Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Microsoft Data Access Components

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

This thread has been marked as locked.
Keith Williams Microsoft Data Access Components
Member 1st Feb, 2010 11:25
Ranking: 0
Posts: 9
User Since: 31st Jan, 2008
System Score: N/A
Location: N/A
Using Windows XP (home)
Secunis PSI indicates a further insecure program.
Microsift Data Access Components (MDAC) 2x
2.81.1117.0
Cannot remove using Control Panel, C Cleaner, Revo uninstaller, in fact I cannot find this program.
I have tried Microsoft Automatic Download system, Essential and otherwise.
Advice please.
Keith.

This user no longer exists RE: Microsoft Data Access Components
Member 1st Feb, 2010 11:28
Hi,
If you want to generally update software the PSI flags as Insecure, please try the Solution button in the PSI. The solution button is a blue circle, with a button pointing down.

Hope this helps.
Was this reply relevant?
+0
-0
Keith Williams RE: Microsoft Data Access Components
Member 1st Feb, 2010 12:15
Score: 0
Posts: 9
User Since: 31st Jan 2008
System Score: N/A
Location: N/A
Blue Solution clicked and message reads
The link you are trying to open requires IE to function correctly & will therefore not respond to your default browser.
Keith.
Was this reply relevant?
+0
-0
This user no longer exists RE: Microsoft Data Access Components
Member 1st Feb, 2010 12:23
Yes. That's no error message. Since it's a Microsoft product it will likely be Microsoft update. Microsoft update only works in Internet Explorer.

Go right ahead and use MS update to patch the problem.
Was this reply relevant?
+0
-0
Keith Williams RE: Microsoft Data Access Components
Member 1st Feb, 2010 12:37
Score: 0
Posts: 9
User Since: 31st Jan 2008
System Score: N/A
Location: N/A
Clicked Microsoft High priority updates, none available, therefore no patching I believe.
Keith.
Was this reply relevant?
+0
-0
This user no longer exists RE: Microsoft Data Access Components
Member 1st Feb, 2010 12:49
on 1st Feb, 2010 12:37, Keith Williams wrote:
Clicked Microsoft High priority updates, none available, therefore no patching I believe.
Keith.


Hi,
Correct, MS security updates should be marked high priority. MS updates frequently require you to reboot your system and update several times. Please try rebooting and clicking the solution button again.
Was this reply relevant?
+0
-0
TiMow RE: Microsoft Data Access Components
Dedicated Contributor 1st Feb, 2010 13:19
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Hello Keith

One things for certain with the forum, is that your not the first, and never the last with a specific problem.

When I first switched from simple to advanced (which I hope you`ve been able to do OK, now), I had 17 probs to sort out.

M.D.A.C. 2.x was the last, with no downloadable solution. BTW, I know not what it is or does, but wouldn`t recommend its removal manuaully.

If you click on the settings tab on the PSI Advanced window, under the language choice box there is an area to create ignore rules (click on this to see a brief explanation).

At the very bottom line, after "Secunia PSI status:", hopefully its followed by "suggested Ignore Rules 1"
By clicking on the `1` PSI is offering to create the rule for you.

My understanding is, that the problem isn`t solved, but swept under the carpet and not included in future scans - far from ideal - but in nearly 6 mths. since I did it, theres been no adverse repercussions.

I would never attempt to write and create my own Ignore rules (let alone have the knowledge to do so), but as the software offered me this option, I thought it cant be all bad.

If you can, and do, do this - if you`re not happy afterwards, by clicking on delete rule, you can undo this action.

As you create the ignore rule, keep an eye on the bubble from the PSI toolbar icon, as this lists other MS related programs under the MDAC umbrella.

If E.P. from Secunia is still monitoring this thread, it would be interesting to get the official take on this.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
This user no longer exists RE: Microsoft Data Access Components
Member 1st Feb, 2010 13:26
Hi,
If you create an ignore rule, the file will still be scanned, but any potential security risk will be ignored. When you create an ignore rule for a specific problem, as suggested by the PSI, the specific file being detected should be ignored.

This does not resolve the problem. It can be used if you need an old version, or for some other reason do not want to upgrade or remove a flagged piece of software, but it keeps the risk on your system, and thus exposes you to additional risk.

Writing your own ignore rule is not any more complex than just entering the path to the insecure file/folder. If you ignore a folder, all of it's "children" (sub-folders) will also be ignored.
Was this reply relevant?
+0
-0
TiMow RE: Microsoft Data Access Components
Dedicated Contributor 1st Feb, 2010 13:46
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Thanks Emil,

Not really what I wanted to read!

So the fact that PSI offered this option - the only time out 17 assorted problems - hasn`t really changed anything?

As of now, and 6 months ago, there seems to be no downloadable solution to this.

I`ve just reversed and recreated this rule, and when its created the bubble shows "Programs Removed" followed by MDAC underneath - also, Outlook Express (which I dont use) a MS removal tool and a couple of references to Windows Media player 10.x (which works fine for me). The bubble disappeared before I could note everything accurately.

Under my patched tab both MDAC (althogh my version is 2.81.1132.0; and Keith has 2.81.1117.0 - so maybe an update for him is out there) and Windows Media Player 11.x are there.

Its a bit up in the air again, but I think I`ll stay with the ignore rule offered to me, for now.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
This user no longer exists RE: Microsoft Data Access Components
Member 1st Feb, 2010 14:06
Last edited on 1st Feb, 2010 14:06 Hi,
It's called an "ignore" rule for a reason, because it ignores an issue. Your version seems to be secure according to our rules.

In order to troubleshoot, I'll need you to post the path to the detected instance of MDAC.

Your version of appears to meet the minimum secure requirements, though Keith needs a more recent version. Could I ask you to rescan the program entry?
Was this reply relevant?
+0
-0
TiMow RE: Microsoft Data Access Components
Dedicated Contributor 1st Feb, 2010 14:35
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 1st Feb, 2010 14:45
OK Emil this is how it is.

Undid ignore rule, so MDAC now shows in Insecure, and this version is the same as Keith`s - 2.81.1117.0, and not the later version showing in patched. Did a rescan of this program - still shows as insecure.

Version Detected:
2.81.1117.0

Installation Path:
C:\i386\msadox.dll

Maybe if a later version is showing in patched and there is no solution to this older version, is why PSI offered the ignore rule - or can this file just be removed at source?

AS of yet,I haven`t tried download solution, but guess that Keith`s take on that of no download available is still valid.

I must soon go out, unfortunately, so I`ll check back when I can.

Thanks

TiMow

EDIT:

FWIW the later version in patched has the following path:

Version Detected:
2.81.1132.0

Installation Path:
C:\Program Files\Common Files\System\ado\msadox.dll

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
This user no longer exists RE: Microsoft Data Access Components
Member 1st Feb, 2010 14:45
Hi,
it does occasionally work to remove old files, though you should be aware that this happens completely at your own risk, and can cause breakage. If you decide to do it, it's recommended to rename the file to "filename.old" instead of entirely removing it, in case an application depends on it (or the OS).

It does happen that updates do not remove old versions of software, or that vendors bundle insecure old versions with their own software. This could have been the case here.

Before trying anything like that, however, I strongly recommend you try clicking the solution button in the PSI again, and see for yourself that there are no updates available.

Hope this helps.
Was this reply relevant?
+0
-0
TiMow RE: Microsoft Data Access Components
Dedicated Contributor 1st Feb, 2010 14:48
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Thanks for you speedy reply, Emil.

I was just in the process of adding an edit to my previous post, with the patched version file path, for comparison.

Thanks again

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
This user no longer exists RE: Microsoft Data Access Components
Member 1st Feb, 2010 14:53
Let me know if any of the suggested solutions resolved the problem.
Was this reply relevant?
+0
-0
jmisra RE: Microsoft Data Access Components
Member 1st Feb, 2010 15:42
Score: 0
Posts: 2
User Since: 30th Oct 2008
System Score: N/A
Location: N/A
Some FYI regarding Microsoft Data Access Components. This is a library of code used by MS Access databases and other programs that use a database as part of their system. Since it is code, it will not show up as an individual item on the Microsoft Website. Each program that uses it will need to be updated, whether they are Microsoft or another company that uses the runtime versions of Microsoft software.

The i386 is an install folder for Microsoft. Since it is created when you first install it will contain older versions. It is NOT recommended to delete anything from this folder as you may need to restore your system to its original state for some reason. Thus it is best to ignore this folder.
Was this reply relevant?
+0
-0
Anthony Wells RE: Microsoft Data Access Components
Expert Contributor 1st Feb, 2010 16:08
Score: 2384
Posts: 3,280
User Since: 19th Dec 2007
System Score: N/A
Location: N/A


I can confirm what @jmisra says concerning the i386 location and the files in there can be set to be ignored ; each file in question can have it's own ignore rule and PSI will set it for you if (in Advanced " mode") you + click and expand the programme in question , look in the "toolbox" and click on ignore program" icon.

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Keith Williams RE: Microsoft Data Access Components
Member 1st Feb, 2010 17:56
Score: 0
Posts: 9
User Since: 31st Jan 2008
System Score: N/A
Location: N/A
to TiMow
Thanks Have done. Clicked on the '1' and MDAC has been removed from list of insecure programs. Have listed other MS programs affected just in case. No response as yet.from E. P. & Secunia, who I found to be helpful initially.
Keith.
Was this reply relevant?
+0
-0
TiMow RE: Microsoft Data Access Components
Dedicated Contributor 1st Feb, 2010 19:26
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Evening Keith

If you follow this thread from where you left off, I`ve been "conversing" with Emil throughout the afternoon. As this issue is common to both of us, I`ve been trying to check solution on my (our) behalf.

With the input, from jmisra and Anthony (thanks guys) its kind of run its course, with jmisra explaining what it is, and what best to do.

On my part, I`ve also reassigned the Secunia suggested ignore rule, but remember this does not truly solve the issue, but wiil suffice until time permits further investigation.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
jmisra RE: Microsoft Data Access Components
Member 1st Feb, 2010 20:19
Score: 0
Posts: 2
User Since: 30th Oct 2008
System Score: N/A
Location: N/A
Keith, in whch folder is the problem MDAC code located? If it is not in an install folder, then knowing location may help in tracking down a resolution. Depending on the progam using the code and your operating system, it may be possible to replace the bad code library with an updated one. I have done this before with good results but success is dependant on where and what is accessing the code in this location.

Judy
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft Data Access Components
Handling Contributor 2nd Feb, 2010 00:09
Score: 11309
Posts: 8,723
User Since: 4th Jan 2009
System Score: N/A
Location: UK
@TiMow
In this instance I believe it has completely cured your problem safely.

The Folder i386 has NO exposure therefore can be completely ignored. The same rule applies if U have a partition on your main drive that contains OEM reinstallation (Recovery)files (normally a D drive) or U have a second internal hard drive/external USB connected hard drive PROVIDED THEY ARE SOLELY USED TO BACK UP your files.

Files in these areas will become out of date & will never be updated because vendors cannot & do not look in these area. Secunia by default does hence the miss match.

I would:
1. Delete any current rules U have.
2. Create a Global Rule for the i386 folder.
3. Create another Global rule for your partition if U have one.
4. Once created run a full scan. Anything left to patch? If not, U ARE 100% SECURE AND ARE NOT HIDING VULNERABILITIES THAT CAN BE HARMFUL.

CREATING A GLOBAL IGNORE RULE
=============================

1.Click on the SETTINGS tab>scroll to the bottom & click on CREATE IGNORE RULE

2.In the RULE NAME BOX insert something like MY BACKUP DRIVE (MY I386 FOLDER)(MY PARTITION DRIVE)

3.In the RULE BOX type C:\Windows\i386 (If your partition drive is D just type D:\

4.Click SAVE IGNORE RULE>CLOSE

All drives will continue to be scanned by default but the result from the drives ignored will not be published.

Hope this helps

22:58 01/02/2010














--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
TiMow RE: Microsoft Data Access Components
Dedicated Contributor 2nd Feb, 2010 09:06
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 2nd Feb, 2010 09:09
Hello Maurice

Thanks for your advice

With the info I have received thusfar, I too beleive that the problem, if not 100% solved, is at least isolated.

As M.D.A.C.was an issue for me about 6 mths. ago this new focus has caused me to re-examine my actions to finding a solution.

Re. your specific points: My Dell laptop only has single hard drive, and as of yet I dont have an external hard drive, although I know I should for backup, and do intend to get one at some stage.

I, actually didn`t do as Anthony suggested, and click the Ignore Program icon in tools, but have an ignore rule, in settings much as you suggested:

Rule Name: Default Windows restore/backup folder;
Rule: C:\i386\

As previously stated in my initial response on this thread, this option was suggested and set up by the software itself, right at the bottom of the settings page, where "Ready to scan..." is normally found. Easily missed if you`re not looking - how many times to do you need to visit the settings page, on a daily basis? - not many!
Maybe, somewhere in Denmark is a software writer who pre-empted this exact issue and made such a provision?

All I know is, that I started with 17 problems 9 mths. ago, and have now resolved over 30 in total, and this is the only instance where an ignore rule has been suggested; - the other problems being solved in the `normal`way.

Regards,

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability