 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
| HomeDiscussionsAccessExcelInfoPathOutlookPowerPointPublisherWordDirectoryUser Groups Related Topics Outlook ExpressInternet ExplorerWindowsMS Server ProductsMore Topics ... |
MS Office Forum / Publisher / Web Design / February 2008M$ Publisher Update
A couple of years back, Microsoft issued a security update for Publisher, KB894540. Said brilliant bit of code updating had a slight side effect: it rendered almost every .pub file on our half-dozen machines unreadable. The fix was to doctor the registry or roll back to the unpatched state, a daunting task on a dial-up connection due to the necessity to install Office 2000 from scratch and download all the sequential updates. What was happening was that the security patch saw any older .pub file as potentially malicious code, and there was no easy way to prevent that. The entire experience was a royal PITA! On February 12, M$ issued a new set of updates for Office that apparently are aimed at the same malicious code (and some other newer threats as well). On February 13, the KB article was updated to say there are no known issues with these patches. Having gone through hell once before, I was hesitant to install these updates without knowing for certain they would not flag old work product files as malicious, and render them as unreadable. I contacted M$, and of course could not get a straight answer. Heck, I could not even get them to understand the question... I then demanded escalation, and here is an email I received: "Hi Syd , "This is Yogesh with Microsoft Technical Support. I am contacting you regarding your case 1058846320. "I wanted to inform you about the kb articles that you have provided for the updates of Publisher 2000 that these updates are as security updates of the application reading the earlier files as malicious. "I escalated the issue and found some solution that you can try by: "Re-save the file publisher files again and the install (kb 946255) the updates which makes the files as new and the updates can be done and the files will not be treated as malicious. "Please let me know if the steps we discussed have resolved your issue by replying to this e-mail, so that I can update your case accordingly. We would be happy to continue to assist you if necessary." Is this correct? Has anybody had a problem with these latest updates? TIA. Syd Syd, I have Publisher 2000 on my Windows XP Pro 2SP computer but don't have either of the KBs you mentioned. I verified (google) both exist but to date MS hasn't informed me to get them. I do have about 60 other SPs though listed in BelArc Advisor report. My Publisher 2000 program came as a stand alone CD.  SignatureDon Vancouver, USA >A couple of years back, Microsoft issued a security update for Publisher, > KB894540. Said brilliant bit of code updating had a slight side effect: [quoted text clipped - 59 lines] > > Syd Update! I missed the KB946255 update mentioned later in the OP's original note. Yep, I installed KB946255 and when I went to edit a website pub file, delete a text box, up popped the insidious "..... has run into ...." "please inform Microsoft". Next tried to uninstall the KB but in the Add/Remove list it states, "can not be removed". Next googled for KB946255 and got the Microsoft page that tells all about this KB and in the verbiage it says to remove the KB, uninstall Publisher then reinstall Publisher without the KB. Got out the Pub CD, SR1a, SR2 and SR3. BUT!!! If you need to do this, be sure you have the ProductKey available. Did the reinstall and I think all is fine again. These little annoyances do tend to keep us old folks at the edge of our rocking chairs. <G> SignatureDon, Vancouver, USA ----------------------------------- "Find something you love to do and you'll never have to work a day in your life." Harvey Mackay, author > Syd, > I have Publisher 2000 on my Windows XP Pro 2SP computer but don't have [quoted text clipped - 67 lines] >> >> Syd Don: Am I understanding that you ran into trouble installing the February 12, 2008 patch, and not the one from 2006? Yeah, you hafta have the product key, and lots of patience if you do not have all the updates on CD. >Update! > [quoted text clipped - 16 lines] >These little annoyances do tend to keep us old folks at the edge of our >rocking chairs. <G> Yes, after installing the Feb 12, 2008 patch I could no longer delete a text box in my website pub 2000 file. I kept getting the "Pub 2000 ran into a problem" notify Microsoft. But, all is well again after the uninstall and reinstall of Publisher 2000 and its three SRs. SignatureDon Vancouver, USA > Don: > [quoted text clipped - 29 lines] >>These little annoyances do tend to keep us old folks at the edge of our >>rocking chairs. <G> Not sure I know what you are asking. I can open Publisher 2.0 files in Publisher 2000. I know before I could not, but after the new security update I was once more able to open 2.0 files in 2000 and 2002. The files will not open in 2003 or 2007 unless I re-save them. I don't want to steer you wrong on this. I can only relate my experience. SignatureMary Sauer MSFT MVP http://office.microsoft.com/ http://msauer.mvps.org/ news://msnews.microsoft.com >A couple of years back, Microsoft issued a security update for Publisher, > KB894540. Said brilliant bit of code updating had a slight side effect: it [quoted text clipped - 50 lines] > > Syd Mary: You probably do not remember ragging my a.s about this a couple of years ago. You suggested I could not possibly be right about that original update rendering perfectly good .pub files unreadable in the very program that created them. But that was exactly what happened, and M$ finally addressed the problem including issuing instructions for manually fixing the registry (gawd forbid). Once burned, twice shy is the reason am a bit hesitant to install this group of patches. What I want is for somebody at M$ to say yea or nay as to whether these latest patches were done with an eye toward the inadvertent disaster caused by the original patch. The KB says "no issues" as of the February 13 revision to the article, but that email from tech support seems to suggest otherwise by requiring resaving of all old work product files. A better explanation is in order. >Not sure I know what you are asking. > [quoted text clipped - 3 lines] > >I don't want to steer you wrong on this. I can only relate my experience. Wow, Syd, I would have called it differently than ragging your a**. I found my reply to you, I replied before I knew about the 2.0 files were unusable with the security patch. There was an lame apology posted, I'm sorry if you are still smarting. I have an old computer with 2.0 installed on it. I copied a few files to a floppy yesterday, copied them to this Vista hard drive, they opened fine on Publisher 2000 and 2002. If I re-save them they will open with 2003 and 07. So, I am assuming the Security Update for Windows Vista (KB943055) did cure the problem. SignatureMary Sauer MSFT MVP http://office.microsoft.com/ http://msauer.mvps.org/ news://msnews.microsoft.com > Mary: > [quoted text clipped - 28 lines] >> >>I don't want to steer you wrong on this. I can only relate my experience. My problem was with files that were created in Publisher 2000, then would not open in that very same program once the patch was installed. Smarting is a bad way to describe it, but I am often less than favorably impressed with the reaction of MVPs. As you may recall, I have been very annoyed with M$ over their failure to provide a way to migrate from Publisher to some other html editing program. I was recruited for a class action lawsuit concerning said problem, but for whatever reason, it has still not been filed. I think I may still be maintaining the largest commercial website in Publisher unless some other fool has made the same mistake I did. >Wow, Syd, I would have called it differently than ragging your a**. I found my >reply to you, I replied before I knew about the 2.0 files were unusable with the [quoted text clipped - 6 lines] >I am assuming the Security Update for Windows Vista (KB943055) did cure the >problem. Syd, Reference: http://www.microsoft.com/technet/security/bulletin/ms08-012.mspx from that article: "How could an attacker exploit the vulnerability? This vulnerability requires that a user open a specially crafted Publisher file with an affected edition of Microsoft Office Publisher. In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially-crafted file to the user and by convincing the user to open the file." Seems to me that unless you open an "infected" Pub file, that you do not need the patch. Consider the workaround proposed: "Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:. Do not open or save Microsoft Office files that you receive from untrusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted file." Du'oh! When was the last time you opened a Pub file that you didn't create? When will be the next? I am certainly not trying to suggest not installing a patch that MSFT considers "critical"... DavidF >A couple of years back, Microsoft issued a security update for Publisher, > KB894540. Said brilliant bit of code updating had a slight side effect: [quoted text clipped - 59 lines] > > Syd Yeah, I am aware of those realities. I do not think I have EVER opened a Publisher file on these computers I did not create. Nevertheless, like you say, M$ calls this a critical update for Office (my profile actually causes a group of three related updates to show). Since I got badly burned when I installed the predecessor to these updates, I cannot help feeling a bit paranoid. I do like to keep my machines fully updated, but I have a hard time trusting M$ after that last fiasco that took many hours to fix. >Syd, > [quoted text clipped - 88 lines] >> >> Syd Syd, I understand what you are saying, and you can color me even more paranoid if you want. I accept the fact that in spite of their best efforts some of the patches that MSFT provides fix one thing, and break another. Rather than take the risk of a patch breaking something on my machines, I have turned off automatic updating. I run a good antivirus and a good firewall (not MSFT), and practice "safe computing", and as a general rule only install SPs, not the individual patches...and even then only when I have to. I figure that by the time a SP is released, a lot of these fix/break patches that are introduced between SPs have been tweaked and fixed. I am sure that isn't always true, but I figure it is less risky to my machines than the hot fixes and patches. I also set a restore point and/or make an image of my C drive before installing SPs. Acronis True Image is a great program... I refuse to "upgrade" to Vista, to IE7, etc., and I am willing to take my chances by not installing patches, even if MSFT deems them critical. But, I am not willing to suggest other people do the same. It is up to you to evaluate the risk/reward. Don and Mary's comments are probably more relevant to this discussion than mine, as they have installed the patches. Good luck. DavidF > Yeah, I am aware of those realities. I do not think I have EVER opened a > Publisher file on these computers I did not create. Nevertheless, like [quoted text clipped - 108 lines] >>> >>> Syd I largely agree with your philosophy. I use Norton Ghost to accomplish the same thing. Every machine has at least two hard droves with one reserved for a carbon copy of the C: drive. That has come in handy a couple of times, but I had forgotten to do that when I installed that older patch. Senility is hell... >Syd, > [quoted text clipped - 131 lines] >>>> >>>> Syd |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.