Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Microsoft XML Core Services Issue

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft XML Core Services (MSXML) 4.x

This thread has been marked as locked.
rusty.07 Microsoft XML Core Services Issue
Member 27th Apr, 2014 23:49
Ranking: 0
Posts: 8
User Since: 18th Apr, 2014
System Score: N/A
Location: US
Last edited on 27th Apr, 2014 23:50

Hi all,

I setup a new Dell Windows 7 64-bit computer last week for my brother, and when I left it, Secunia PSI gave it a clean bill of health. Now, Secunia PSI is telling us that XML Core Services is vulnerable...

***The version detected of Microsoft XML Core Services (MSXML) 4.x was 4.20.9876.0 while the latest version including one or more security fixes is 4.30.2100.0.***

Windows Update says all is well, and so does Belarc Advisor.

Is this an error on Secunia's part ?

Thanks.

Maurice Joyce RE: Microsoft XML Core Services Issue
Handling Contributor 28th Apr, 2014 02:09
Score: 11744
Posts: 9,000
User Since: 4th Jan 2009
System Score: N/A
Location: UK
MSXML ISSUES

This will fix it for you.

The release note for MSXML 4 are here:
http://download.microsoft.com/download/A/2/D/A2D85...

Please note this SP was released before Windows 7 & 8 was produced therefore there is no mention of compatibility or support once installed - it works flawlessly with Windows 7 on both 32 & 64 Bit systems.


If PSI gives a version number starting 4.2 or 4.1 that indicates that the very old MSXML 4 SP2 or even older SP1 is installed which must be MANUALLY upgraded to MSXML 4 SP3 as follows:

Click this link: (please note that the system requirements for this download do state that Windows 7 is supported unlike the release notes)

http://www.microsoft.com/en-us/download/details.as...

Once open activate the clearly marked download link called MSXML.MSI - 2.3 MB.

Once installed run & rerun Windows Update - there are some additional patches for MSXML 4 SP3.

On completion PSI will show MSXML 4 as secure with version 4.30.2117.0. like this:

https://1ncuig.bn1.livefilestore.com/y2pxjlzfYAdRa...


Revised 01:06 28/04/2014

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
rusty.07 RE: Microsoft XML Core Services Issue
Member 28th Apr, 2014 05:22
Score: 0
Posts: 8
User Since: 18th Apr 2014
System Score: N/A
Location: US
Why is this issue not resolved by Windows Update?
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services Issue
Handling Contributor 28th Apr, 2014 10:29
Score: 11744
Posts: 9,000
User Since: 4th Jan 2009
System Score: N/A
Location: UK
That is really a question for Microsoft. This may help - https://secunia.com/blog/why-microsoft-xml-core-se...

In a nutshell MSXML4 is NOT native to Windows 7 - you are running an old programme not designed for a modern OS that requires MSXML4.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
rusty.07 RE: Microsoft XML Core Services Issue
Member 28th Apr, 2014 22:19
Score: 0
Posts: 8
User Since: 18th Apr 2014
System Score: N/A
Location: US
Last edited on 28th Apr, 2014 22:25
I had this issue for months after reinstalling XP Home, but I ignored it since Belarc Advisor and Windows Update said all was well.

Since I started this thread, I installed the solution provided by Secunia (in the XP computer), went to Windows Update, and was alerted to: Security Update for Microsoft XML Core Services 4.0 Service Pack 3 (KB2758694).

After installing the above update, Secunia gave XP a passing grade on the XML Core Services issue.

Getting back to the Windows 7 issue, what I don't understand is why my brother's *new* Windows 7 (Home Premium 64-bit) machine is having an XML Core Services issue - when my slightly older Windows 7 machine (same version and bit count) does not. I don't recall installing any old software on his machine, but I will check and see if he has.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services Issue
Handling Contributor 28th Apr, 2014 22:32
Score: 11744
Posts: 9,000
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Is MSXML 4 showing on the scan results for both the Windows 7 PC's?

MSXML 4 is NOT native to Windows 7 therefore should only show if an old programme not designed for Windows 7 installed it.

My Windows 7/Windows8/Windows 8.1 PC's have not got nor should they have MSXML 4 installed.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
rusty.07 RE: Microsoft XML Core Services Issue
Member 28th Apr, 2014 23:03
Score: 0
Posts: 8
User Since: 18th Apr 2014
System Score: N/A
Location: US
on 28th Apr, 2014 22:32, Maurice Joyce wrote:
Is MSXML 4 showing on the scan results for both the Windows 7 PC's?


I'll have to do a remote connection with my brother's Windows 7 machine, but *my* Windows 7 PC does have Core Services installed, and the versions match your posted example - except that 3.x and 3.x (64-bit) have been updated.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer