@BaiYunfei The patch for the Microsoft zero day vulnerability (CVE17-0199) has been bundled into the Office 365 Click to Run version (see below).
MS Office 2013: 15.0.4919.1002
MS Office 2016: 16.0.7870.2038
https://technet.microsoft.com/en-us/mt465751 (choose Current Channel/2017/April – look at Version 1702)
HOWEVER the Fixlet (specific for Office 2013 in this example) is showing as RELEVANT to computers that have the updated version of Office installed -
MS17-APR: Security update for Office 2013 - Office 2013 SP1 - KB3178710
Does your framework for defining relevance for MS Office specific patches include logic for whether the fix has been included in the latest MS Office Click to Run versions ?
I appreciate this is all new technology for us all to get our heads around, however in terms of reporting BigFix appears to be out of sync with Microsoft.
There may well be other instances where Fixlets may need to be updated due to the same scenario.
Please confirm and/or fix.
Thanks.
Updated
Hi @nicksberger, thanks for reporting this. Does your system have the Click-to-run version of Office (or Office 365), or the .MSI version?
The Fixlet you referenced targets only the .MSI version. If there is a suspected false positive, kindly help to perform a MBSA scan, check whether the report says KB3178710 is installed.
Kindly open a PMR with IBM support if it’s confirmed a false positive case. To speed up the process, you may want to include the link of this thread.
Thank you!
1 Like
We have ‘Click to Run’ version of MS Office installed. The fact that KB3178710 is included in the latest version of MS Office (15.0.4919.1002) which is installed on my endpoints, this Fixlet should not be relevant regardless of whether its for the MSI version.
It may be worth adding a relevance clause to make this MSI only update relevant on MSI installs of MS Office only ?
Thanks @nicksberger, the Fixlet itself should not be relevant for Click-to-run based installations, regardless of whether it already received the latest update.
This situation looks problematic, could you help to open a PMR so we can obtain more info to troubleshoot?
Thank you!
Thats the issue, it is …
I will raise a PMR.
@nicksberger Sorry for the delay, but we are still waiting for the PMR to reach us (L3). Do you have a PMR number to share with me?
PMR - 60958,L6Q,000
This is fairly urgent as we need to determine whether the security update should be installed on c2r install of office 2013.
Thanks @nicksberger for providing the PMR number.
In the meantime, you can try the following simple diagnostics: run a MBSA scan to see if anything is reported missing; download the reported patch to the target computer and double click to see whether it installs.
@BaiYunfei SCCM does offer the patch and it does install. It appears the zero fix can be patched via the C2R delta update and the MSI patch. I can only assume that by SCCM offering the patch means the patch contains more than just the zero day fix. It would be great if you could confirm my findings …
Hi @nicksberger, does SCCM offer the same MSI patch offered by BigFix? If yes, applying BigFix Fixlets should successfully install the patch too. If this is the case, there isn’t anything wrong with BigFix content as far as I can tell.
Since the machine has C2R Office installed, in order to examine what other component caused the patch to be applicable, kindly help to extract the registry key [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer] requested by L2 support via the PMR. You may also want to provide a MBSA scan report for added assurance.
Thank you!