MS09-027 False Positives

(imported topic written by SystemAdmin)

We’re seeing false positives on “MS09-027: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution - Office 2003 SP3 (Local/Network Install)” (Reference #902711).

Devices are reporting relevant, and the deployment fails.

Manually downloading the update and deploying to the device returns an MS error that an “unexpected” version of the applicable Office files was detected.

(imported comment written by BenKus)

Does it look like the computers should need the patches installed? or does it look like the relevance is incorrectly detecting a safe version?

Ben

(imported comment written by SystemAdmin)

It appears to be the latter.

(imported comment written by SystemAdmin)

Still seeing a lot of false positives on this one. The relevance reports true, but the update file reports:

Security Update for Word 2003 (KB969603)

The expected version of the product was not found on your system.

(imported comment written by drp91)

We’re also experiencing this result.

Microsoft patch office2003-KB969603-FullFile-ENU.exe is intended only for SP3 version of Office 2003, but Relevance 6 clause for this fixlet currently does NOT exclude SP2 version, i.e. SP2 version is 11.0.7969.0 and relevance requires “DisplayVersion” to be >= “11.0.7969.0.” SP3 version is 11.0.8173.0.

Office 2003 SP2 machines in our environment, therefore, have reported relevant for this fixlet but, when the fixlet was deployed, failed to patch with error “The expected version of the productwas not found on your system.”

Updating relevance 6 clause to exclude SP2 and to require DisplayVersion to be >= 11.0.8173.0 should fix this issue.

(imported comment written by rwest23)

drp has the right answer here, namely that the Fixlet in question was not properly excluding SP2 level systems. Apologies to all about the false positives. We have made the appropriate modifications to our content and will be republishing 902711 and 902713 shortly.

Thanks,

Randy