Windows Enterprise Desktop

Dec 9 2009   6:13PM GMT

Interesting Secunia Patch Maneuver

Ed Tittel Ed Tittel Profile: Ed Tittel

On my home network, I use Secunia Personal Software Inspector (PSI) on all of my Windows machines to make sure they keep up with the latest and greatest updates to the OS, Microsoft Office, and other applications — especially those from Adobe (all kinds of tools and browswer add-ins), Sun (Java), Firefox, and Google (Chrome) all of which have been subject to frequent and sometimes dramatic security updates of late. Lots of companies I know and work with use the business equivalent, Secunia Corporate Software Inspector (aka Secunia CSI) for the same purpose.

Last night, I got a notification to check on my PCs from Secunia, which sends out notification e-mails any time a registered machine’s known software components or OS require updates to maintain proper security. Because yesterday was Patch Tuesday for December, 2009, this came as no surprise at all. What did comes as a surprise this morning when I got around to checking was that a handful of unexpected items popped up in the alert list. I’m pretty serious about fixing such things because ultimately, the goal is to maintain a solid set of green bars across the entire Secunia Historic Development chart, which looks like this:

I aim for all-green, all the time, but work and travel sometimes interfere

I aim for all-green, all the time, but work and travel sometimes interfere

As usual, I tackled the numerous items whose status changed from secure to insecure since my last regular weekly scan to bring my system back into full compliance. This morning, there were five such alerts: one for Adobe Air, two for Adobe Flash, one for Google Chrome, and one for the MS Office PowerPoint Viewer 2007. I was able to dispatch all of them pretty quickly by installling the upgrades or patches for which Secunia helpfully provides links in its item detail info, except for PowerPoint Viewer 2007. That link took me to Microsoft Update which cheerfully informed me that no updates were needed. Hmmm…

I immediately jumped up onto the Secunia forums (staffed by a crack group of staffers and volunteers) and found a thread that prescribed the right approach to this apparent mystery:

  1. Visit the Microsoft Download Center and download the PowerPoint Viewer 2007 version .
  2. Install that version, then re-run Windows Update. Presto! Five new downloads appear: a PPT Viewer SP1 plus various miscellaneous updates (KB954038, KB951550, KB951955, and KB934395). I selected all of them for installation, but KB934395 came up as “unnecessary, not installed” in the aftermath.
  3. Re-run Windows Update again. This time, you’ll get PPT Viewer SP2, plus another set of patches (KB970059, KB969618, and KB972581).

Only then will Secunia give a clean bill of health to PPT Viewer. Of course, I’m grateful to get secure and stay that way, but I’m a little irked that my inclusion of MS Office Updates in my Windows Update configuration turned up nothing on its own beforehand. I’m also a little puzzled as to why downloading the PPT Viewer from Microsoft triggered additional Windows Update activity even though it purports to be the same version I already had installed on my Office-equipped machines.

But because this situation took me by surprise, and so many enterprises run MS Office and probably also haven’t gone through this maneuver, I wanted it to broadcast it to the largest possible audience. Consider this blog a notification that PowerPoint Viewer 2007 (included by default with most versions of MS Office 2007) needs a security update, and a description of what’s involved in adressing this not-completely-straightforward maneuver. Even Secunia didn’t do that directly, so I hope this qualifies as a “public service.” As a devoted Windows-head, I found it interesting and unusual enough to be worth figuring out and fixing in any case.

2  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Geekyork
    You just saved me. I was having the PPT viewer bug for months with no solution. But worse, today I installed Office 2007 on a new computer, ran all the MS updates, and still found Secunia to be unhappy with my office products. I followed the link you provided to update PPT Viewer, then ran updates as you suggested, and presto...Secunia is happy again. So, when you said it will download "various other updates," those were security holes that Secunia is now flagging. So thanks for taking the time to broadcast this. --geekyork
    0 pointsBadges:
  • Ed Tittel
    Glad to be of service. I found it fascinating that the default Windows Update behavior for MS Office didn't kick in until the updated viewer got loaded. Best wishes, --Ed--
    11,075 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: