Title

The most current Office 2007 Service Pack is not installed. (Cat II impact)

Discussion

Failure to install the most current Office Service Pack (SP) leaves a system vulnerable to exploitation. Current service packs correct known security and system vulnerabilities. If Microsoft Office installation is not at most current service pack this is a Category II finding. If Microsoft Office installation is at an unsupported service pack this will be upgraded to a Category I finding since new vulnerabilities may not be patched

Check Content

To determine what service pack level is installed, start any Office application, such as Word. Click on the Office Menu Button (upper left), Click "Word options" at the bottom of the menu, select "Resources" from the left column: The version number will be displayed alongside the "About" button on the right hand side display. If the "About" box information does not display a most current service pack, then this is a finding. Current Supported Service Pack Office 2007 – SP3 and later (See Severity Override). Severity Override: Unsupported service packs will be upgraded to a Category I finding. If the service pack installed is not SP3 or later, this is a finding and Severity must be changed to a CAT I.

Fix Text

Install the most current Office 2007 Service Pack.

Additional Identifiers

Rule ID: SV-32370r3_rule

Vulnerability ID: V-25884

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.