We’re seeing false positives on “MS09-027: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution - Office 2003 SP3 (Local/Network Install)” (Reference #902711).
Devices are reporting relevant, and the deployment fails.
Manually downloading the update and deploying to the device returns an MS error that an “unexpected” version of the applicable Office files was detected.
Microsoft patch office2003-KB969603-FullFile-ENU.exe is intended only for SP3 version of Office 2003, but Relevance 6 clause for this fixlet currently does NOT exclude SP2 version, i.e. SP2 version is 11.0.7969.0 and relevance requires “DisplayVersion” to be >= “11.0.7969.0.” SP3 version is 11.0.8173.0.
Office 2003 SP2 machines in our environment, therefore, have reported relevant for this fixlet but, when the fixlet was deployed, failed to patch with error “The expected version of the productwas not found on your system.”
Updating relevance 6 clause to exclude SP2 and to require DisplayVersion to be >= 11.0.8173.0 should fix this issue.
drp has the right answer here, namely that the Fixlet in question was not properly excluding SP2 level systems. Apologies to all about the false positives. We have made the appropriate modifications to our content and will be republishing 902711 and 902713 shortly.