Recent Experience Trying to Update Office 2013

Topic

New Reply

I thought I would share my recent experience (an hour ago) attempting to update Office Professional 2013.  I use a PC running Windows 1o Professional.  I have Office Professional Plus 2013 installed on my computer.   Microsoft released an update on March 8, supposedly to remedy a security vulnerability.  However, when I tried to install the update within Office, it wouldn’t install.  So I downloaded the update package file and tried to install it manually. When I did that, I got a dialogue box that said “There are no products affected by the package installed on this system.”   I then contacted Microsoft Support – which for home users is now only available via chat; you cannot speak to a person without having to pay.  The support person took control of my computer and had the same problems I did.  He then told me that Microsoft had withdrawn the update, even though it released less than a week ago (on March 8th).  So I have no idea whether my version of Office continues to have the security vulnerability the update was intended to address

Reply | Quote

Replies

rchrd1221 wrote:

The support person took control of my computer and had the same problems I did.

You let some ‘no-one-knows-who’ remote control your PC ?

Reply | Quote

Alex5723 wrote:

You let some ‘no-one-knows-who’ remote control your PC?

Microsoft Support knows who.

It’s not dangerous when a user has contacted them, only when “they” contact you.

 

rchrd1221 wrote:

I have Office Professional Plus 2013 installed on my computer. Microsoft released an update on March 8, supposedly to remedy a security vulnerability.

KB5002068?

 

rchrd1221 wrote:

So I downloaded the update package file and tried to install it manually. When I did that, I got a dialogue box that said “There are no products affected by the package installed on this system.”

There are separate downloads for 32-bit and 64-bit Office 2013:

Security Update for Microsoft Word 2013 (KB5002068) 32-Bit Edition

Security Update for Microsoft Word 2013 (KB5002068) 64-Bit Edition

Did you download the right one?

(Check at File, Account, About …)

 

rchrd1221 wrote:

He then told me that Microsoft had withdrawn the update, even though it released less than a week ago (on March 8th). So I have no idea whether my version of Office continues to have the security vulnerability the update was intended to address

I can’t find any indication that it’s been withdrawn (sounds like an MS excuse to me).

But it’s “only” Important, not Critical:

If the preview pane is an attack vector, why is the severity for this vulnerability Important and not Critical?

Even though the preview pane is an attack vector, the attacker cannot achieve remote code execution if they successfully exploit the vulnerability, but can only gain information from the victim.

(and Exploitation Less Likely; Not Publicly Disclosed or Exploited)

Microsoft Office Word Tampering Vulnerability CVE-2022-24511

Reply | Quote

b wrote:

Microsoft Support knows who.

It’s not dangerous when a user has contacted them, only when “they” contact you.

I would never let anyone from Microsoft (or any other company) touch my PC remotely.

Reply | Quote

Alex5723 wrote:

I would never let anyone from Microsoft (or any other company) touch my PC remotely.

In many situations, there’s no alternative.

Every hour of every day thousands of people are getting their computers fixed remotely by support technicians or system administrators.

If it was always wrong, the world would grind to a halt.

Reply | Quote