Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Scan says 8.0.6001.18702 is insecure

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft Internet Explorer 8.x

This thread has been marked as locked.
bhenshaw Scan says 8.0.6001.18702 is insecure
Member 29th Jul, 2009 01:34
Ranking: 18
Posts: 67
User Since: 29th Apr, 2009
System Score: 93%
Location: US
When I click on download it takes me to Microsoft's update sight which says I don't need any updates (my system is up to date).

Why is Secunia saying it is insecure? Is there supposed to be a fix somewhere?

Thanks!

Bill

wr RE: Scan says 8.0.6001.18702 is insecure
Contributor 29th Jul, 2009 06:02
Score: 308
Posts: 736
User Since: 30th Mar 2008
System Score: 100%
Location: US
http://secunia.com/advisories/24314/ No patch available from M$

--
HP Pavilion Slimline s3020n
Windows Vista Home Premium SP2 32 bit
AMD 64 Athlon X2
Firefox 24.4.0 ESR
The weakest link of a computer system is always sitting in front of the monitor.
Was this reply relevant?
+0
-0
davech RE: Scan says 8.0.6001.18702 is insecure
Member 29th Jul, 2009 18:06
Score: 0
Posts: 6
User Since: 29th Jul 2009
System Score: N/A
Location: N/A
It seems to me that on the first day Microsoft release updates then my Secunia scan says software is insecure (IE8 in the last example on 28 July). If I go to the Microsoft Update site it says that no updates are available and Windows is up to date.

I really think what is happening is that Microsoft has begun downloading the updates in the background (I have automatic updates selected), so when I look at their site it says no updates are available (else you would start downloading again).

It seems that the downloading of the updates can be very slow, and usually later in the evening, or the next morning, I see that the updates are on my computer and ready to be installed.

This is just my guess - I tried sending email to Microsoft to confirm this, but no success, and tried phoning them, but they wanted to charge me money to speak to me!
Was this reply relevant?
+0
-0
bjm__ RE: Scan says 8.0.6001.18702 is insecure
Member 29th Jul, 2009 18:37
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: 100%
Location: US
Bill

see this thread
http://secunia.com/community/forum/thread/show/229...

Regards
bjm-
Was this reply relevant?
+0
-0
Agapanthus RE: Scan says 8.0.6001.18702 is insecure
Member 2nd Aug, 2009 15:37
Score: 0
Posts: 11
User Since: 11th Jun 2009
System Score: N/A
Location: N/A
I had this problem too. It is the third time in as many months that PSI notes an "old" version while the Microsoft Update site says everything is okay. In previous cases it has been necessary to extract files, but this time the following worked for me:

1. Download "Cumulative Security Update for Internet Explorer 8 for Windows XP (KB972260)"
from
http://www.microsoft.com/downloads/details.aspx?di...

2. Run the EXE file.

3. PSI now reports that IE8 is okay. However the Adobe Flash Player needed updating (having been all right before the patch).
Was this reply relevant?
+0
-0
bjm__ RE: Scan says 8.0.6001.18702 is insecure
Member 2nd Aug, 2009 18:06
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: 100%
Location: US
Good day Apaganthus,

Your post has me confused. Maybe you can help. I received KB972260 with my Windows Updates. It installed OK and PSI reports my IE8 version 8.0.6001.18813 as being patched under Patched Programs and Insecure under Secure Browsing. I understand the concept that if Secunia is reporting correctly... I have all available Updates for IE8 but, a Security Vulnerability still exists even with IE8 fully patched.
Prior to reading your post I just accepted PSI was correct. I'm confused because KB972260 (your link) is for Windows XP. I run Vista and yet I still received KB972260. My Update History shows KB972260 with update for IE8 for Windows Vista.
Are you running XP or Vista and did you have to re-install KB972260 (over Windows Update install of KB972260) to satisfy PSI that IE8 is Secure under Secure Browsing.
Did your version change to 8.0.6001.18813 or is it still 8.0.6001.18702.
Thanks for your time and interest in my query.
Please post back ~ all comments appreciated
Regards
bjm-
Was this reply relevant?
+0
-0
Agapanthus RE: Scan says 8.0.6001.18702 is insecure
Member 4th Aug, 2009 09:01
Score: 0
Posts: 11
User Since: 11th Jun 2009
System Score: N/A
Location: N/A
on 2nd Aug, 2009 18:06, bjm__ wrote:

