Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: IE9 Zombies......
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Programs
|
Relating to this vendor: Microsoft |
And, this specific program: Microsoft Internet Explorer 9.x |
| mogs | IE9 Zombies...... |
|---|---|
 |
21st Sep, 2012 21:51 |
|
Ranking: 2163 Posts: 5,883 User Since: 22nd Apr, 2009 System Score: 100% Location: UK |
I've just applied the latest patch for IE9 in Vista......now 9.1.8112.20557 and seem to be collecting a gathering of zombie installations with a limited threat rating as shown in psi....now 9 such examples. It does'nt seem possible to remove them.....I don't wish to create an ignore rule for them.....are they all safe enough as is ? Are they likely to be removed at a later date anyrate ? Your expertise would be very welcome Maurice, without being presumptuous ; if you would be so kind........regards......... -- |
Post "RE: IE9 Zombies......" has been selected as an answer.
| Maurice Joyce | RE: IE9 Zombies...... | ||||||||
|
21st Sep, 2012 22:13 | ||||||||
| Score: 10510 Posts: 8,072 User Since: 4th Jan 2009 System Score: 100% Location: UK |
Can you take a snippet & show me the files? What prevents deletion? -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| mogs | RE: IE9 Zombies...... | ||||||||
|
|
21st Sep, 2012 23:02 | ||||||||
| Score: 2163 Posts: 5,883 User Since: 22nd Apr 2009 System Score: 100% Location: UK |
I've tried Copy/pasting the Troubleshoot report and CTRL+C etc....to no avail.......... If I try to delete the items.....it says that I need permission......and then I get another panel saying Try Again which just repeats itself when pressed. I've got an actual installation for 9.1.8112.20557 .............and then 8 Zombie files C:\Windows\winsxs\x86_microsoft-windows-i..etexplo Also :- 1 Zombie :- C:\ProgramFiles\InternetExplorer\iexplore.exe,vers All the Zombie files are shown as Patched with a Very Limited threat rating Is that any help ? Thanks Maurice. -- |
||||||||
|
|||||||||
| Websafe | RE: IE9 Zombies...... | ||||||||
|
21st Sep, 2012 23:13 | ||||||||
| Score: 79 Posts: 104 User Since: 24th May 2009 System Score: 100% Location: NL |
Hello Mogs and Maurice, Same zombie files; Windows Vista home Premium 32-bit SP2, Secunia PSI 2.0.0.3003. IE-9. Looks like this: Detected Instances: C:\WINDOWS\winsxs\x86_microsoft-windows-i..etexplo C:\WINDOWS\winsxs\x86_microsoft-windows-i..etexplo C:\WINDOWS\winsxs\x86_microsoft-windows-i..etexplo C:\WINDOWS\winsxs\x86_microsoft-windows-i..etexplo C:\WINDOWS\winsxs\x86_microsoft-windows-i..etexplo C:\WINDOWS\winsxs\x86_microsoft-windows-i..etexplo C:\WINDOWS\winsxs\x86_microsoft-windows-i..etexplo C:\WINDOWS\winsxs\x86_microsoft-windows-i..etexplo C:\WINDOWS\winsxs\x86_microsoft-windows-i..etexplo C:\Program Files\Internet Explorer\iexplore.exe, version 9.0.8112.16450 Websafe. |
||||||||
|
|||||||||
| RE: IE9 Zombies...... | [+] |
|
| This reply has been deleted | ||
| mogs | RE: IE9 Zombies...... | ||||||||
|
|
21st Sep, 2012 23:30 | ||||||||
| Score: 2163 Posts: 5,883 User Since: 22nd Apr 2009 System Score: 100% Location: UK |
@Maurice Yes...logged on as admin. I'm just wondering that tho' psi has them showing as Zombie whether or not there's still a cumulative value to them and perhaps they're better left alone ? As each successive update has taken place I'd kept thinking that MS would remove them if not required. I havn't developed paranoia.....I hope it's not me that's sleeping !!! @Websafe Thanks for your input.......regards.......... -- |
||||||||
|
|||||||||
| Maurice Joyce | RE: IE9 Zombies...... | ||||||||
|
|
21st Sep, 2012 23:58 | ||||||||
| Score: 10510 Posts: 8,072 User Since: 4th Jan 2009 System Score: 100% Location: UK Last edited on 22nd Sep, 2012 00:01 |
I would agree - no mad panic & U certainly do not want to be in the Winsxs Folder. I do not have ready acccess to a Vista set up. Your oddity is not showing in windows 7 on either a 32 or 64 Bit system although I have some of those Public Keys you are showing. This could be something for Secunia Support on Monday - I will have some fun & tinker with my test 32 & 64 test PC's. If need be I will contact support if I find anything odd. EDIT - Can U confirm the actual IE exe file showing in PSI is 9.0.8112.16450 -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| mogs | RE: IE9 Zombies...... | ||||||||
|
|
22nd Sep, 2012 00:15 | ||||||||
| Score: 2163 Posts: 5,883 User Since: 22nd Apr 2009 System Score: 100% Location: UK |
Thanks for your help and comments Maurice......appreciate your looking into the matter further. Whilst on the main Scan Results page the installation is shown as 9.1.8112.20557......when clicking on the + sign.......in amongst the entries previously mentioned is the C:\ProgramFiles\InternetExplorer\iexplorer.exe,ver Regards............ -- |
||||||||
|
|||||||||
| Maurice Joyce | RE: IE9 Zombies...... | ||||||||
|
|
22nd Sep, 2012 00:27 | ||||||||
