OfficeUpdates on Twitter
Blog and Comment Policy
Hello, a common question we get when we release a cumulative update is “can we have the cumulative update show up in my Windows Server Update Services (WSUS) catalog?” While this isn’t something we typically do with a cumulative updates. You got me thinking. I’m sure we have this information but where is this information located?In my research of Sasquatch (we are in the Northwest) and System Center Configuration Manager (SCCM) I found some great resources on how to publish MSP’s to internal WSUS deployments using Software Distribution in Configuration Manager and System Center Updates Publisher. Both of these pages provide great starting points on how to advertise the packages you wish to deploy within your environment.
Oh wait there’s more, Jason Lewis on the SCCM team has some great blogs and videos on how to set this all up. I recommend starting with one of Jason’s first blog “How to setup SCUP and ConfigMgr 2007 to deploy custom updates” it provides a solid foundation on how to deploying custom updates with SCCM and WSUS.
Creating an update
Publishing an update
Deploying an update
Automating the creating and publishing the update?
This is a great starting point for authoring, publishing Office or other cumulative updates to your internal WSUS servers.
The Office Sustained Engineering Team
The January 12 Office Public Update contained 3 non security fixes, and is now live and available for download. As with our normal cadence, we released the Outlook Junk Email Filters for 2007 and 2010 32-bit/64-bit. Joining the filters this month is a non-security release for Outlook 2007 that provides fixes for an update to Outlook released in December, described by the Outlook team blog.
Hi, Modesto Estrada here with the Microsoft Office Sustained Engineering Security team. I wanted to shed even more light on last month's blog post regarding the future availability of the Office File Validation backport. As we move forward towards our release (CYQ1 2011), we will continue to update this blog with additional information for customers. Please watch this space for future posts on File Validation. Topics we plan to discuss in the future are deployment of … as well as troubleshooting issues.
Today’s entry is about the user experience and what you will see when Office File Validation fails and the Office Trust Center.
When we were creating the dialog boxes for failed file validation, it is a general concern that users have grown accustomed to dialog boxes, and click through them without even reading the message. In an effort to dissuade any apathy, we’ve taken a more aggressive stance by communicating the potential for malicious intent. When a user opens a Word, Excel, PowerPoint, or Publisher 97-2003 file (what happens during the open), and that file fails Office File Validation the user will be presented with the following dialog box (this is the Default Behavior).
This will allow the user the ability to either cancel or continue opening the document. In this situation we strongly recommend that the user select cancel and notify the creator or sender of the document’s potential issues.
At any time, if you feel a document you have may have been compromised please feel free to send your file to firstname.lastname@example.org.
NOTE: Microsoft Office 2003 and 2007 do NOT have Protected View which would allow opening of the documents in a protected sandboxed environment. Protected View only exists in Office 2010.
Office 2007 Trust Center
With the introduction of Office Trust Center in 2007 you can use this in conjunction with Office File Validation. By setting a trusted location in the Trust Center any files opened from this location will NOT be run through the validation process.
Add your document location to the trusted path
For IT Pros:
As an IT Admin we all know some users can be quick to click through dialog boxes. Office File Validation will provide you with the ability to set a registry key via Group Policy which will prevent the user from even opening the file.
The following registry keys will change the file open behavior (to be documented in a TechNet article once our File Validation backport is live).Value: InvalidFileUIOptionsType: REG_DWORDDefault: 0Description: When Office File Validations fails0 = Notify user file failed. Give user the option to load the file or not 1 = Notify user file failed. No option to load the file.2007HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Excel\Security\FileValidationHKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\FileValidationHKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileValidation2003HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Excel\Security\FileValidationHKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Word\Security\FileValidationHKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\PowerPoint\Security\FileValidationIf the dialog is displayed on the users’ machine Office File Validation will also log an event in the Application event log. This will give you the ability to remotely look for validation failures across your organization.
You can set the trusted location via Group Policy.
Modesto and The Office File Validation Backport team