I received KB972260 with my Windows Updates. It installed OK and PSI reports my IE8 version 8.0.6001.18813 as being patched under Patched Programs and Insecure under Secure Browsing. I understand the concept that if Secunia is reporting correctly... I have all available Updates for IE8 but, a Security Vulnerability still exists even with IE8 fully patched.


There are two issues here. If PSI lists IE8 as insecure under Secure Browsing but says there is no solution (MS has not released a patch for the problem), then you have done all that you can.

In my case, IE8 was listed as unpatched even though Windows Update said no futher patches needed to be applied. It was therefore a matter of patching the Explorer manually.


on 2nd Aug, 2009 18:06, bjm__ wrote:

I'm confused because KB972260 (your link) is for Windows XP. I run Vista and yet I still received KB972260. My Update History shows KB972260 with update for IE8 for Windows Vista.
Are you running XP or Vista and did you have to re-install KB972260 (over Windows Update install of KB972260) to satisfy PSI that IE8 is Secure under Secure Browsing.
Did your version change to 8.0.6001.18813 or is it still 8.0.6001.18702.


This issue did not occur on my Vista laptop. It did occur on both XP desktop computers: Microsoft Update said all necessary patches had been applied, PSI said IE8 needed patching. After patching manually (as described in my previous post), IE8 is listed as patched, but the version is still 8.0.6001.18702.

On both XP systems, the Adobe Flash Player is reported as being insecure after patching. I have no idea why that is!
Was this reply relevant?
+0
-0
fdunn4 RE: Scan says 8.0.6001.18702 is insecure
Member 9th Aug, 2009 05:56
Score: 0
Posts: 4
User Since: 26th Apr 2008
System Score: N/A
Location: N/A
Agapanthus on 4th Aug, 2009 09:01 Wrote:
"On both XP systems, the Adobe Flash Player is reported as being insecure after patching. I have no idea why that is!"


I thought it kind of Ironic but when you perform an Adobe Flash ActiveX control update even after rescanning with PSI it shows Flash to still be insecure because the the PSI is using the Flash Object.

The issue is that the Secunia PSI uses the Adobe Flash ActiveX and when you install the new version you will find that the old Flash10b.ocx is still in the c:\windows\system32\macromed\flash folder along with the new version (Flash10c.ocx).

To rid yourself of the issue completely close the Secunia PSI (even from the System Tray) and simply delete the old Flash10b.ocx file. Then do a rescan and you will find it is secure, but for some strange reason even after the PSI tells you it is secure and you "OK" the message the PSI starts resanning the same folder again and it takes forever so I normally Start "Task Manager" and kill off the PSI.exe process and start it again.

Since Secunia PSI utilizes the Flash ActiveX and causes this problem you would think they would document it in the details area of the update but the last time I checked they don't.
Was this reply relevant?
+0
-0
bjm__ RE: Scan says 8.0.6001.18702 is insecure
Member 9th Aug, 2009 16:30
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: 100%
Location: US
Hi Agapanthus

Not confused anymore. Thanks.
I confirmed via microsoft forum what you already know because your running XP and Vista. KB # is the same for both OS but version # is different. Have you resolved your Flash Player issue?

Regards
bjm-
Was this reply relevant?
+0
-0
bhenshaw RE: Scan says 8.0.6001.18702 is insecure
Member 12th Aug, 2009 03:23
Score: 18
Posts: 67
User Since: 29th Apr 2009
System Score: 93%
Location: US
Last edited on 12th Aug, 2009 03:26
Hi all, thanks for all the feedback.

I am having this same kind of thing happen again.

I guess what is confusing me is that I go to the Insecure tab and find some items. I then click on the "download solution" icon and it takes me to the Windows update site which says there are no updates available.

So, If I understand correctly, this just means that the program is insecure, but there is no patch yet. Is that correct?

When I look at the Secure Browsing tab the same two items show up there.

The first is for Microsoft Windows Media Player 11.x with SAID SA36187. The status on this is "Insecure".

The second is for Microsoft Internet Explorer 8.x with SAID SA24314. For this one the status is "Insecure, no solution".

What is the difference between "Insecure" and "Insecure, no solution"?

Thanks again...

Bill
Was this reply relevant?
+0
-0
bhenshaw RE: Scan says 8.0.6001.18702 is insecure
Member 12th Aug, 2009 05:27
Score: 18
Posts: 67
User Since: 29th Apr 2009
System Score: 93%
Location: US
Well... maybe it is just a timing issue. I tried again just now by clicking "download solution" and Windows Update did find some updates. I downloaded and installed these and the problem in Windows Media Player was fixed. I rescanned in Secunia and the insecure flagging went away. Looks like somehow Secunia knew there was a fix before Windows Update made it available to me.

Bill
Was this reply relevant?
+0
-0
thedillpickl RE: Scan says 8.0.6001.18702 is insecure
Contributor 15th Aug, 2009 21:11
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Last edited on 15th Aug, 2009 21:18
Hi Bill;

Don't feel bad, you are not the only one. MS has kept people confused for years!

Your MS Update only check for updates every once in awhile. PSI checks for updates a lot. That's why it reports a change just a few seconds after you install a patch.

Patched & Secure = Good to go.
Patched & Insecure = You've probably done all you can.
Unpatched = Install the update.
Unsupported (EOL) = Find a replacement for the software.

regards;
Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+0
-0
davech RE: Scan says 8.0.6001.18702 is insecure
Member 16th Aug, 2009 00:04
Score: 0
Posts: 6
User Since: 29th Jul 2009
System Score: N/A
Location: N/A
It seems that Windows Vista only checks once a day for updates when set for automatic updates. After that, if you click "tools/windows update" it will tell you that your computer is up to date, BUT it does not really connect and check. It will only check again for updates the following day.
You can prove this by turning automatic updates off and then back on again. Windows then takes about 40 seconds to check for updates.
(when it's not really connecting to Microsoft and checking you get an instant answer saying "up to date" !! )
Was this reply relevant?
+0
-0
bhenshaw RE: Scan says 8.0.6001.18702 is insecure
Member 18th Aug, 2009 03:15
Score: 18
Posts: 67
User Since: 29th Apr 2009
System Score: 93%
Location: US
thedillpickl and davech,

Thanks for your replies. It is confusing, but at least now I'm back to 100%.

Thanks!

Bill
Was this reply relevant?
+0
-0
harti1 RE: Scan says 8.0.6001.18702 is insecure
Member 9th Nov, 2009 14:15
Score: 0
Posts: 2
User Since: 21st Oct 2009
System Score: N/A
Location: N/A
on 29th Jul, 2009 01:34, bhenshaw wrote:
When I click on download it takes me to Microsoft's update sight which says I don't need any updates (my system is up to date).

Why is Secunia saying it is insecure? Is there supposed to be a fix somewhere?

Thanks!

Bill

Was this reply relevant?
+0
-0
harti1 RE: Scan says 8.0.6001.18702 is insecure
Member 9th Nov, 2009 14:16
Score: 0
Posts: 2
User Since: 21st Oct 2009
System Score: N/A
Location: N/A
on 29th Jul, 2009 01:34, bhenshaw wrote:
When I click on download it takes me to Microsoft's update sight which says I don't need any updates (my system is up to date).

Why is Secunia saying it is insecure? Is there supposed to be a fix somewhere?

Thanks!

Bill

Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability