MS17-JUN: Security update for Office 2010 - Office 2010 SP2 - KB3191848 **FALSE POSITIVE*

nicksberger · July 4, 2017, 8:02am

@BaiYunfei This patch isn’t offered by SCCM (in my test case on Win7/10), a case was opened with Microsoft and they conclude -

"KB3191848 (which is for OGL.dll) only applies to Office 2010 when it’s running on OS’s earlier than Vista. With Vista or later, the patch is not needed.

This conclusion is the same as our investigation results.
So you don’t have to worry about this patch if your machines are using Microsoft Vista or later version OS.

Also, we have already raised the request to the team who is in charge of the Office Article and they will update the article to add this information"

BaiYunfei · July 4, 2017, 8:39pm

Thanks @nicksberger for the report, I will raise this to our team too.

nicksberger · July 5, 2017, 9:00am

Thanks, let me know if you want the full email analysis thread from Microsoft on the subject.

BaiYunfei · July 5, 2017, 9:20am

Thank you. I believe we only need Microsoft to update their KB page to state this clearly. We have seen similar behavior on certain patches before, but those information were posted on bulletin pages, which are no more.

Updated 2017-07-06: Microsoft has updated their webpage added an FAQ about this. BigFix content will be updated shortly.

nicksberger · July 6, 2017, 3:47pm

Will we get a notification when content published ?

BaiYunfei · July 6, 2017, 4:42pm

Yes. This thread will be updated.

nicksberger · July 7, 2017, 8:16am

@BaiYunfei an ETA pls ?

BaiYunfei · July 7, 2017, 8:34pm

I would estimate next week. However as the MS Update Tuesday is also on next week, the new security updates takes precedence.

sylvia · July 10, 2017, 12:55am

Hi nicksberger,

The content for KB3191848 have been updated since Microsoft has released a revision for CVE-2017-0285 later last week.

The change has been published already:

Published site version:

Patches for Windows, version 2796.

Best Regards,
Sylvia