Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Microsoft XML Core Services (MSXML) 6.x

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
SilverCat Microsoft XML Core Services (MSXML) 6.x
Member 14th Nov, 2009 18:48
Ranking: 0
Posts: 21
User Since: 19th Feb, 2009
System Score: N/A
Location: N/A
Last edited on 14th Nov, 2009 18:54

The subject program is installed on my home computer, operating with Vista Home Premium.

Secunia scans tell me that this program is vulnerable and is a security category 4 threat, and directs me to Microsoft Updates for a solution.

However, the Microsoft Updates website informs me there are no updates available that have not been installed on my computer.

Based on the following description of XML Core Services, I wonder if I even need this program on my computer:

"Microsoft XML Core Services (MSXML) is a set of services that allow applications written in JScript, VBScript, and Microsoft development tools to build Windows-native XML-based applications. It supports XML 1.0, DOM, SAX, an XSLT 1.0 processor, XML schema support including XSD and XDR, as well as other XML-related technologies."

I do not develop tools, etc. However, might I have applications that need this program in order to run properly? If not, I would like to uninstall it.

By the way, when I look for Microsoft XML Core Services in the uninstall area of the Control Panel, I do not find it.

Advice requested. Thanks.

mogs RE: Microsoft XML Core Services (MSXML) 6.x
Expert Contributor 14th Nov, 2009 19:01
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
on 14th Nov, 2009 18:48, SilverCat wrote:
The subject program is installed on my home computer, operating with Vista Home Premium.

Secunia scans tell me that this program is vulnerable and is a security category 4 threat, and directs me to Microsoft Updates for a solution.

However, the Microsoft Updates website informs me there are no updates available that have not been installed on my computer.

Based on the following description of XML Core Services, I wonder if I even need this program on my computer:

"Microsoft XML Core Services (MSXML) is a set of services that allow applications written in JScript, VBScript, and Microsoft development tools to build Windows-native XML-based applications. It supports XML 1.0, DOM, SAX, an XSLT 1.0 processor, XML schema support including XSD and XDR, as well as other XML-related technologies."

I do not develop tools, etc. However, might I have applications that need this program in order to run properly? If not, I would like to uninstall it.

By the way, when I look for Microsoft XML Core Services in the uninstall area of the Control Panel, I do not find it.

Advice requested. Thanks.

Have you checked the "Extra Information" found by clicking on the + sign
alongside the Secunia entry for MSXML...some explanation perhaps ?

--
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services (MSXML) 6.x
Handling Contributor 14th Nov, 2009 19:33
Score: 11786
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
1. Are we to assume the vulnerability found by secunia is on your C Drive?

2. If that is the case I would strongly advise U not to uninstall it. It is part of the Vista OS & tinkering can cause a "hair pulling out" session.

3. It should be showing in Control Panel>add/remove.

4. Have U tried updating using this link?

http://www.microsoft.com/downloads/details.aspx?fa...

5. If the path is C:\Windows\i386 or on a drive other than C that is solely used as a reinstall partition (normally D drive)or any other drive used only to backup your work U can safely create an ignore rule.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
SilverCat RE: Microsoft XML Core Services (MSXML) 6.x
Member 14th Nov, 2009 22:14
Score: 0
Posts: 21
User Since: 19th Feb 2009
System Score: N/A
Location: N/A
on 14th Nov, 2009 19:01, mogs wrote:
Have you checked the "Extra Information" found by clicking on the + sign
alongside the Secunia entry for MSXML...some explanation perhaps ?


Hi mog,

In the past of have seen + signs next to security threat lines, but can't find any this time. I believe I have seen them toward the end of the line. Should I be looking someplace else? I have scanned the line carefully, but don't see any.

SilverCat
Was this reply relevant?
+0
-0
SilverCat RE: Microsoft XML Core Services (MSXML) 6.x
Member 14th Nov, 2009 22:40
Score: 0
Posts: 21
User Since: 19th Feb 2009
System Score: N/A
Location: N/A
on 14th Nov, 2009 19:33, Maurice Joyce wrote:
1. Are we to assume the vulnerability found by secunia is on your C Drive?

2. If that is the case I would strongly advise U not to uninstall it. It is part of the Vista OS & tinkering can cause a "hair pulling out" session.

3. It should be showing in Control Panel>add/remove.

4. Have U tried updating using this link?

http://www.microsoft.com/downloads/details.aspx?fa...

5. If the path is C:\Windows\i386 or on a drive other than C that is solely used as a reinstall partition (normally D drive)or any other drive used only to backup your work U can safely create an ignore rule.



Maurice,

Using the link you supplied, I searched for KB933579 on my computer updates list and it was already updated.

I checked Local Drive C program files and Microsoft XML Core Services is not listed. It's not on i386 either. The other drives I have all ask for a disk to be inserted.

The only file on D drive is Recovery.

I performed a "start" search and didn't find C:\Windows\i386.

I sorted by Microsoft name on Control Panel add/remove and didn't find the program I'm looking for.

Any other ideas where it could be? I guess if I find it, I can remove it.

SilverCat
Was this reply relevant?
+0
-0
Anthony Wells RE: Microsoft XML Core Services (MSXML) 6.x
Expert Contributor 15th Nov, 2009 00:17
Score: 2445
Posts: 3,336
User Since: 19th Dec 2007
System Score: N/A
Location: N/A



Try this thread & in particular puget1's post of 16th April 2009


http://secunia.com/community/forum/thread/show/147...


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services (MSXML) 6.x
Handling Contributor 15th Nov, 2009 00:20
Score: 11786
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
FINDING A VULNERABILITY FILE PATH
=================================

To locate the exact file that the Secunia PSI has detected, use or switch to the ADVANCED interface, then :

1 Click on the + sign of the programme to "expand' it.
2 Click on Technical Details in the Toolbox to see the installation path of the detected file. (Copy (CTRL+C) & paste (CTRL+V) the Installation Path of the file back to the Forum if U are unsure what to do next)).



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
SilverCat RE: Microsoft XML Core Services (MSXML) 6.x
Member 15th Nov, 2009 06:45
Score: 0
Posts: 21
User Since: 19th Feb 2009
System Score: N/A
Location: N/A
Last edited on 15th Nov, 2009 08:26
on 15th Nov, 2009 00:20, Maurice Joyce wrote:
FINDING A VULNERABILITY FILE PATH
=================================

To locate the exact file that the Secunia PSI has detected, use or switch to the ADVANCED interface, then :

1 Click on the + sign of the programme to "expand' it.
2 Click on Technical Details in the Toolbox to see the installation path of the detected file. (Copy (CTRL+C) & paste (CTRL+V) the Installation Path of the file back to the Forum if U are unsure what to do next)).



Hi Maurice,

Turns out the path is on the D drive: d:\windows\system32\msxml6.dll

Microsoft has no important or recommended updates for my computer at the present time.

I called up the files in the Recovery folder by searching d:\windows\system32\ and found 2 files: msxml6.dll and msxml6r.dll. Both are described as application extensions. There are also two files of an earlier version msxml3.dll and msxml3r.dll that Secunia has not listed as a threat.

Where do we go from here with the msxml6.dll problem? Is this where the "ignore rule" comes in or can I uninstall? If I uninstall, would it be wise to also uninstall the two msxml3 files?

SilverCat
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services (MSXML) 6.x
Handling Contributor 15th Nov, 2009 11:39
Score: 11786
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Leave it alone where it is. As suspected it is on your D drive OEM Windows partition.

Create an ignore rule for the partition. Your PC will remain perfectly safe.

CREATING A GLOBAL IGNORE RULE
=============================

1.Click on the SETTINGS tab>scroll to the bottom & click on CREATE IGNORE RULE

2.In the RULE NAME BOX insert something like MY BACKUP DRIVE

3.In the RULE BOX type D:\

4.Click SAVE IGNORE RULE>CLOSE

The drive will continue to be scanned by default but the result will not be published.



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
thedillpickl Scripted instructions
Contributor 16th Nov, 2009 02:48
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Hi Maurice;

This has nothing to do with this post.

I was wondering if it would be possible to have a copy of all these instructions from your responses. One would assume you have created a data base so as not to retype instructions for the same problem. If you're aggreable I will subscribe to this thread and await your reply.


best regards;
Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+0
-0
SilverCat RE: Microsoft XML Core Services (MSXML) 6.x
Member 16th Nov, 2009 05:19
Score: 0
Posts: 21
User Since: 19th Feb 2009
System Score: N/A
Location: N/A
Last edited on 16th Nov, 2009 05:35
on 15th Nov, 2009 11:39, Maurice Joyce wrote:
Leave it alone where it is. As suspected it is on your D drive OEM Windows partition.

Create an ignore rule for the partition. Your PC will remain perfectly safe.

CREATING A GLOBAL IGNORE RULE
=============================

1.Click on the SETTINGS tab>scroll to the bottom & click on CREATE IGNORE RULE

2.In the RULE NAME BOX insert something like MY BACKUP DRIVE

3.In the RULE BOX type D:\

4.Click SAVE IGNORE RULE>CLOSE

The drive will continue to be scanned by default but the result will not be published.



Hi Maurice,

THANK YOU VERY MUCH.

I followed your instructions and successfully created an ignore rule for the D drive and increased my score to 94%. Besides MSXML 6.x, it also took care of some other insecure programs on D drive.

Scan shows I have an End-of-Life Macromedia Flash Player 7.x, C:\Windows\System32\Macromed\Flash\Flash.ocx, Category 3 program. Downloading the recommended .exe file had no effect on security. I don't think I need the Macromedia Flash Player because on C drive "Programs and Features." I have Adobe Flash Player 10 ActiveX and 10 Plugin, both installed 2009. The Macromedia Flash Player contributes to insecurity on my IE8, although I use Safari 99% of the time.

Uninstalling the Micromedia Flash Player might improve my score. Does the add/remove feature on Secunia uninstall programs, and is it okay to remove programs from C drive System32? Or is it better to use the ignore rule feature?

SilverCat


Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services (MSXML) 6.x
Handling Contributor 16th Nov, 2009 09:46
Score: 11786
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
UPDATING ADOBE FLASH
====================

Adobe have not mastered the art of completely removing all their files during an uninstall nor have they widely publicised the fact that they do not support removal using Control Panel>Add/Remove.

To successfully remove a vulnerability from Adobe Flash you should:

1. Download & use the Flash Uninstaller from here:

#####Before actually running the uninstaller it is a good idea to close all browsers,PSI and any other programme U think may be using Flash #####

http://kb2.adobe.com/cps/141/tn_14157.html

2. Reboot to clear out any left over ocx files.

3. Rescan using PSI - if there are any insecure Flash elements left what is the path to them? U should not proceed to stage 4 until all U clear any problems found.(The PSI overview page may look a little odd because it uses Flash for the pictorials)

Note: At this stage,if PSI finds any elements of Flash in the C:\i386 folder or on any drive other than C that is an OEM reinstallation partition (normally D drive) or a drive U use solely to backup your work U can safely create an ignore rule.


4. Reinstall the latest Internet Explorer Flash Player from here:

http://www.filehippo.com/download_flashplayer_ie/

4A.If U are also using Firefox, Opera and other Gecko-based browsers U need this link as well:

http://www.filehippo.com/download_flashplayer_fire...

5. Go to add/remove & double check Adobe have not installed the useless Adobe Download Manager - if U see an entry remove it.

08:44 16/11/2009




--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services (MSXML) 6.x
Handling Contributor 16th Nov, 2009 10:15
Score: 11786
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Fred,
Nice to hear U think my posts are of some value.

You are correct. I have a whole series of possible solutions (some I have not used on this Forum) to problems stored on a programme called NotePad Professional. I tweak them according to the problem I see.

There are 3 possibilities.

1. U can copy (CTRL+C) & paste (CTRL+V)them from the Forum to Notepad or Word.

2. Do U have a Windows Live ID? If so I can post them to my SkyDrive.

3. I can create a throwaway email address & U can contact me then I can send them privately to U.

Options 2 & 3 are the best in that I constantly update the base documents & can keep U updated.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
SilverCat RE: Microsoft XML Core Services (MSXML) 6.x
Member 17th Nov, 2009 08:04
Score: 0
Posts: 21
User Since: 19th Feb 2009
System Score: N/A
Location: N/A
on 16th Nov, 2009 09:46, Maurice Joyce wrote:
UPDATING ADOBE FLASH
====================

Adobe have not mastered the art of completely removing all their files during an uninstall nor have they widely publicised the fact that they do not support removal using Control Panel>Add/Remove.

