Jump to content

Beware of Office 2010 Updates!


Recommended Posts

9 minutes ago, Dave-H said:

Great work!
:thumbup

So far:

windowsxp-kb4019276-x86-embedded-enu is confirmed problematic.

windowsxp-kb4459091-x86-embedded-enu is also problematic.

Looks like these are both updates for TLS... interesting...

Edited by Dylan Cruz
Link to comment
Share on other sites


31 minutes ago, Dylan Cruz said:

So far:

windowsxp-kb4019276-x86-embedded-enu is confirmed problematic.

windowsxp-kb4459091-x86-embedded-enu is also problematic.

Looks like these are both updates for TLS... interesting...

Good news!

4019276 and 4459091 are the ONLY problematic updates for MSO!

@win32 @Dave-H @daniel_k @Dylan Cruz Any cause for concern here? I think if we were all to uninstall these from production, MSO should suddenly start working again - in theory - it might be uninstalling won't undo the damage, and you'll need to not install these in the first place.

What's odd is most updates show up as "Security update for WIndows XP..." and these both are just "Update for Windows XP..." - they must have done some major damage!

I tested installing both of these updates, and that broke things, but surprisingly uninstalling the two updates did NOT fix things. Looks like the only option once you've installed is to nuke and start over, which seems bizarre. Uninstalling the updates doesn't seem to undo the damage, sadly. I'm blacklisting these updates in my notes so I don't install them accidentally!

Edited by Dylan Cruz
Link to comment
Share on other sites

Great result, only two items, it could have been a lot worse!
Both of those updates relate to the adding of TLS 1.1 and 1.2 support to Windows XP.
I guess if you use anything which needs them uninstalling the updates will break that.
Although I don't use IE8 for anything now of course, Microsoft Update being the last exception, and that has now it seems permanently broken, I do use the IE8 engine as the message viewer in my Eudora e-mail program, so things could break there if I remove those updates.
As personally I never deal with encrypted Office documents, I will almost certainly leave things as they are.
:)

 

Link to comment
Share on other sites

2 minutes ago, Dave-H said:

Great result, only two items, it could have been a lot worse!
Both of those updates relate to the adding of TLS 1.1 and 1.2 support to Windows XP.

 

Didn't even know that was possible, I'd heard of that for Vista but not XP!

 

2 minutes ago, Dave-H said:


I guess if you use anything which needs them uninstalling the updates will break that.
Although I don't use IE8 for anything now of course, Microsoft Update being the last exception, and that has now it seems permanently broken, I do use the IE8 engine as the message viewer in my Eudora e-mail program, so things could break there if I remove those updates.
As personally I never deal with encrypted Office documents, I will almost certainly leave things as they are.
:)

 

Firefox 52.9 ESR has TLS 1.2 support and New Moon even has TLS 1.3 support, so I don't think it's much of an issue. IE9 is really the oldest usable IE these days... IE8 is just too old now to work well at all, so no TLS 1.1/1.2 is probably fine, since it can't render those sites properly anyways.

It's kind odd Microsoft makes XP users choose between Office encryption or better TLS... can't have your cake and eat it, too, I guess! But XP isn't usable for me without Office so that's the choice I'm making :D

Link to comment
Share on other sites

7 minutes ago, Dylan Cruz said:

IE8 is just too old now to work well at all, so no TLS 1.1/1.2 is probably fine, since it can't render those sites properly anyways.

MS has released updates adding TLS 1.1/1.2 to XP and IE8. It lacks some encryption methods, but most sites using TLS 1.2 open fine.

Link to comment
Share on other sites

38 minutes ago, ED_Sln said:

MS has released updates adding TLS 1.1/1.2 to XP and IE8. It lacks some encryption methods, but most sites using TLS 1.2 open fine.

I mean most sites which are TLS 1.2 only have CSS that IE8 can't render properly. Only older sites will work "fine" in IE8.

 

These updates in question though seem to be the ones that break MSO so it's kind of a catch22...

Link to comment
Share on other sites

Unfortunately,I think it's often the lack of SNI perhaps even more than the TLS version that makes Websites deny Internet Explorer.

It's the unfortunate difficulty of dealing with software that wasn't up to par even when it came out eleven years ago!

Edited by ThomasW
Link to comment
Share on other sites

5 minutes ago, ThomasW said:

I think it's often the lack of SNI perhaps even more than the TLS version that makes Websites deny Internet Explorer

Some sites are TLS 1.2 only. I changed mine to no longer accept TLS 1 and 1.1 just last week.

Link to comment
Share on other sites

13 minutes ago, Dylan Cruz said:

Some sites are TLS 1.2 only. I changed mine to no longer accept TLS 1 and 1.1 just last week.

Oh definitely!

I was just pointing out that SNI is another very common reason which seems much less discussed!

I like what I see on your Website from my main Web browser; some really compelling copy, though it's blocking me from Internet Explorer — are you blocking all visitors over HTTP as well?!  D:

Seems rather contrary to the copy on your site!  🙃

Edited by ThomasW
Link to comment
Share on other sites

18 minutes ago, ThomasW said:

Oh definitely!

I was just pointing out that SNI is another very common reason which seems much less discussed!

I like what I see on your Website from my main Web browser; some really compelling copy, though it's blocking me from Internet Explorer — are you blocking all visitors over HTTP as well?!  D:

Seems rather contrary to the copy on your site!  🙃

Sorry, had to, it's not secure! There's login and stuff on some of those pages, and you get dinged big time in security tests and audits! Even W2K can do TLS 1.2 HTTPS so I saw no reason to allow HTTPs, and recently, < TLS 1.2, either. Even Lynx can do TLS 1.2.

Yeah, SNI is a thing but it's been supported since IE6, so probably not a big concern these days.

Correction: IE7 on Vista, apparently...

Edited by Dylan Cruz
Link to comment
Share on other sites

Alright, everyone, I did a fresh install and can confirm MSO 2010 works perfectly without those two problematic updates!

Hopefully it's helpful if others in the future are having issues with MSO.

1. Replace MSO.DLL with MSO.DLL from KB 4092483

2. Do NOT install KBs 4019276 and 4459091 or you will completely break Microsoft Office encryption and who knows what else. That being said, these bring TLS 1.1 and 1.2 support to XP, but you can get them with other browsers like Firefox/New Moon anyways so it's the lesser of two evils for me :)

Now... back to trying to figure out how to get MSE definitions to install... 

 

:D

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...