This morning, when I ran my weekly scan, Secunia informed me that the Java Runtime Environment 6.15… was now out of date, so I went off to download the latest version. Out of habit I used Revo Uninstaller to remove the JRE from my machines knowing that manual uninstall is required to get old versions of Java out of the way so that new ones can be installed in a pristine setting. Out of habit I reached for my favorite uninstaller, Revo Uninstaller. It worked fine on my 32-bit Windows 7 systems, but I hit a snag on my 64-bit systems (Revo Uninstaller does not provide access to the 64-bit JRE, though it is happy to work with the 32-bit version on either 64- or 32-bit systems).

I did a hurry-up manual uninstall (removed the Java direcotory in the Program Files directory, and a quick purge of Java related Registry settings). But when I downloaded and installed a new 6.20… JRE, though the 32-bit version installed without a hitch, the 64-bit version threw error 1327 “Unable to find a necessary DLL.” After trying a restore point and researching various possible fixes on the Internet (of which there are plenty, but alas none of which worked for me), I took advantage of my nightly backup to restore the Java directory I’d trashed as part of my hurry-up manual uninstall manuevers, then tried to install the new 64-bit JRE 6.20… This time, I was successful, to my great relief.

It reminds me that you have to make sure your tools are 64-bit savvy when working on 64-bit systems. As a little additional investigation showed me quickly and directly, had I simply chosen to use the Programs and Features item in Control Panel to extirpate the original 6.15… JRE, I would have been able to install the 6.20… version without difficulty. That’s why it’s always important to remember what you’re doing, and what tools you’re working with when adding or removing software from a Windows machine. Hopefully, you can learn from this (minor) foul-up on my part!

Last night, I got a notification to check on my PCs from Secunia, which sends out notification e-mails any time a registered machine’s known software components or OS require updates to maintain proper security. Because yesterday was Patch Tuesday for December, 2009, this came as no surprise at all. What did comes as a surprise this morning when I got around to checking was that a handful of unexpected items popped up in the alert list. I’m pretty serious about fixing such things because ultimately, the goal is to maintain a solid set of green bars across the entire Secunia Historic Development chart, which looks like this:

I aim for all-green, all the time, but work and travel sometimes interfere

As usual, I tackled the numerous items whose status changed from secure to insecure since my last regular weekly scan to bring my system back into full compliance. This morning, there were five such alerts: one for Adobe Air, two for Adobe Flash, one for Google Chrome, and one for the MS Office PowerPoint Viewer 2007. I was able to dispatch all of them pretty quickly by installling the upgrades or patches for which Secunia helpfully provides links in its item detail info, except for PowerPoint Viewer 2007. That link took me to Microsoft Update which cheerfully informed me that no updates were needed. Hmmm…

I immediately jumped up onto the Secunia forums (staffed by a crack group of staffers and volunteers) and found a thread that prescribed the right approach to this apparent mystery:

1. Visit the Microsoft Download Center and download the PowerPoint Viewer 2007 version .
2. Install that version, then re-run Windows Update. Presto! Five new downloads appear: a PPT Viewer SP1 plus various miscellaneous updates (KB954038, KB951550, KB951955, and KB934395). I selected all of them for installation, but KB934395 came up as “unnecessary, not installed” in the aftermath.
3. Re-run Windows Update again. This time, you’ll get PPT Viewer SP2, plus another set of patches (KB970059, KB969618, and KB972581).

Only then will Secunia give a clean bill of health to PPT Viewer. Of course, I’m grateful to get secure and stay that way, but I’m a little irked that my inclusion of MS Office Updates in my Windows Update configuration turned up nothing on its own beforehand. I’m also a little puzzled as to why downloading the PPT Viewer from Microsoft triggered additional Windows Update activity even though it purports to be the same version I already had installed on my Office-equipped machines.

But because this situation took me by surprise, and so many enterprises run MS Office and probably also haven’t gone through this maneuver, I wanted it to broadcast it to the largest possible audience. Consider this blog a notification that PowerPoint Viewer 2007 (included by default with most versions of MS Office 2007) needs a security update, and a description of what’s involved in adressing this not-completely-straightforward maneuver. Even Secunia didn’t do that directly, so I hope this qualifies as a “public service.” As a devoted Windows-head, I found it interesting and unusual enough to be worth figuring out and fixing in any case.

Apparently the installer is not only supposed to add Flash10b.ocx to the %windir%\System32\Macromed\Flash directory, it’s also supposed to delete the previous version, Flash10a.ocx as well. The problem is, deleting ActiveX components you use requires that they be unregistered first. To do this for the aforementioned file, enter this string at the command line:

regsvr32 “C:\Windows\SYSTEM32\Macromed\Flash\Flash10a.ocx” /u

On the other hand, you could use your handy-dandy WinPE boot UFD to reboot the machine and delete this file without having to unregister, because you’re then running inside a different Vista runtime that isn’t using that ActiveX control. However, a double reboot takes at least 5 minutes on my Vista machines: once to boot into WinPE, and again to return to a normal Vista runtime environment after deleting the file. On the other hand, unregistering this ActiveX control takes less than ten seconds. Thus, it’s easier and faster to unregister the file first, then delete it without resorting to the UFD. You can even write a short batch file to automate the entire process, and deploy it around your network to Vista desktops.One more thing: before you attempt to delete this file, please close Secunia PSI as well. If you leave it open, it will hang onto a handle to this file. And of course, that too will prevent you from deleting it.

Those readers who’ve followed my advice and have installed PSI or CSI (the newly-renamed “Corporate Software Inspector” or CSI, that replaces the older NSI for Network Software Inspector) may benefit from this tidbit of information, if they haven’t figured it out already for themselves. As foibles go, however, this one’s pretty minor, and would only require Secunia to add a short note to this effect in their clean-up instructions. I’m still glad to have Secunia in my corner, though, and since I’ve started using their software inspectors my machines have kept up with patches, fixes, and updates on a more-or-less a same-day basis, except for occasional weekends or holidays when I choose not to check on my growing collection of PCs.