Office 2016 desktop + Click2Run: what is true?



  • Hi,
    Office 2016 desktop has some unclear links with office 365. And how 2016 click2run is updated is still not clear for me.
    So when I see the result in Personal.vulndetect this is not clearer, unsecure or not:
    Microsoft Office 2016
    Version 1904 Build 11601.20178
    Insecure

    Recommended version: Version 1904 Build 11601.20204Ok
    By: Microsoft Corporation
    Based on: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    Open product homepage
    Bundled applications:

    Microsoft Excel 2016
    Version 1801 Build 9001.2171
    Insecure

    Recommended version: Version 1904 Build 11601.20204Ok
    By: Microsoft Corporation
    Based on: C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16010.9001.2171.0_x86__8wekyb3d8bbwe\Office16\EXCEL.EXE
    Open product homepage

    Microsoft Word 2016
    Version 1904 Build 11601.20178
    Insecure

    Microsoft Access
    Version 1904 Build 11601.20178
    Ok

    Microsoft Access
    Version 1904 Build 11601.20204
    Ok

    Microsoft Excel 2016
    Version 1904 Build 11601.20178
    Ok

    Recommended version: Version 1904 Build 11601.20204Ok
    By: Microsoft Corporation
    Based on: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
    Open product homepage

    Microsoft Excel 2016
    Version 1904 Build 11601.20204
    Ok

    By: Microsoft Corporation
    Based on: C:\Program Files (x86)\Microsoft Office\Updates\Download\PackageFiles\CD11701C-16A1-4E5A-85EC-DA590C15E3D3\root\Office16\EXCEL.EXE
    Open product homepage

    Microsoft Office 2016
    Version 1904 Build 11601.20204
    Ok

    By: Microsoft Corporation
    Based on: C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.11601.20204\OfficeClickToRun.exe
    Open product homepage

    Note: I tried to post a capture of screen without success.

    Regards.


  • VulnDetect Team Member

    Hi,
    Our Office rules does need a bit of a brush up, but they are up-to-date for Office 365 / the subscription licensed releases. We do not currently maintain rules for the perpetually licensed Microsoft Office (the one updated via Windows Update / Microsoft Update).

    In short, Office ClickToRun is the new "modern" way of updating Office. ClickToRun is always part of the Office 365 subscription service.

    However, ClickToRun is also used in the perpetually licensed Office 2019, and there also is some perpetually licensed Office 2016 releases and even some Office 2013 and Office 2010 installations. Though most perpetually licensed Office 2016 / 2013 / 2010 still use the "old" Windows / Microsoft Update mechanism.

    There is also a third version of Office, you appear to have one of those files, your Excel in the WindowsApps folder. This is updated and maintained via the Microsoft Store. We do not currently support apps from Microsoft Store (though there is a few exceptions).

    Usually Office 365 / ClickToRun will update itself. However, this can take a prolonged time if you have Outlook or other apps open. To speed up the update process, you can go to "File -> Office Account -> Office Updates".

    I can see that you are in the "Monthly Channel" so the recommended version for you is currently Version 1904 Build 11601.20204 (just as stated by VulnDetect). You should be aware that there can be multiple updates for Office during a month, in April there was 6 independent updates, in May there has only been 2 so far. Usually only 1 of these are security related. The latest one is a security update.

    I would consider uninstalling the Excel from WindowsApps, since you already have a fully licensed Office 365 installation.

    /Tom


Log in to reply