Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Microsoft XML Core service (msxml)4.x - insecure ?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
OSI

This thread has been marked as locked.
brian dennis Microsoft XML Core service (msxml)4.x - insecure ?
Member 19th Aug, 2009 11:19
Ranking: 0
Posts: 12
User Since: 19th Dec, 2007
System Score: N/A
Location: N/A
The above application is shown as insecure however Microsoft do not show a fix for this either in Express or Custom.

Maurice Joyce RE: Microsoft XML Core service (msxml)4.x - insecure ?
Handling Contributor 19th Aug, 2009 12:49
Score: 11782
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
1. MSXML 4 is a standalone version that supports legacy 3rd party installs.
2. Microsoft have released the final SP prior to it becoming obsolete on 13 April 2010.

Your problem should be resolved if you uninstall all versions of MSXML 4 SP2 - reboot - and then install MSXML 4 SP3 which is a complete replacement for SP2 & the various hot fixes.

As for any new install read the Release Notes here:
http://download.microsoft.com/download/A/2/D/A2D85...

The download link is here:
http://www.microsoft.com/downloads/details.aspx?Fa...
The download file to select is MSXML.MSI 2.3MB

Secunia picks it up as secure with version 4.30.2100.0



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
brian dennis RE: Microsoft XML Core service (msxml)4.x - insecure ?
Member 20th Aug, 2009 23:34
Score: 0
Posts: 12
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Thanks for your help - no problem updating to MSXML 4.0 SP3. I have also loaded MSXML 6.0 as recommended by MS. Unfortunatly this did not remove the insecure alert which I can now see is an erroneous indication arising from residual system files. I can see MSXML4.DLL in C:/STDTA/SAVXP/SYSTEM which is causing the alert. Not sure if I can delete the folder as I am well outside of my zone of competence.

Thanks Again BrianD
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core service (msxml)4.x - insecure ?
Handling Contributor 20th Aug, 2009 23:47
Score: 11782
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Have U got or had Sophos Anti Virus or Internet Security installed?


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
brian dennis RE: Microsoft XML Core service (msxml)4.x - insecure ?
Member 21st Aug, 2009 00:11
Score: 0
Posts: 12
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Yes !! I have recently used sophos AV since the last clean Secunia run and prior to this current error indication

BrianD
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core service (msxml)4.x - insecure ?
Handling Contributor 21st Aug, 2009 00:25
Score: 11782
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
I take it U have uninstalled Sophos & are using something else?

The file SAVXP = Sophos Anti Virus for XP.

Navigate back to where U found the offending file - RIGHT click on it & select RENAME then rename it MSXML4.DLL_OLD

Rescan & it should be OK

Would appreciate knowing the outcome of the rescan.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
brian dennis RE: Microsoft XML Core service (msxml)4.x - insecure ?
Member 21st Aug, 2009 11:09
Score: 0
Posts: 12
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Thanks again, thats sorted. Well almost, at least I understand the problem now. Had I looked into secunia patched SW I would have seen both MSXML4&6 and realised that the unpatched version of 4.0 was duplicated. At one stage I removed both and still had the unpatched version. I did not realised the significance of SAVXP until you pointed it out. I had wondered why 4.0 SP2 had arrived in my machine on the 10/8/09. I have now restored the ID's of MXSML4 in both SAVXP and SXS and will now set about attempting to remove 50mb of a Sophos beta version which I downloaded and thought I had removed. Can't recall what I did but it was obviously not correct. I have checked the Sophos W/S to see if the beta program is still available to download but it's not
so I am not able to re-run the whole process. Any thoughts as to how I can remove the program suite would be appreciated.
Once again thanks for your help
Rgds Brian
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core service (msxml)4.x - insecure ?
Handling Contributor 21st Aug, 2009 11:23
Score: 11782
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Is the Beta not a separate iten in add/remove?

Is there an uninstaller if U navigate to start>all programs>sophos?

U could try this tool if Sophos uses MSI:

http://support.microsoft.com/kb/290301/

Once installed just scroll around to see if U can find it.

Looks to me like there could be more than one element - the programme - an auto updater etc.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
brian dennis RE: Microsoft XML Core service (msxml)4.x - insecure ?
Member 21st Aug, 2009 12:05
Score: 0
Posts: 12
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Hi Again
AD/Rem-Windows install clean up - all show nothing. searched thro SAVXP
to find de-installer no joy - but found Sophos Anti-virus installer pack this re-installed Sophos AV - now visible in programs and Add/Rem.
Removed program (15mb) which I now recall I did before. After restart checked SAVXP and no change, so the remove prog only deletes the active program leaving a host of aux sw including the installer pack, amazing. So that the end of the road more junk on my disk unless I can just DELETE all of the files individually?? what do you think.
Rgds Brian
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core service (msxml)4.x - insecure ?
Handling Contributor 21st Aug, 2009 12:28
Score: 11782
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Brian,
Looks like a clean install might be the answer.

First, remove as much as U can via add/remove.

Then go to start>all programs>if there are sophos entries delete them.

Next, right click on start>select explore>navigate to Program File - again remove any Sophos entries.

Then go here - start>run>type in REGEDIT & hit OK

U are now in the Registry. If U are not familiar with the registry or aware of the consequences of tinkering just follow my script & U will be perfectly safe. Tinkering "off piste" on what might look to be a solution could prove troublesome.

Look for & expand this HKEY_CURRENT_USER U will see SOFTWARE>expand it>if U see any entries for Sophos right click & delete the folder.

Now find HKEY_LOCAL_MACHINE and do exactly the same thing.

Exit Regedit (Red Cross)

Now have another look - have all the files gone from where U saw them?

If yes Reboot & reinstall your programme.



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
brian dennis RE: Microsoft XML Core service (msxml)4.x - insecure ?
Member 21st Aug, 2009 18:34
Score: 0
Posts: 12
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Thanks for the info I will give it a go. I am happy to bring this sage to a close as I have a full back -up if I hit problems I can simply go back to my last good state.

Thanks for your invaluable assistance
Rgds
brian dennis
Was this reply relevant?
+0
-0
valkrider RE: Microsoft XML Core service (msxml)4.x - insecure ?
Member 6th Sep, 2009 06:59
Score: 0
Posts: 1
User Since: 3rd Mar 2009
System Score: N/A
Location: N/A
In Vista 64 the suspect file appears not in the system32 folder, but in the SysWOW64 folder. Is this why it is being called as a bad file, in spite of the fact that the corrective download has been reinstalled multiple times? Does Secunia not recognize the existence of the unique Vista-64 Windows System folder: SysWOW64 ?
Was this reply relevant?
+0
-0
bjm__ RE: Microsoft XML Core service (msxml)4.x - insecure ?
Member 9th Sep, 2009 01:26
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: 100%
Location: US
Last edited on 9th Sep, 2009 01:27
Hi Maurice,
Maurice wrote
__________________________________________________ __________

RE: Microsoft XML Core service (msxml)4.x - insecure ?

by Maurice Joyce on 19th Aug, 2009 12:49
1. MSXML 4 is a standalone version that supports legacy 3rd party installs.
2. Microsoft have released the final SP prior to it becoming obsolete on 13 April 2010.

Your problem should be resolved if you uninstall all versions of MSXML 4 SP2 - reboot - and then install MSXML 4 SP3 which is a complete replacement for SP2 & the various hot fixes.

As for any new install read the Release Notes here:
http://download.microsoft.com/download/A/2/D/A2D85... ease%20Note.htm

The download link is here:
http://www.microsoft.com/downloads/details.aspx?Fa...
The download file to select is MSXML.MSI 2.3MB

Secunia picks it up as secure with version 4.30.2100.0
__________________________________________________ _________
I have MSXML 4 SP2 ver 4.20.9870.0 11/12/08
If SP2 in Insecure and I need SP3 why is PSI not reporting this to me.
I have only one Insecure (the ever present IE8)
__________________________________________________ ____
One day last week I got a slew of Visual C++ and MSXML 6 and 4 Insecure. The next day all Secure. MSXML 6 is for XP and I run Vista.
If PSI reports my MSXML 4 SP2 Secure should I just wait till PSI reports it's End of Life / obsolete or ?

Regards
bjm-
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core service (msxml)4.x - insecure ?
Handling Contributor 9th Sep, 2009 10:21
Score: 11782
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
@bjm
Good Morning.

I have noted your detailed questions to Secunia on other threads. It is a shame they have not responded because you do address some interesting points not least MSXML 4.

At one stage PSI was reporting SP2 as insecure. U are now saying they are reporting it as secure. I wonder why? This tinkering by PSI does require an explanation from them.

If a purist I would update to MSXML SP3 - many have done it successfully. Equally, if U trust the latest scan missive from secunia leave well alone. (I would only use this option after a clear statement from Secunia Support on why they have apparently changed their scan rules)

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
bjm__ RE: Microsoft XML Core service (msxml)4.x - insecure ?
Member 9th Sep, 2009 19:39
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: 100%
Location: US
Last edited on 9th Sep, 2009 20:09
Good day Maurice Joyce,
Thank you for your comments...
to briefly explain my confusion just for general info...as I agree fully with you ~ Secunia should explain.
currently
PSI reports MSXML 4.X ver 4.20.9870.0 and 6.X ver 6.20.5000.0 Secure.
My Control Panel Programs only lists MSXML 4.0 SP2 KB 954430 11/12/08.
I run Vista OS
4.X Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP
6.X Supported Operating Systems: Windows 2000 Service Pack 4; Windows Server 2003; Windows Server 2003 Service Pack 1; Windows XP Service Pack 1; Windows XP Service Pack 2

How do I even have 4.X and/or 6.X as I run Vista and Vista is not supported OS as per Microsoft site for 4.X and 6.X

I do find MSXML SP3 is Vista supported.
Supported Operating Systems: Windows 2000 Service Pack 4; Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2; Windows Server 2008; Windows Vista; Windows Vista Service Pack 1; Windows XP Service Pack 2; Windows XP Service Pack 3

So, I understand your comments...others have updated [..]and my System my option [..]
____________________________________
Also, just for general info...
My Control Panel Programs lists Microsoft Visual C++2005 Alt Update KB973923-x86 7/28/09
PSI does not report any Visual C++
_______________________________________
So, I'm left reading Forum threads about Vulnerabilities and Updates for MSXML & Visual C and PSI is not helping except for one day last week when the wheels must have fallen off Secunia Server because PSI reported I had multiple Insecure MSXML 4.X/6.X and Visual C 2005/2008. The next day PSI reports No Insecure.
-------------------------------------------------- ---
I don't know if PSI reporting was accurate for that one day (wheels fell off) or has been accurate since.
I don't know if I should persist in trying to get response from Secunia or reinstall PSI or ?
Thanks for letting me vent...
Regards
bjm-

******************************
just in from Secunia Support (not much in the way of specific help)
******************************
Hi
The reason for this issue is that the "WinSxS" folder may contain
multiple older copies of various libraries and Microsoft components.

In order to detect the recent ATL vulnerability / patch for Microsoft
Visual C++ 2005 / 2008 Redistributable Package we created a new rule to
check for files in the "WinSxS" folder. This did, however, cause a
number of detections of old copies maintained in the same folder, these
old copies are for various reasons not removed by various Microsoft
patches.

We are currently investigating whether these old files have any security
related impact on your system, we are also working on an improvement to
the PSI scan engine.

-
Kind regards,

Emil Jeppesen
Secunia PSI Support

Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core service (msxml)4.x - insecure ?
Handling Contributor 9th Sep, 2009 21:03
Score: 11782
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Emil has explained all I need to know. They have opened a "can of worms" & rightly are being cautious before proceeding.

I am in know doubt that the SxS folder contains dross & proved it by updating VC80 & VC90 with no adverse affect.

What I am not sure about (& nor are they at this stage)is the impact if insecurities are left resident in that folder.

A shame they did not pro actively publish that information on the thread where many people had concerns created by Secunia tinkering with a new rule.

As for your MSXML 4. I can only assume that it was installed by a programme requiring that version. I have it to which is required by a programme I frequently use.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
Anthony Wells RE: Microsoft XML Core service (msxml)4.x - insecure ?
Expert Contributor 9th Sep, 2009 21:14
Score: 2445
Posts: 3,336
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 9th Sep, 2009 21:18

Hello bjm ,

I was tempted to add to your questions re SxS (which I more or less understand the function) and the C++ 24 hour turn around . I even went so far as to delete the PSI reported files (5) , then decided to uninstall all C++ versions 2005 & 2008 & then reinstalled them each with their SP 1 patch and then their ATL patch , which seems to have reinstalled 3 of the PSI reported files. Curios , as I had updated my original versions before the PSI alert . Of course , I have no idea which programmas on my PC were made using Visual Studio and thus require the .dll's.

So Emil Jeppesen's reply to you clears up for me the "coming & going" saga & hopefully they will answer whether their origional diagnosis was/is correct or not ; that ,for me , is the key question . Some people are saying the ATL problem wit Visual Studio is more complicated than originally described ; I hope Secunia are able to get to the "truth" for us :)

Many thanks for your persistence & keep us updated if you will .

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
bjm__ RE: Microsoft XML Core service (msxml)4.x - insecure ?
Member 9th Sep, 2009 21:44
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: 100%
Location: US
Last edited on 9th Sep, 2009 22:11
@ Maurice Joyce

maurice Joyce wrote
As for your MSXML 4. I can only assume that it was installed by a programme requiring that version. I have it to which is required by a programme I frequently use.
_________________________________________________

As you run XP. I can understand you having MSXML 4 on you system.
As I run Vista. I cannot understand having MSXML 4/6 on my system.
I imagine if I needed Vista supported MSXML I would have been so notified by the associated application.

I'm generally cautiously slow to any update I don't understand.
So, for now I have bookmarked your MSXML posts (along with most of your other informative posts) and will proceed slowly toward the unknown abyss hopeful Secunia PSI will grab me before I falter.
If I can compile enough of your informative posts..maybe I can publish it. You'll get credit and adequate remuneration. ;-)

As always chime in anytime..always nice to visit with you

Regards
bjm-

I am trying to get Secunia Support to address my issues.
Will post back when they reply back.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core service (msxml)4.x - insecure ?
Handling Contributor 9th Sep, 2009 22:05
Score: 11782
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
@bjm
Very wise to go slowly. If they are all secure there is no real issue.

U are of course correct about the various OS's having different versions of MSXML installed for initial support.

XP & Vista will support different versions of MSXML but only installs the latest version on the install disk/OEM.

The real issue is vendors of some programmes do not use the latest MSXML and to use their wares they install the MSXML required.

Somewhere on your PC is a programme requiring MSXML 4. If U uninstall it U will soon find the programme!!!!!!!!!!!!!!!!!!!!

Me thinks better left alone.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
bjm__ RE: Microsoft XML Core service (msxml)4.x - insecure ?
Member 9th Sep, 2009 22:07
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: 100%
Location: US
@ Anthony Wells,

As I only have Visual C++2005 listed with my Programs and PSI does not see it.
I'm also not use what app requires it and not sure what I will accomplish with Visual C++2008.
I want PSI to see Visual C and so advise. I just could not react to the one day seemingly unusual PSI scan event. I waited one day to confirm unusual/odd scan result was not just an anomaly. Only, to scan the next day and find all multiple Insecure MSXML's and Visual C's had magically vanished.
I'm still scratching my almost bald head. I had a full head of hair prior to last week. I luv PSI and remain loyal to Secunia.

Please chime in anytime..always nice to visit with you.

Regards
bjm-

I am trying to get Secunia Support to address my issues.
Will post back when they reply back.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer