none
Microsoft Security Advisory (2896666) RRS feed

  • Question

  • How do I validate that the patch worked for this advisory?   I've done the registry setting to disable TIFF Codec but I can still view TIFF images via Media Player and inside Word 2010 as picture or package.   What is it preventing?  just malformed TIFF?

    Windows 7 Enterprise

    Windows 2003

    Windows 2008 R2

    Winodws 2008

    Windows 2012

    mercredi 6 novembre 2013 17:55

Réponses

  • I haven't managed to block TIFF images in Office 2010 on my Windows 7 test clients either.

    From what I've read, Office 2010 is only affected by the vulnerability when it is running on older operating systems and not in Windows 7.
    Quote from http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx:
    "Due to the way Office 2010 uses the vulnerable graphic library, it is only affected only when running on older platforms such as Windows XP or Windows Server 2003, but it is not affected when running on newer Windows families (7, 8 and 8.1)."

    I have failed to find any information about whether the DisableTIFFCodec registry setting should work or not when used in combination with Windows 7 and Office 2010 but since it's probably not affected  I'm not going to worry to much about it.
    I will try to find clients with different combinations to verify the fix for those combinations instead.

    jeudi 7 novembre 2013 09:26

Toutes les réponses

  • Where did you see that this advisory was for Windows 7?  Please provide the link.

    I have read info by Microsoft on 2 different web pages and from what I have read this does not affect Windows 7:

    http://support.microsoft.com/kb/2896666  and http://support.microsoft.com/kb/2896666


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

    mercredi 6 novembre 2013 20:20
  • Reading the language, yes it does say Win7 not affected but Office 2010 and Lync are affected. So does the fix only effective on XP where TIFF are blocked? Where as applying the reg patch would have no effect on Windows 7?

    /technet microsoft com/en-us/security/advisory/2896666

    mercredi 6 novembre 2013 20:28
  • I haven't managed to block TIFF images in Office 2010 on my Windows 7 test clients either.

    From what I've read, Office 2010 is only affected by the vulnerability when it is running on older operating systems and not in Windows 7.
    Quote from http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx:
    "Due to the way Office 2010 uses the vulnerable graphic library, it is only affected only when running on older platforms such as Windows XP or Windows Server 2003, but it is not affected when running on newer Windows families (7, 8 and 8.1)."

    I have failed to find any information about whether the DisableTIFFCodec registry setting should work or not when used in combination with Windows 7 and Office 2010 but since it's probably not affected  I'm not going to worry to much about it.
    I will try to find clients with different combinations to verify the fix for those combinations instead.

    jeudi 7 novembre 2013 09:26