| Score: 10510 Posts: 8,072 User Since: 4th Jan 2009 System Score: 100% Location: UK Last edited on 22nd Sep, 2012 00:27 |
That is an oddity in itself. Did you by chance use the Fix It tool prior to the release of the Microsoft patch today? -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| mogs | RE: IE9 Zombies...... | ||||||||
|
|
22nd Sep, 2012 10:24 | ||||||||
| Score: 2163 Posts: 5,883 User Since: 22nd Apr 2009 System Score: 100% Location: UK |
@Maurice Sorry didn't reply earlier....overcome by drowsiness earlier than expected ! No, I hadn't used Fixit......do you think it's worth trying at this late stage ? -- |
||||||||
|
|||||||||
| Maurice Joyce | RE: IE9 Zombies...... | ||||||||
|
|
22nd Sep, 2012 10:57 | ||||||||
| Score: 10510 Posts: 8,072 User Since: 4th Jan 2009 System Score: 100% Location: UK Last edited on 22nd Sep, 2012 10:58 |
To answer your question NO NO NO! @mogs I think I have cracked it. The IMPORTANT bit is that if you have installed KB2744842 (the latest MS patch) IE on your PC is protected minus this http://secunia.com/advisories/47129/ which I consider unimportant & not relevant to IE9. I think what you have found is an inconsistency on the way Secunia are now displaying IE. I have tested the results shown by PSI on these PC's. XP SP3 32 Bit using PSI version 1.5.0.2 - This merely confirms IE8 has only one entry in the Scan Result Page & is secure under version 8.0.6001.18702 minus this http://secunia.com/advisories/24314/ Windows 7 32 Bit using PSI version 3.0.0.3001 Windows 7 64 Bit using PSI version 2.0.0.4003 These two PSI variants only show ONE entry in the Scan Results Page & in the case of PSI version 2.0.0.4003 the Secure Browsing Page is also correct. The EXE file version of 9.0.8112.16450 is correct. The problem occurs on my main PC when running PSI version 2.0.0.3003 where I get the following result. https://akkkug.bay.livefilestore.com/y1p0KX28iWLN_... With the 64 Bit browser a different EXE file shows as can be seen here: https://akkkug.bay.livefilestore.com/y1paylBb_f-yu... The Secure Browsing Page shows correctly as follows: https://akkkug.bay.livefilestore.com/y1p1kPktFOF1A... Because Secunia may well be adjusting their database & the situation could change the scan results were based on this scan. https://akkkug.bay.livefilestore.com/y1pxgU1hpMaqN... What I cannot reconcile is PSI showing any so called zombie files. Can you try a full PSI rescan & confirm you end up with a listing like mine - If you cannot show me where you can see the word zombie can U explain where I can look to find it? -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| mogs | RE: IE9 Zombies...... | ||||||||
|
|
22nd Sep, 2012 12:30 | ||||||||
| Score: 2163 Posts: 5,883 User Since: 22nd Apr 2009 System Score: 100% Location: UK |
@Maurice Have just completed a full scan using psi 2.0.0.3003......the situation has changed somewhat. Clicking on the + sign on the Scan Results page and then double tapping brings up the entries where under the Classification heading the term Zombie Installation now only appears alongside 5 of the entries. C:\ProgramFiles\InternetExplorer\iexploe.exe together with 4 previously rated Zombies are now showing as Actual Installations..................leaving still 5 entries as Zombie. Secure Browsing tab .........IE showing as Unpatched no vendor solution.....SA41729 -- |
||||||||
|
|||||||||
| Maurice Joyce | RE: IE9 Zombies...... | ||||||||
|
|
22nd Sep, 2012 12:49 | ||||||||
| Score: 10510 Posts: 8,072 User Since: 4th Jan 2009 System Score: 100% Location: UK |
Thank you. That somewhat proves my point in that there is an inconsistency in the way Secunia are displaying the update. I will keep PSI installed on this PC over the weekend. If things do not change I will ask Secunia Support to explain these oddities which looks like a database adjustment by them is required. If you want my advice do nothing except run a PSI scan on Monday/Tuesday & things should look clearer. Qualy's appears to have it correct as can be seen here: https://akkkug.bay.livefilestore.com/y1pmkmXIfNwGa... I am going to unsubscribe after your reply to protect my mail box - you have raised a good point so stand by for comments! -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| mogs | RE: IE9 Zombies...... | ||||||||
|
|
22nd Sep, 2012 13:02 | ||||||||
| Score: 2163 Posts: 5,883 User Since: 22nd Apr 2009 System Score: 100% Location: UK |
Thanks Maurice ! will do as you suggest.......scan again on Monday. IE is showing "passed" in the Qualys Browser scan. I still use it often as versions change.........regards.......... -- |
||||||||
|
|||||||||
| Maurice Joyce | RE: IE9 Zombies...... | ||||||||
|
|
24th Sep, 2012 11:05 | ||||||||
| Score: 10510 Posts: 8,072 User Since: 4th Jan 2009 System Score: 100% Location: UK |
@Mogs I have unlocked this thread to report that the issue has been fixed. Both IE 9 32 & 64 Bit now show correctly on all my PC's. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
