Actually, this was the "dumb me" syndrome. After some research (reading the fineprint ;)) I figured out that my workstation did not have Office XP SP2 installed. That does not explain the why office update does not work (http://office.microsoft.com/productupdate/), but at least I could install.
OK, so I am guilty of not checking the system requirements. Agreed. Bash me for this ;) But couldn't the error message be a bit more descriptive? I wonder how many end users will simply stop at this point. On a test machine, I also noticed that Office XP SP2 is not cummulative, so you receive the same cryptic error message if you try to install SP2 but SP1 is not installed. I would suggest that SPs be cummulative in all cases... Rainer > -----Original Message----- > From: Rainer Gerhards > Sent: Thursday, September 04, 2003 10:39 AM > To: [EMAIL PROTECTED] > Subject: [Full-Disclosure] FW: Microsoft Security Bulletin > MS03-035: Flaw in Microsoft Word Could Enable Macros to Run > Automatically(827653) > > > Excellent piece of Microsoft software... > > Can't even install it on Word 2002 German on WinXP German. The patch > says (translated) "did not find the product expected". I then > tried the > office update site. That fails with an general error, telling me I > should review my security settings. > > Bottom line: nice patch, but can't install... > > Am I now guilty of lazyness if I do not patch? > > Anyone else with similar problems? > > Rainer Gerhards > > > -----Original Message----- > > From: Microsoft > > [mailto:[EMAIL PROTECTED] > > tters.Microsoft.com] > > Sent: Thursday, September 04, 2003 6:41 AM > > To: Rainer Gerhards > > Subject: Microsoft Security Bulletin MS03-035: Flaw in > > Microsoft Word Could Enable Macros to Run Automatically(827653) > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > - > ------------------------------------------------------------------- > > Title: Flaw in Microsoft Word Could Enable Macros to Run > > Automatically (827653) > > Date: September 3, 2003 > > Software: Microsoft Word 97 > > Microsoft Word 98 (J) > > Microsoft Word 2000 > > Microsoft Word 2002 > > Microsoft Works Suite 2001 > > Microsoft Works Suite 2002 > > Microsoft Works Suite 2003 > > Impact: Run macros without warning > > Max Risk: Important > > Bulletin: MS03-035 > > > > Microsoft encourages customers to review the Security Bulletins at: > > > > http://www.microsoft.com/technet/security/bulletin/MS03-035.asp > > http://www.microsoft.com/security/security_bulletins/MS03-035.asp > > > > - > ------------------------------------------------------------------- > > > > Issue: > > ====== > > A macro is a series of commands and instructions that can be > > grouped together as a single command to accomplish a task > > automatically. Microsoft Word supports the use of macros to allow > > the automation of commonly performed tasks. Since macros are > > executable code it is possible to misuse them, so Microsoft Word > > has a security model designed to validate whether a macro should be > > allowed to execute depending on the level of macro security the > > user has chosen. > > > > A vulnerability exists because it is possible for an attacker to > > craft a malicious document that will bypass the macro security > > model. If the document was opened, this flaw could allow a > > malicious macro embedded in the document to be executed > > automatically, regardless of the level at which macro security is > > set. The malicious macro could take the same actions that the user > > had permissions to carry out, such as adding, changing or deleting > > data or files, communicating with a web site or formatting the hard > > drive. > > > > The vulnerability could only be exploited by an attacker who > > persuaded a user to open a malicious document - there is no way for > > an attacker to force a malicious document to be opened. > > > > Mitigating Factors: > > ==================== > > - The user must open the malicious document for an attacker to be > > successful. An attacker cannot force the document to be opened > > automatically. > > > > - The vulnerability cannot be exploited automatically through e- > > mail. A user must open an attachment sent in e-mail for an e- > > mail borne attack to be successful. > > > > - By default, Outlook 2002 block programmatic access to the > > Address Book. In addition, Outlook 98 and 2000 block > > programmatic access to the Outlook Address Book if the Outlook > > Email Security Update has been installed. Customers who use any > > of these products would not be at risk of propagating an e-mail > > borne attack that attempted to exploit this vulnerability. > > > > - The vulnerability only affects Microsoft Word - other > members of > > the Office product family are not affected. > > > > Risk Rating: > > ============ > > -Important > > > > Patch Availability: > > =================== > > - A patch is available to fix this vulnerability. Please read the > > Security Bulletins at > > > > http://www.microsoft.com/technet/security/bulletin/MS03-035.asp > > http://www.microsoft.com/security/security_bulletins/MS03-035.asp > > > > for information on obtaining this patch. > > > > Acknowledgment: > > =============== > > - Jim Bassett of Practitioners Publishing Company > > (http://www.ppcnet.com) > > - > ------------------------------------------------------------------- > > > > THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS > > PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS > > ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES > > OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO > > EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR > > ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, > > CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF > > MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE > > POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION > > OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES > > SO THE FOREGOING LIMITATION MAY NOT APPLY. > > > > > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP 8.0.2 > > > > iQEVAwUBP1UvR40ZSRQxA/UrAQE0jwf8Dzm8/NCPSiH+BP7ePKRl66a9rawIDdlu > > V+52lARZNbRkBNU00U8ImEzilgfIbgj0HZkcb4GpaQLUsPbYSuyiyu9PrKn0i+/j > > JTaZOg48YJYZzhFOq+drUAMmwMQAkD3xb9fCrSxqET4/K4/55qiJW5uyOlH9RZ3K > > BS6fhpmrQhOHGRU1gxWDbnRwWZmaqqMCr4WlGJZKZRH3L6kXwEfoH77Xq/v8BiXC > > y0a6YqMpmA/Jd3Dpx8ByQBMTEfr2eHmMR9WDBowCip4iQ+p/Qorn8q6JpVlm8mhr > > G+fCshh3bCiniTX5cXt+9B4yVqnpYXHefB0Vt5mfi6/bavgbiqdt4A== > > =ZJEd > > -----END PGP SIGNATURE----- > > > > > > > > ******************************************************************* > > > > You have received this e-mail bulletin because of your > > subscription to the Microsoft Product Security Notification > > Service. For more information on this service, please visit > > http://www.microsoft.com/technet/security/noti> fy.asp. > > > > To > > verify the digital signature on this bulletin, > > please download our PGP key at > > http://www.microsoft.com/technet/security/noti> fy.asp. > > > > To > > unsubscribe from the Microsoft Security > > Notification Service, please visit the Microsoft Profile > > Center at http://register.microsoft.com/regsys/pic.asp > > > > If you do not wish to use Microsoft Passport, you can > > unsubscribe from the Microsoft Security Notification Service > > via email as described below: > > Reply to this message with the word UNSUBSCRIBE in the Subject line. > > > > For security-related information about Microsoft products, > > please visit the Microsoft Security Advisor web site at > http://www.microsoft.com/security. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
