|
|
Forum Thread: Microsoft XML Core Services (MSXML) 6.x ver 6.10.1129.0
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.
This thread was submitted in the following forum:
Secunia PSI - Feedback and Questions
| perlonn
| Microsoft XML Core Services (MSXML) 6.x ver 6.10.1129.0
|
|
|
by perlonn on 15th Feb, 2009 14:32
|
Posts: 4
User Since: 12th Feb, 2009
Secunia System Score: N/A
Location: N/A |
Hi
How can I remove the threat from Insecure Program Microsoft XML Core Services (MSXML) 6.x ver 6.10.1129.0?
I receive this message from the Secunia PSI v1.0.0.1:
"
Insecure Programs
...
Microsoft XML Core Services (MSXML) 6.x 6.10.1129.0
Microsoft XML Core Services (MSXML) 6.x
This installation of Microsoft XML Core Services (MSXML) 6.x is insecure and potentially exposes your system to security threats!
Secunia strongly recommends that you update this program by installing the update that is provided by the vendor of this program.
Installation Path
c: \ WAUUPGRD \ sources \ Msxml6.dll
...".
The file include the following details: MSXML 6.0 SP1 file description, file version 6.10.1129.0, product name Microsoft (R) MSXML SP1 product version
6.10.1129.0 .. etc.
But Msxml6.dll is also found in
Installation Path
c: \ WINDOWS \ system32 \ Msxml6.dll
to include the following details: MSXML 6.0 SP2 file description, file version 6.20.1099.0, product name Microsoft (R) MSXML SP2 produsktversion 6.20.1099.0
.. etc.
System Description:
------------------
Lenovo - IBM Thinkpad R61
Operating system: Windows Vista Business
What security threat is c: \ WAUUPGRD \ sources \ Msxml6.dll (MSXML 6.0 SP1 ver 6.10.1129.0) when the right MSXML 6.0 SP2 ver 6.20.1099.0 is installed in
c: \ WINDOWS \ system32 \ Msxml6.dll?
How to overcome this threat - and in the event that there is no threat: How do you avoid this security warning?
Best regards
Per
|
|
|
| jomel
| RE: Microsoft XML Core Services (MSXML) 6.x ver 6.10.1129.0
|
|
|
by jomel on 10th Mar, 2009 16:40
|
Posts: 3
User Since: 10th Mar, 2009
Secunia System Score: N/A
Location: N/A |
Please could you tell me if you have managed to solve this problem?
This vulnerability is picked up by Kaspersky and it is located in the x86/Sources folder. I have updated to the 6.10.1129.0 version but it is still being reported as vulnerable.
AFAIK this is the latest version for Vista SP1 (which this computer is).
My own Vista Business Edition has this file in the Windows System 32 folder and it is SP2 Version 6.20.1099.0. This one is not reported as vulnerable.
I have spent some time trying to sort this problem but to no avail.
Would be most grateful for any reply.
|
|
|
| perlonn
| RE: Microsoft XML Core Services (MSXML) 6.x ver 6.10.1129.0
|
|
|
by perlonn on 10th Mar, 2009 18:38
|
Posts: 4
User Since: 12th Feb, 2009
Secunia System Score: N/A
Location: N/A |
Solved the problem? Yes and no.
In settings I have chosen to create the ignore rule: "c: \ WAUUPGRD \ sources \ Msxml6.dll".
But I am very unsure about the safety hazard this rule is for my PC. I would prefer totally to avoid the file on my PC.
An updated version, which I have described above, does not create any warning that there is somewhat unsecured program on my PC.
|
|
|
| jomel
| RE: Microsoft XML Core Services (MSXML) 6.x ver 6.10.1129.0
|
|
|
by jomel on 10th Mar, 2009 18:53
|
Posts: 3
User Since: 10th Mar, 2009
Secunia System Score: N/A
Location: N/A |
Thank you for the reply. I have referred the matter to Kaspersky and they don't want to know - was advised to contact Microsoft (which I already had).
The reply from Microsoft was that as it was third-party security I should refer to Kaspersky for advice.
Have written back to MS and included quote from the Kaspersky e-mail so will wait to see if they get back.
I cannot find any later update than the one outlined above and I am not sure whether replacing the SP1 version with a copy of the SP2 version on my own computer would work. The SP2 version in my System 32 folder does not show up as vulnerable.
I was thinking of excluding it but like you I am not comfortable with it.
I will wait for reply from MS and report back if there is anything to note. |
|
|
| perlonn
| RE: Microsoft XML Core Services (MSXML) 6.x ver 6.10.1129.0
|
|
|
by perlonn on 10th Mar, 2009 19:47
|
Posts: 4
User Since: 12th Feb, 2009
Secunia System Score: N/A
Location: N/A |
I think I was reading a solution in the article "Microsoft Core XML Services (MSXML) 6.0" located on http://www.microsoft.com/downloads/details.aspx?Fa... and install the msi-version (msxml6.msi) and then create the ignore rule above. |
|
|
| jomel
| RE: Microsoft XML Core Services (MSXML) 6.x ver 6.10.1129.0
|
|
|
by jomel on 10th Mar, 2009 20:54
|
Posts: 3
User Since: 10th Mar, 2009
Secunia System Score: N/A
Location: N/A |
Thank you for the information. I had tried that download before but had another try and re-scanned - still showing up as vulnerable.
I can find no later versions than the one that you and I already have so I shall do as you suggest and exclude it as I am getting rather fed up and am going round in circles.
Everything on the computer is as secure as I can make it so I am sure that you are right in that the best way forward is to exclude it. |
|
|
| Maurice Joyce
| RE: Microsoft XML Core Services (MSXML) 6.x ver 6.10.1129.0
|
|
|
by Maurice Joyce on 10th Mar, 2009 21:41
|
Posts: 1,798
User Since: 4th Jan, 2009
Secunia System Score: 100%
Location: Salisbury, UK |
The file WAUUPGRD (Upgrade Anytime) is created by Lenovo.
I looked up details for U - they are here:
http://www-307.ibm.com/pc/support/site.wss/documen...
My reading of it suggests U may be correct in creating an ignore rule. I do not own a Lenovo so U may understand its function better than I.
--
Maurice
HP Intel Pentium 4
Windows XP Home SP3
IE8 |
|
|
| perlonn
| RE: Microsoft XML Core Services (MSXML) 6.x ver 6.10.1129.0
|
|
|
by perlonn on 11th Mar, 2009 00:20
|
Posts: 4
User Since: 12th Feb, 2009
Secunia System Score: N/A
Location: N/A |
Thanks for the link to the article "Removing Windows Anytime Upgrade from the hard drive or saving it to a DVD - 3000 Desktop, Notebook / ThinkCentre / ThinkPad"!
It looks very promising.
If the folder WAUUPGRD is transferred to a DVD, I think the problem would be solved!
|
|
|
| karaca
| RE: Microsoft XML Core Services (MSXML) 6.x ver 6.10.1129.0
|
|
|
by karaca on 26th May, 2009 13:03, last edited on 26th May, 2009 13:03
|
Posts: 3
User Since: 26th May, 2009
Secunia System Score: N/A
Location: N/A |
on 15th Feb, 2009 14:32, perlonn wrote:
Hi
How can I remove the threat from Insecure Program Microsoft XML Core Services (MSXML) 6.x ver 6.10.1129.0?
I receive this message from the Secunia PSI v1.0.0.1:
"
Insecure Programs
...
Microsoft XML Core Services (MSXML) 6.x 6.10.1129.0
Microsoft XML Core Services (MSXML) 6.x
This installation of Microsoft XML Core Services (MSXML) 6.x is insecure and potentially exposes your system to security threats!
Secunia strongly recommends that you update this program by installing the update that is provided by the vendor of this program.
Installation Path
c: \ WAUUPGRD \ sources \ Msxml6.dll
...".
The file include the following details: MSXML 6.0 SP1 file description, file version 6.10.1129.0, product name Microsoft (R) MSXML SP1 product version
6.10.1129.0 .. etc.
But Msxml6.dll is also found in
Installation Path
c: \ WINDOWS \ system32 \ Msxml6.dll
to include the following details: MSXML 6.0 SP2 file description, file version 6.20.1099.0, product name Microsoft (R) MSXML SP2 produsktversion 6.20.1099.0
.. etc.
System Description:
------------------
Lenovo - IBM Thinkpad R61
Operating system: Windows Vista Business
What security threat is c: \ WAUUPGRD \ sources \ Msxml6.dll (MSXML 6.0 SP1 ver 6.10.1129.0) when the right MSXML 6.0 SP2 ver 6.20.1099.0 is installed in
c: \ WINDOWS \ system32 \ Msxml6.dll?
How to overcome this threat - and in the event that there is no threat: How do you avoid this security warning?
Best regards
Per
|
|
|
| karaca
| RE: Microsoft XML Core Services (MSXML) 6.x ver 6.10.1129.0
|
|
|
by karaca on 26th May, 2009 13:04
|
Posts: 3
User Since: 26th May, 2009
Secunia System Score: N/A
Location: N/A |
on 15th Feb, 2009 14:32, perlonn wrote:
Hi
How can I remove the threat from Insecure Program Microsoft XML Core Services (MSXML) 6.x ver 6.10.1129.0?
I receive this message from the Secunia PSI v1.0.0.1:
"
Insecure Programs
...
Microsoft XML Core Services (MSXML) 6.x 6.10.1129.0
Microsoft XML Core Services (MSXML) 6.x
This installation of Microsoft XML Core Services (MSXML) 6.x is insecure and potentially exposes your system to security threats!
Secunia strongly recommends that you update this program by installing the update that is provided by the vendor of this program.
Installation Path
c: \ WAUUPGRD \ sources \ Msxml6.dll
...".
The file include the following details: MSXML 6.0 SP1 file description, file version 6.10.1129.0, product name Microsoft (R) MSXML SP1 product version
6.10.1129.0 .. etc.
But Msxml6.dll is also found in
Installation Path
c: \ WINDOWS \ system32 \ Msxml6.dll
to include the following details: MSXML 6.0 SP2 file description, file version 6.20.1099.0, product name Microsoft (R) MSXML SP2 produsktversion 6.20.1099.0
.. etc.
System Description:
------------------
Lenovo - IBM Thinkpad R61
Operating system: Windows Vista Business
What security threat is c: \ WAUUPGRD \ sources \ Msxml6.dll (MSXML 6.0 SP1 ver 6.10.1129.0) when the right MSXML 6.0 SP2 ver 6.20.1099.0 is installed in
c: \ WINDOWS \ system32 \ Msxml6.dll?
How to overcome this threat - and in the event that there is no threat: How do you avoid this security warning?
Best regards
Per
|
|
|
| karaca
| RE: Microsoft XML Core Services (MSXML) 6.x ver 6.10.1129.0
|
|
|
by karaca on 26th May, 2009 13:04
|
Posts: 3
User Since: 26th May, 2009
Secunia System Score: N/A
Location: N/A |
dd |
|
|
| puget1
| RE: Microsoft XML Core Services (MSXML) 6.x ver 6.10.1129.0
|
|
|
by puget1 on 27th May, 2009 00:36, last edited on 27th May, 2009 00:36
|
Posts: 187
User Since: 21st Dec, 2007
Secunia System Score: 100%
Location: WA State, US |
standbyhttp://secunia.com/community/forum/thread/show/114...
http://secunia.com/community/forum/thread/show/147...
The above two forums address this problem in some detail: the final solution is that if you are running Vista it is not needed at all as it is an outdated dll from Xp.
Here is the meat::
O.k. period (BINGO) that's it. Problem solved. msxml6.0 is for XP(PERIOD) and is re-numbered in Vista under msxml4.0 SP2 (KB954430)for Vista Obtained by reading down to what others are downloading. Therefore,why I am not having any problem by having deleting it. Microsoft then via automatic updating replaced it with msxml4.0 SP2 (KB954430) I cross referenced it with forum msxml6.0
This is how to locate the file ::
To locate the exact file that the Secunia PSI has detected, please follow there guidelines using the
advanced interface:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
* Click on the entry of the programme to “expand” it.
* Click on Technical details to see the installation path of the detected file.
* Remember the installation path and close down the menu.
* Click Open Folder and locate the detected file.
Have U changed the folder option to show all hidden files?
Have U tried Windows search asking it to search hidden files? |
|
|
| thrushmk
| RE: Microsoft XML Core Services (MSXML) 6.x ver 6.10.1129.0
|
|
|
by thrushmk on 31st May, 2009 03:38
|
Posts: 1
User Since: 29th May, 2009
Secunia System Score: N/A
Location: N/A |
Hi,
Has any body found a solution to this problem? |
|
|
| puget1
| RE: Microsoft XML Core Services (MSXML) 6.x ver 6.10.1129.0
|
|
|
by puget1 on 31st May, 2009 18:22, last edited on 31st May, 2009 18:22
|
Posts: 187
User Since: 21st Dec, 2007
Secunia System Score: 100%
Location: WA State, US |
@thrushmk on 31st May, 2009 03:38
I don't know what you are asking? I thought the explanation was clear. It depends on the system you are operating. If it is a third party install- you either have to 1.update the third party install 2.wait till it is updated (create an ignore rule. 3.totally uninstall the program. If you are unsure about deleting create a system restore point first. I would go to |
|
|
| Darko95
| RE: Microsoft XML Core Services (MSXML) 6.x ver 6.10.1129.0
|
|
|
by Darko95 on 13th Jul, 2009 16:35
|
Posts: 1
User Since: 13th Jul, 2009
Secunia System Score: N/A
Location: N/A |
on 15th Feb, 2009 14:32, perlonn wrote:
Hi
How can I remove the threat from Insecure Program Microsoft XML Core Services (MSXML) 6.x ver 6.10.1129.0?
I receive this message from the Secunia PSI v1.0.0.1:
"
Insecure Programs
...
Microsoft XML Core Services (MSXML) 6.x 6.10.1129.0
Microsoft XML Core Services (MSXML) 6.x
This installation of Microsoft XML Core Services (MSXML) 6.x is insecure and potentially exposes your system to security threats!
Secunia strongly recommends that you update this program by installing the update that is provided by the vendor of this program.
Installation Path
c: \ WAUUPGRD \ sources \ Msxml6.dll
...".
The file include the following details: MSXML 6.0 SP1 file description, file version 6.10.1129.0, product name Microsoft (R) MSXML SP1 product version
6.10.1129.0 .. etc.
But Msxml6.dll is also found in
Installation Path
c: \ WINDOWS \ system32 \ Msxml6.dll
to include the following details: MSXML 6.0 SP2 file description, file version 6.20.1099.0, product name Microsoft (R) MSXML SP2 produsktversion 6.20.1099.0
.. etc.
System Description:
------------------
Lenovo - IBM Thinkpad R61
Operating system: Windows Vista Business
What security threat is c: \ WAUUPGRD \ sources \ Msxml6.dll (MSXML 6.0 SP1 ver 6.10.1129.0) when the right MSXML 6.0 SP2 ver 6.20.1099.0 is installed in
c: \ WINDOWS \ system32 \ Msxml6.dll?
How to overcome this threat - and in the event that there is no threat: How do you avoid this security warning?
Best regards
Per
|
|
|
| manish1234
| RE: Microsoft XML Core Services (MSXML) 6.x ver 6.10.1129.0
|
|
|
by manish1234 on 22nd Nov, 2009 14:49
|
Posts: 1
User Since: 22nd Nov, 2009
Secunia System Score: N/A
Location: N/A |
great man |
|
|
|
