Eol/obsolete software microsoft office 2013 rtm (sp0) detected free. Description of Office 2010 Service Pack 2

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

After you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted websites exactly as you do today, while helping to protect you from this attack on untrusted sites.

The following registry scripts can be saved in registry entry. For more information on how to use registry scripts, see Microsoft Knowledge Base Article In order to use ‘FileOpenBlock’ with Microsoft Office , all of the latest security updates for Office must be applied.

Alternatively, file block can be applied using Group Policy. For more information, see the TechNet article, Plan file block settings for Office For Microsoft Office and Microsoft Office , users who have configured the File Block policy and have not configured a special exempt directory or have not moved files to a trusted location will be unable to open Office files or earlier versions. For Microsoft Office , Office files or earlier versions will either be blocked from opening or will be opened in protected mode depending on the open behavior that was selected.

For more information about the impact of file block setting in Microsoft Office software, see Microsoft Knowledge Base Article For Microsoft Office and Microsoft Office , use the following registry scripts to undo the settings used to set the File Block policy:.

What is the scope of the vulnerability? This is a remote code execution vulnerability. What causes the vulnerability? The vulnerability is caused when an ActiveX control corrupts the system state in such a way as to allow an attacker to execute arbitrary code. What are the Windows common controls? OCX file. What might an attacker use the vulnerability to do? An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. How could an attacker exploit the vulnerability? In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially crafted document to the user and convincing the user to open the document. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

This can include compromised websites and websites that accept or host user-provided content or advertisements. Such websites could contain specially crafted content designed to exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites.

Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger request that takes them to the attacker’s website. Then, specially crafted web content could be used to exploit the vulnerability on affected systems. What systems are primarily at risk from the vulnerability? Workstations and terminal servers are primarily at risk. Servers could be at more risk if administrators allow users to log on to servers and to run programs.

However, best practices strongly discourage allowing this. Does this mitigate this vulnerability? Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted web content on a server. This is a mitigating factor for websites that you have not added to the Internet Explorer Trusted sites zone.

Which components of Microsoft Office , Microsoft Office , and Microsoft Office require updating to mitigate this vulnerability? OCX is present in your installation. What does the update do? The update addresses the vulnerability by disabling the vulnerable version of the Windows common controls. It does this by setting the kill bit for the following class identifiers hosted in the library files:. The update also replaces the vulnerable version of the Windows common controls with a new version that does not contain the vulnerability.

What is a kill bit? This is done by making a registry setting and is referred to as setting the kill bit. After the kill bit is set, the control can never be loaded, even when it is fully installed. Setting the kill bit makes sure that even if a vulnerable component is introduced or is re-introduced to a system, it remains inert and harmless. When this security bulletin was issued, had this vulnerability been publicly disclosed? Microsoft received information about this vulnerability through coordinated vulnerability disclosure.

When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? Microsoft is aware of limited, targeted attacks attempting to exploit the vulnerability. However, when the security bulletin was released, Microsoft had not seen any examples of proof of concept code published.

Manage the software and security updates you need to deploy to the servers, desktop, and mobile systems in your organization. The Microsoft TechNet Security website provides additional information about security in Microsoft products. Security updates are available from Microsoft Update and Windows Update. Security updates are also available from the Microsoft Download Center. You can find them most easily by doing a keyword search for “security update. Finally, security updates can be downloaded from the Microsoft Update Catalog.

The Microsoft Update Catalog provides a searchable catalog of content made available through Windows Update and Microsoft Update, including security updates, drivers and service packs. By searching using the security bulletin number such as, “MS” , you can add all the applicable updates to your basket including different languages for an update , and download to the folder of your choosing. Microsoft provides detection and deployment guidance for security updates.

This guidance contains recommendations and information that can help IT professionals understand how to use various tools for detection and deployment of security updates.

For more information, see Microsoft Knowledge Base Article Microsoft Baseline Security Analyzer MBSA lets administrators scan local and remote systems for missing security updates as well as common security misconfigurations. For more information, see Microsoft Baseline Security Analyzer. Windows Server Update Services WSUS enables information technology administrators to deploy the latest Microsoft product updates to computers that are running the Windows operating system.

Note Microsoft discontinued support for SMS 2. Customers are encouraged to upgrade to System Center Configuration Manager. See also Downloads for Systems Management Server For more information, see System Center. For more detailed information, see Microsoft Knowledge Base Article : Summary list of monthly detection and deployment guidance articles.

Updates often write to the same files and registry settings required for your applications to run. This can trigger incompatibilities and increase the time it takes to deploy security updates. You can streamline testing and validating Windows updates against installed applications with the Update Compatibility Evaluator components included with Application Compatibility Toolkit.

The Application Compatibility Toolkit ACT contains the necessary tools and documentation to evaluate and mitigate application compatibility issues before deploying Windows Vista, a Windows Update, a Microsoft Security Update, or a new version of Windows Internet Explorer in your environment.

For information about the specific security update for your affected software, click the appropriate link:. The following table contains the security update information for this software.

You can find additional information in the Deployment Information subsection below. Note You can combine these switches into one command. For backward compatibility, the security update also supports many of the setup switches that the earlier version of the Setup program uses. For more information about the supported installation switches, see Microsoft Knowledge Base Article See the section, Detection and Deployment Tools and Guidance , earlier in this bulletin for more information.

File Version Verification Because there are several editions of Microsoft Windows, the following steps may be different on your system. If they are, see your product documentation to complete these steps. You can find additional information in the subsection, Deployment Information , in this section. Click Start and then enter an update file name in the Start Search box.

When the file appears under Programs , right-click the file name and click Properties. On the General tab, compare the file size with the file information tables provided in the bulletin KB article. Note Depending on the edition of the operating system, or the programs that are installed on your system, some files that are listed in the file information table may not be installed.

You can also click the Details tab and compare information, such as file version and date modified, with the file information tables provided in the bulletin KB article. Note Attributes other than the file version may change during installation.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Need more help? Expand your skills. Get new features first. Was this information helpful? Yes No. Thank you! Any more feedback? The more you tell us the more we can help. Can you help us improve? Resolved my issue. Clear instructions. Easy to follow. No jargon. Pictures helped. Didn’t match my screen. You need to apply the latest service pack Microsoft Skype have changed name to Lync. You may refer to this page and select the patch fit your environment if i do update or apply patch does it effect my sharepoint farm or site or applications?

Improve this answer. Mark L Mark L 4, 7 7 gold badges 59 59 silver badges bronze badges. Thanks Mark.. Few Clarification like I have not done any update or patch from IS now i need to apply every patch month wise and year wise or only alone just latest CU update will remedies for previous all patch updates?

Below are few list i have pasted for your understanding. You only need to apply the latest CU update e. Oct because the patch is “cumulative”. It contains all the previous updates. Thank you so much :- — Deepak Hadpad. Please mark as answer if it helps. Sign up or log in Sign up using Google. Sign up using Facebook.

Sign up using Email and Password.

 
 

 

Eol/obsolete software microsoft office 2013 rtm (sp0) detected free.Office 2013 Rtm language pack

 
Facebook Twitter Youtube Linkedin Reddit. November 18, Issue Update Retail Version

 
 

– Eol/obsolete software microsoft office 2013 rtm (sp0) detected free

 
 
Phone 7 Phone 8 Phone 8.