Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Patching Microsoft XML Core Services 4 SP2 to SP3

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
CSI

This thread has been marked as locked.
layer9 Patching Microsoft XML Core Services 4 SP2 to SP3
Member 28th Jan, 2014 10:58
Ranking: 0
Posts: 4
User Since: 29th Apr, 2013
System Score: N/A
Location: DE
Hi,

according to the following blog article it is possible with to patch XML Core Services 4 SP2 to SP3:

http://secunia.com/blog/why-microsoft-xml-core-ser...

However, in SPS (CSI 7) the package is shown as "Grey" which means that we need to specify silent installation parameters.

How can we obtain silent installation parameters for a given program and how do we include them into the script? Just by running a given executable with i.e. /? to show all parameters and by including them (the ones for silent installation) into the line "var silentParams" in the script?

Is this sufficient in such a case? Most of the time we just need to patch software for which pre configured packages from Secunia are available, so we have not much experience in creating and customizing "Grey" packages.

BR
Michael

This user no longer exists RE: Patching Microsoft XML Core Services 4 SP2 to SP3
Secunia Official 29th Jan, 2014 10:04
Hi,

Your thoughts are correct. You have to download the correct MSXML installer from Microsoft's website and test it to check which parameter is used to install the package silently.

If the Microsoft installer for MSXML is an .msi / .msp package, then you could use "/?" under CMD to extract the supported silent parameters by the installer. Once you know the parameter, we suggest that you directly test the installation of the installer manually.

I would usually call the name of the file in CMD and then add the parameter as well, then execute it. If the installer installed silently, this test confirms to you that SPS package would also work. You can go ahead and configure your SPS package.

You need to do two things to make your Secunia package applicable - add your file to the package configuration at step 2 of the wizard and then modify the JScript to include the silent parameter. Use the 'Add Local File' button to attach the installer and add your silent switch to the line var silentParams = "add your parameter here";

You also asked: How can we obtain silent installation parameters for a given program and how do we include them into the script?

a) Use the help menu of the installer to fetch the list of supported parameters
b) Use the Internet to find it, the web is pretty helpful in such situations.
c) Contact the vendor's support team, as they would usually supply them to you.

Is this sufficient in such a case?

If you perform the above steps, you will be set to deploy your patches. As long as testing your installer manually worked well, that ensures that adding your file and parameter to the package would make it equally applicable to installing it manually as suggested above.

Kind regards / Stay Secure
Rosen Danailov / Security+
Secunia Customer Support
This user no longer exists RE: Patching Microsoft XML Core Services 4 SP2 to SP3
Secunia Official 29th Jan, 2014 10:10
Hi again,

I just noticed that the package offered to my account appears to lack a "Minimum Version" number at step 3 of SPS. I would recommend you to also fill this field with the number 3.0.0.0 or 4.0.0.0 depending on:

a) If you add 3.0.0.0, your package would be sent to systems that have MSXML installations within version range of 3.0.0.0 - 4.x (the version of the patch you create).

b) If you add 4.0.0.0 you limit the package to only install on machines that have MSXML installations within the version range of 4.0.0.0 - 4.x (the version of the patch you create).

Please note that this field is critical to deploy your patch to the correct recipients. You shall make an assessment which versions you want to patch - do you want to also patch version 3 of MSXML, or you only want to go for version 4.x in the domain?

Kind regards / Stay Secure
Rosen Danailov / Security+
Secunia Customer Support
This user no longer exists RE: Patching Microsoft XML Core Services 4 SP2 to SP3
Secunia Official 29th Jan, 2014 10:33
Hi,

You may also want to review the below article which was just updated by me:
http://secunia.com/community/forum/thread/show/147...

This article explains a secondary method to configure a Custom Package from scratch.

Kind regards / Stay Secure
Rosen Danailov / Security+
Secunia Customer Support

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability