Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Microsoft Internet Explorer 8X & Microsoft Windows XP Professional

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft Internet Explorer 8.x

This thread has been marked as locked.
mariljohnson Microsoft Internet Explorer 8X & Microsoft Windows XP Professional
Member 12th Aug, 2011 19:34
Ranking: 0
Posts: 6
User Since: 31st Jul, 2009
System Score: N/A
Location: N/A
Secunia say these two programs are insecure and need updates. I went to Microsoft's site and scanned for updates ( I automatically am notified when an update is availble so I did not think I needed any, but I did it anyway) Microsoft says I am up to date. What is wrong with Secunia?

mogs RE: Microsoft Internet Explorer 8X & Microsoft Windows XP Professional
Expert Contributor 12th Aug, 2011 21:07
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello.
According to the following Secunia Advisories :-
http://secunia.com/advisories/product/21625/ IE 8
http://secunia.com/advisories/product/22/ XP Professional

.......it appears that if both IE8 and XP are fully patched they are still vulnerable.
XP...Highly Critical and IE8 Less Critical.
From what I can see of it, you've done all you can.
There are a few XP users on the forum who may be able to advise more fully.

Regards,

--
Was this reply relevant?
+0
-0
puget1 RE: Microsoft Internet Explorer 8X & Microsoft Windows XP Professional
Member 12th Aug, 2011 22:27
Score: 0
Posts: 551
User Since: 21st Dec 2007
System Score: N/A
Location: US
@merriljohnson

What you have been advised is correct. If you are current with Microsoft update Tuesday 8-9-2011 with no hidden updates and all were installed successfully ,then "they are unpatched with no vendor solutions". Same for Mozilla 5+. Hope this helps

--
Gone to Linux permanetly












Was this reply relevant?
+0
-0
mariljohnson RE: Microsoft Internet Explorer 8X & Microsoft Windows XP Professional
Member 12th Aug, 2011 23:37
Score: 0
Posts: 6
User Since: 31st Jul 2009
System Score: N/A
Location: N/A
Thank you all who have replied to my question. I ran Secunia again and it did not list internet explorer or windows XP Professional to be at risk. It now listed Adobe Flash drive. I downloaded that patch and ran Secunia again. This time the scan showed 100%. I think what happened was that Secunia said my Microsoft programs were at risk before I had downloaded the patches, even though I always immediately download patches. I don't know how Secunia knew they were needed before Microsoft had a chance to alert me.
Was this reply relevant?
+0
-0
Anthony Wells RE: Microsoft Internet Explorer 8X & Microsoft Windows XP Professional
Expert Contributor 13th Aug, 2011 00:02
Score: 2445
Posts: 3,337
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 13th Aug, 2011 00:09
Hello all ,

There seems to be some confusion here ; if Secunia "Scan Results" page is showing ANY programme as "insecure" then there are patches available which can be applied to that/those vulnerability(s) to improve your security . Windows XP Home and Professional when fully patched and displayed as "up to date" by the PSI , with everything available from M$updates installed , still have unpatched vulnerabilities which CANNOT be patched as M$ has nothing for them . There is nothing further to do . Where is PSI displaying XP as insecure ?? Have you applied all the M$ patch Tuesday (09/08/2011) updates ?? If so , have you rebooted and run a full PSI scan ??

The full listing of vulnerabilities is here if you scroll down :-

http://secunia.com/advisories/product/16/?task=adv...

The same applies to IE8 where there is one unpatchable vulnerability ; this is also shown as "up to date" on the "scan results" page after getting everything available from M$ ; it is also helpfully displayed in the "secure browsing" (for advanced user) section of the PSI as "unpatched , no vendor solution" where SA24314 is descriptive :-

http://secunia.com/advisories/24314/

M$ are never likely to patch this , so you must deal with it as you see fit . Where are you seeing IE8 as in need of patching ??

Mozilla Firefox 5.0.x and Google Chrome 13.x (Stable) versions have NO unpatched (published) vulnerabilities atm .

Secure browsing will show you the Java JRE/JDK 1.6 U26 is currently vulnerable with no patch available ; again you can do nothing to patch it so deal with it accordingly .

Hope that is clear enough .

Anthony


EDIT : folowing your last post , you ALWAYS need to reboot and run a full PSI scan for M updates to register with the PSI , so that may have been causing your problem . Pleased to hear you are fixed up now :))

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer