is apparently experiencing syncing issues with their download server clusters. As a result, several different versions of the binary deployed by this Fixlet message may be downloaded from the supplied URL at any given time. While this is NOT a BigFix problem and must ultimately be resolved by Microsoft, BigFix is offering the following alternative to ensure successful action deployment:
Using a browser, download the binary deployed by this Fixlet message.
Using sha1.exe (see instructions here), verify that the sha1 of the downloaded file is equal to “e9de540892dcb407d5742497bb012dfab11bad56”. If it is not, repeat step 1.
Once you have successfully downloaded and verified the file, rename it to “e9de540892dcb407d5742497bb012dfab11bad56” and place it in the BES Server download cache. For more information about manually caching file downloads on the BES Server, please see BigFix Support Knowledge Base article #390.
Did you create the custom copy of the fixlet and get it to work? I’m trying but everytime i deploy it, my test systems reports Status fail, but action script execution detail reads that everything completed. I’m assuming that because the success criteria says “This action will be considered successful when the applicability relevance evalutes to false.” that there is a change tht needs to be made in the relevance.
// If the line below fails, please use the “Office 2003 Deployment Control – Initial Assignment” Fixlet message in the BES Support site to configure your Office deployment and then redeploy this action
continue if {exists key “HKLM\SOFTWARE\BigFix\EnterpriseClient\Office2003Control” whose ((it = 3 OR it = 2) of value “DeploymentType” of it) of registry}
continue if {(size of it = 3015576 AND sha1 of it = “4ffed0a0c6b2defb256811883abc2d5ded4579eb”) of file “office2003-KB957784-FullFile-ENU-CSA.exe” of folder “__Download”}
i was getting the download failled error too, then I did a sha1 -r on the file and saw that the file size was wrong. The orginal fixlet has it listed as 3015576 but the correct file size is 2895240 So i changed the following line to reflect the correct file size and that went away. But I’m still getting a failed status on my test box after everything completes.
continue if {(size of it = 2895240 AND sha1 of it = “4ffed0a0c6b2defb256811883abc2d5ded4579eb”) of file “office2003-KB957784-FullFile-ENU-CSA.exe” of folder “__Download”}
Here is my whole action script:
// If the line below fails, please use the “Office 2003 Deployment Control – Initial Assignment” Fixlet message in the BES Support site to configure your Office deployment and then redeploy this action
continue if {exists key “HKLM\SOFTWARE\BigFix\EnterpriseClient\Office2003Control” whose ((it = 3 OR it = 2) of value “DeploymentType” of it) of registry}
continue if {(size of it = 2895240 AND sha1 of it = “4ffed0a0c6b2defb256811883abc2d5ded4579eb”) of file “office2003-KB957784-FullFile-ENU-CSA.exe” of folder “__Download”}
I still think it has something to do with the Relevance peice of the filxet, but im working remotely today and don’t have full access to my test box to do any debugging
I fired up a vm session and applied the patch manually and the VM session does not report relevant, but if you extract the .exe file with winzip you get POWERPNT.msp not POWERPNTNMinus1.msp
Thanks for the info, I never throught to look at the files extracted from the EXE. I made the change to the file name in the action script and reaplied it to my test machine and it reports back fixed now!
Now the question is do we deployee it or wait for Bixfix to fix the fixlet?
// If the line below fails, please use the “Office 2003 Deployment Control – Initial Assignment” Fixlet message in the BES Support site to configure your Office deployment and then redeploy this action
continue if {exists key “HKLM\SOFTWARE\BigFix\EnterpriseClient\Office2003Control” whose ((it = 3 OR it = 2) of value “DeploymentType” of it) of registry}
continue if {(size of it = 2895240 AND sha1 of it = “4ffed0a0c6b2defb256811883abc2d5ded4579eb”) of file “office2003-KB957784-FullFile-ENU-CSA.exe” of folder “__Download”}
Thanks!! that basically what I came up with to. I here you on the $$$, we are in the same boat as you. Iw as also working with support on this issue and I’m not that happy about the response I got from them!