Trying to understand office patching

jaybird283 561 Reputation points
2022-03-16T02:14:24.61+00:00

Hello everyone, i am trying to understand how office (msi not C2R) patches work. Are office patches cumulative? Our security department sometimes sends us a list of machines that need some old patch and i am trying to find the easiest way to patch it. They provide "Proof" that look something like this.

MS15-116: Security Update for Microsoft Office to Address Remote Code Execution (3104540)

<p></p><p>Vulnerable software installed: Office 2013</p><ul><li>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109A20000000100000000F01FEC\InstallProperties - key exists</li><li>The Office component Microsoft Office 64-bit Components 2013 is running an affected version - 15.0.4569.1506</li><li>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109A20000000100000000F01FEC\Patches\0E6DC534DA270DD4AAB0FCBEF35FA7FD - key does not exist</li><li>KB3101371 is not installed</li></ul>

But when i search for that KB number in SCCM it doesn't have any patches with that KB number. I am wondering if it would be better to apply some newer patch (like KB3115256 for example).

But really i am just trying to wrap my head around office patches in general. Do we have to install every possible old patch that may be missing. or would applying the latest patch solve the same problem?

Is there a sort of all inclusive update rollup or some update pack that would catch everything up to something more recent?

If we use SCCM is there something we would need to do to include older patches like this?

Microsoft Configuration Manager Updates
Microsoft Configuration Manager Updates
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Updates: Broadly released fixes addressing specific issue(s) or related bug(s). Updates may also include new or modified features (i.e. changing default behavior).
974 questions
Microsoft Configuration Manager
0 comments No comments
{count} vote

Accepted answer
  1. Rita Hu -MSFT 9,626 Reputation points
    2022-03-21T09:08:00.623+00:00

    @jaybird283
    But when i search for that KB number in SCCM it doesn't have any patches with that KB number. I am wondering if it would be better to apply some newer patch (like KB3115256 for example).
    Yes, it is recommended to deploy the latest security updates for the clients. Here is the update history for you:
    https://learn.microsoft.com/en-us/officeupdates/office-updates-msi

    But really i am just trying to wrap my head around office patches in general. Do we have to install every possible old patch that may be missing. or would applying the latest patch solve the same problem?
    It is recommended to deploy the latest one. In my opinion, the software updates for Office are cumulative in the most case. Here is a related I found right now and I want to share on this forum.
    https://learn.microsoft.com/en-us/previous-versions/office/office-2013-resource-kit/cc178995(v=office.15)

    Hope the above will be helpful.

    Best regards,
    Rita


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Philippe Levesque 5,696 Reputation points MVP
    2022-03-16T02:50:50.823+00:00

    Office update are not cumulative except service pack's one, which include some older.

    Does the SCCM is synced with a WSUS server which have Office 2013 product listed ? Try to search the KB inside your WSUS's server. Your security department might have used another tool to list the needed update.

    1 person found this answer helpful.
    0 comments No comments

  2. jaybird283 561 Reputation points
    2022-03-22T02:38:01.597+00:00

    @Rita Hu -MSFT The second link you sent doesn't appear to work. but i think you may be right that most patches are cumulative. Thank you for your reply.

    1 person found this answer helpful.
    0 comments No comments