B
brightwell_151
Hello All,
I hope this isn't too dumb a question but I'm trying to work out
whether my version of Office is exposed to some of the recent reported
vulnerabilities and I cannot work it out.
The reason I ask is that all the vulnerability alerts from MS seem to
mention 2002 SP3 but don't specifically mention any other versions of
2002 as being vulnerable or "not affected"
Taking Excel as an example - When I do Help About to find out the
version of Excel (for example) I see it is Excel 2002 (10.4302.4219)
SP2
But if I run MBSA against this I can see one of the recent
vulnerabilities MS07-023 which affects quite a few versions of Excel,
but against my machine (running the version I mention above) it states
N/A
Now... I don't trust this! ... In the past we had an issue where WSUS
would state that it has happily patched all the vulnerable machines
only for us to find that it hadn't tried to patch a couple of W2K
machines which hadn't been updated to SP4 (because revisions prior to
SP4 had lapsed out of support)
So I'm wondering:
Have versions prior to SP3 lapsed out of support
Is it because we've installed Office in a way which cannot be updated
(I've seen some comments about this in support pages)
Or maybe the vulnerability was introduced at SP3 and I have nothing to
worry about.
any ideas
Note: I'm not the MS Office Admin, I'm a security bod
Anyone got any ideas?
I hope this isn't too dumb a question but I'm trying to work out
whether my version of Office is exposed to some of the recent reported
vulnerabilities and I cannot work it out.
The reason I ask is that all the vulnerability alerts from MS seem to
mention 2002 SP3 but don't specifically mention any other versions of
2002 as being vulnerable or "not affected"
Taking Excel as an example - When I do Help About to find out the
version of Excel (for example) I see it is Excel 2002 (10.4302.4219)
SP2
But if I run MBSA against this I can see one of the recent
vulnerabilities MS07-023 which affects quite a few versions of Excel,
but against my machine (running the version I mention above) it states
N/A
Now... I don't trust this! ... In the past we had an issue where WSUS
would state that it has happily patched all the vulnerable machines
only for us to find that it hadn't tried to patch a couple of W2K
machines which hadn't been updated to SP4 (because revisions prior to
SP4 had lapsed out of support)
So I'm wondering:
Have versions prior to SP3 lapsed out of support
Is it because we've installed Office in a way which cannot be updated
(I've seen some comments about this in support pages)
Or maybe the vulnerability was introduced at SP3 and I have nothing to
worry about.
any ideas
Note: I'm not the MS Office Admin, I'm a security bod
Anyone got any ideas?