This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 44%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hello team,
Hope all of you are doing well!
So, I have a Microsoft windows server running windows server 2008, R2 SP1 x64, in which Microsoft Office Access database engine 2007 is installed (English, 12.0.4518.1031).
After a vulnerability scanning lunch on this server (Nexpose), a report was generated showing the vulnerability :
MS11-073: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)
MS12-057: Vulnerability in Microsoft Office Could Allow Remote Code Execution (2731879)
When documenting both, I found those KBs are dedicated to Microsoft Office 2007 and other products but not Microsoft Office Access database engine. However when checked the server, I didn't find that Microsoft Office is installed, I found only the Office Access database engine is installed, and even the vulnerability rapport mentioned that the vulnerable software is the "Office Access database engine".
So I get confused about remediating that vulnerability and how can I proceed?
Could you please provide me with some assistance or information about that issue?
Thank you in advance!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Does not sound like it applies to the database engine itself.
https://learn.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-073
but you could easily update the engine to a newer version.
https://www.microsoft.com/en-us/download/details.aspx?id=13255
https://www.microsoft.com/en-us/download/details.aspx?id=54920
--please don't forget to upvote and Accept as answer if the reply is helpful--
But when I check installed programs, there is no Microsoft Office installed, I found only Microsoft Database Engine.
I can not proceed with the update as it's part of the client side.
Yes, I know. As I mentioned, I don't think it applies. Still may be worth considering updating the engine.
--please don't forget to upvote and Accept as answer if the reply is helpful--
So we can consider this reported vulnerability as a false positive in our case as proceeding with the Microsoft Engine update will remediate it and no need to apply the KB.
I believe so. That one is so old it is likely superseded long a go anyway. If you do update the driver then you may need to update the calling application's connection string.
--please don't forget to upvote and Accept as answer if the reply is helpful--
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--