To successfully remove a vulnerability from Adobe Flash you should:

1. Download & use the Flash Uninstaller from here:

#####Before actually running the uninstaller it is a good idea to close all browsers,PSI and any other programme U think may be using Flash #####

http://kb2.adobe.com/cps/141/tn_14157.html

2. Reboot to clear out any left over ocx files.

3. Rescan using PSI - if there are any insecure Flash elements left what is the path to them? U should not proceed to stage 4 until all U clear any problems found.(The PSI overview page may look a little odd because it uses Flash for the pictorials)

Note: At this stage,if PSI finds any elements of Flash in the C:\i386 folder or on any drive other than C that is an OEM reinstallation partition (normally D drive) or a drive U use solely to backup your work U can safely create an ignore rule.


4. Reinstall the latest Internet Explorer Flash Player from here:

http://www.filehippo.com/download_flashplayer_ie/

4A.If U are also using Firefox, Opera and other Gecko-based browsers U need this link as well:

http://www.filehippo.com/download_flashplayer_fire...

5. Go to add/remove & double check Adobe have not installed the useless Adobe Download Manager - if U see an entry remove it.

08:44 16/11/2009



Hi Maurice,

Thanks for all of your help and for putting up with my inexperience.

I followed your instructions and downloaded and used the Flash uninstaller. I rebooted and ran the Secunia scan. There were no files left over.

I reinstalled the latest flash player from the "filehippo" website.

When I'm using the advanced Secunia interface, my score is now 95%. When I'm using the simple interface, my score is 100%! Still, I like the advanced inteface better and will continue using it. I'm still using two end-of-life, unsupported Microsoft Office programs, but I must keep them since I'm too cheap to buy the latest version.

Thanks for coming to the rescue, again! Problem solved.

SilverCat
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services (MSXML) 6.x
Handling Contributor 17th Nov, 2009 09:27
Score: 11786
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
What is the path to the Microsoft items? Are they Office 2000?

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
SilverCat RE: Microsoft XML Core Services (MSXML) 6.x
Member 17th Nov, 2009 09:54
Score: 0
Posts: 21
User Since: 19th Feb 2009
System Score: N/A
Location: N/A
on 17th Nov, 2009 09:27, Maurice Joyce wrote:
What is the path to the Microsoft items? Are they Office 2000?


Reply:

Office 97 (Word and Excel)

"C:\Program Files\Microsoft Office\Office\EXCEL.EXE"

"C:\Program Files\Microsoft Office\Office\WINWORD.EXE"

SilverCat


Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services (MSXML) 6.x
Handling Contributor 17th Nov, 2009 09:59
Score: 11786
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
OK - U are absolutely right. 97 is a dead duck. Used with care it should be OK.

Office 2010 released shortly & Christmas is coming!!!!!!!!!!!!!!!!

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
SilverCat RE: Microsoft XML Core Services (MSXML) 6.x
Member 17th Nov, 2009 10:07
Score: 0
Posts: 21
User Since: 19th Feb 2009
System Score: N/A
Location: N/A
on 17th Nov, 2009 09:59, Maurice Joyce wrote:
OK - U are absolutely right. 97 is a dead duck. Used with care it should be OK.

Office 2010 released shortly & Christmas is coming!!!!!!!!!!!!!!!!



Yes, not a quack out of it.

Who knows, I might get 2010 in my Christmas stocking!

SilverCat
Was this reply relevant?
+0
-0
thedillpickl Further negotiations
Contributor 18th Nov, 2009 03:37
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Last edited on 22nd Nov, 2009 04:09
info deleted

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+0
-0
Maurice Joyce RE: Further negotiations
Handling Contributor 19th Nov, 2009 10:49
Score: 11786
Posts: 9,035
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 21st Nov, 2009 10:24
Information deleted.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
thedillpickl RE: Further negotiations
Contributor 22nd Nov, 2009 04:08
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Thanks Maurice;

Be in touch soon.


Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer