Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Service Pack 3 is insecure - continuing problems

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft Windows XP Home Edition

This thread has been marked as locked.
dehawkinz Service Pack 3 is insecure - continuing problems
Member 4th Apr, 2010 18:44
Ranking: -2
Posts: 14
User Since: 3rd Apr, 2010
System Score: N/A
Location: N/A
I followed the advice in thread http://secunia.com/community/forum/thread/show/289...

The fix given to me is as follows:

Step 1: Remove KB971486 in Add or Remove Programs

1a. Open Add/Remove Programs. Note: Be sure to have "Show updates" checked (if Service Pack 2 for XP is installed).

1b. Look for update KB971486.

1c. Please highlight and remove it.

1d. Restart Windows.

====================

Step 2: Reinstall KB971486

2a. Please download KB971486 from the following link:

<a href="http://download.microsoft.com/download/C/4/C/C4C96...">KB971486 download</a>


2b. Save the update to C: drive. (Do not run the update directly)

2c. Click Start->Run, type in the following:

“C:\WindowsXP-KB971486-x86-ENU.exe /overwriteoem” (without the quotes)

Please note there is a space between: exe and /overwriteoem

Then press Enter to install the update.

2d. After this, restart the computer and then visit the Windows Update site to check if the Update KB971486 is still listed. If it is gone, reboot and then run your PSI scan again.


However Windows update still thinks it is not installed, but it is showing as installed !!

ie windows update is not reading my system right (now why does that not surprise me??)

so any ideas??

mogs

RE: Service Pack 3 is insecure - continuing problems
[+]
This reply has been minimised due to a negative Relevancy Score.
dehawkinz RE: Service Pack 3 is insecure - continuing problems
Member 4th Apr, 2010 23:23
Score: -2
Posts: 14
User Since: 3rd Apr 2010
System Score: N/A
Location: N/A
It was secunia that was pointing to an insecurity with service pack 3

I am using it in advanced mode, simple mode reports 100% secure.

I have been following a multi-faceted approach to identify and eliminate problems.

Currently there appear to be 2 possibly inter-related issues.

1. KB971486 is showing as installed by my windows, but windows update thinks it is not installed (I have windows update service disabled so it is not 'downloaded but not installed' as was experienced by some mebers)
2. the forum link for the secunia service pack 3 issue is referencing windows movie maker, which is a program I never use.

I am a naturally cautious person - this is why IE is disabled, and the Windows Update service is switched off - if something wants to talk to my computer - it comes and asks me first - even secunia has to ask for permission to connect to check for updates!

so Yes, I wish to try and eliminate potential security risks, but equally I am not going to beat myself up over a single source of complaint.

I referred to the KB971486 issue in my first post as this was a previously stated area of problem that other users had experienced, ie - the problem is not fixed.

For those that are interested I have also followed up on the solutions suggested under KB822798
http://support.microsoft.com/kb/822798/

I have tried methods 2 through 5, 9 and 10 without success
Was this reply relevant?
+0
-0
mogs RE: Service Pack 3 is insecure - continuing problems
Expert Contributor 4th Apr, 2010 23:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
I see Maurice is back on the scene......I'm sure he'll be able to help you.

--
Was this reply relevant?
+0
-0
This user no longer exists RE: Service Pack 3 is insecure - continuing problems
Member 6th Apr, 2010 09:54
Hi,

Some Microsoft updates require you to reboot. When updating Windows, please check for updates, reboot, rescan, and (if it's still showing you as insecure), repeat.
Hope this helps.
Was this reply relevant?
+0
-0
dehawkinz RE: Service Pack 3 is insecure - continuing problems
Member 6th Apr, 2010 19:57
Score: -2
Posts: 14
User Since: 3rd Apr 2010
System Score: N/A
Location: N/A
Last edited on 6th Apr, 2010 20:04
Hi,

I rebooted after installing it, but it still comes up as listed as being outstanding on the microsoft updates list, and is still showing in add/remove list as installed.

update was installed on 4 April 2010

The last full system scan was conducted on:
5 Apr. 2010, 19:14

the oddity is that the link for the insecure SP3 is linked to movie maker 2

I have also installed KB975561, rebooted and re-scanned but still get the insecurity warning. Windows Update is NOT listing this as an outstanding update.




Was this reply relevant?
+0
-0
This user no longer exists RE: Service Pack 3 is insecure - continuing problems
Member 7th Apr, 2010 09:23
Hi,

Could you ensure you have installed every Microsoft security update? Please go to Windows Update and install everything flagged as "critical".

hope this helps.
Was this reply relevant?
+0
-0
dehawkinz RE: Service Pack 3 is insecure - continuing problems
Member 7th Apr, 2010 23:42
Score: -2
Posts: 14
User Since: 3rd Apr 2010
System Score: N/A
Location: N/A
Last edited on 7th Apr, 2010 23:44
I have installed everything Microsoft has marked as critical, except Internet Explorer 8, and that is most definitely NOT a critical update, regardless of what Microsoft thinks.

according to windows update site I have the following updates not installed:

High Priority
Internet Explorer 8 for windows XP
Security Update for Windows XP (KB971468)

Optional Software Updates
Windows Search 4.0 for Windows XP (KB940157)
Windows Media Player 11
Microsoft Silverlight (KB979202)
Windows Live Essentials

Optional Hardware Updates
C Media Electronics Incorporation - Sound - C-Media AC97 Audio Device



Internet Explorer 8 - Definitely NOT Needed
Security Update for Windows XP (KB971468) - I have installed and rebooted this about 5 times now (maybe more)
Windows Search 4.0 for Windows XP (KB940157) - I installed, hated it and uninstalled
Windows Media Player 11 - Not Needed
Microsoft Silverlight (KB979202) - Not Needed
Windows Live Essentials - Not Needed
C Media Electronics Incorporation - Sound - C-Media AC97 Audio Device - installed, crashed my audio device, had to uninstall to make it work again
Was this reply relevant?
+0
-0
mogs RE: Service Pack 3 is insecure - continuing problems
Expert Contributor 8th Apr, 2010 00:00
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello again.....as I've stated before; I'm not an XP user.....I'm not much of a gambling man either.....but it wouldn't surprise me if you're not being too stubborn for your own good.
As IE is an integral component of Windows, it would seem to be folly to ignore a critical patch which would make all secure. To you, the jigsaw looks okay with a piece missing perhaps? ........just an observation....with a grain of good humour?

--
Was this reply relevant?
+0
-0
dehawkinz RE: Service Pack 3 is insecure - continuing problems
Member 8th Apr, 2010 01:45
Score: -2
Posts: 14
User Since: 3rd Apr 2010
System Score: N/A
Location: N/A
(smile) if it is complaining that I have Intenet Explorer locked away in an encrypted folder (there is a fake iexplore.exe available for programs foolish enough to think that is the IE Browser), then I don't have a security issue :)


However this does not really clarify why KB971486 which is to do with an elevated kernel access risk should be affected by IE. As their own security bulletin says it is not an issue for remote or anonymous users, only those with a current logon to the system.

" An attacker must have valid logon credentials and be able to log on locally to exploit any of these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users. "
http://www.microsoft.com/technet/security/bulletin...
Was this reply relevant?
+0
-0
mogs RE: Service Pack 3 is insecure - continuing problems
Expert Contributor 8th Apr, 2010 08:45
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello again.
It seems to me then, as a comparitively non-techie, that your issue is with Windows, and not Secunia that is doing it's job.
It is your choice to ignore the patch that causes Secunia to detect the vulnerability. It seems to work for the vast majority of users.
You should take your issue up with Windows and not be trying to resolve it here ?

--
Was this reply relevant?
+1
-1
dehawkinz RE: Service Pack 3 is insecure - continuing problems
Member 8th Apr, 2010 22:29
Score: -2
Posts: 14
User Since: 3rd Apr 2010
System Score: N/A
Location: N/A
If it was a case that secunia was saying no problems, and windows update was saying there is a problem, then I would agree.

BUT this is not the case.

As I stated earlier

Windows Update has KB971486 as not installed, yet it is installed.
secunia is flagging Movie Maker 2 as an issue (KB975561) but windowes update is not saying this is outstanding and it has been installed.

so secunia and windows are not in agreement about what the problem (if there is one) is, and both are apparently missing an installed KB update.

Was this reply relevant?
+0
-0
mogs RE: Service Pack 3 is insecure - continuing problems
Expert Contributor 8th Apr, 2010 22:58
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
My last post to you was regarding the IE patch, that you said you hadn't applied.
It seems to me that you've got a very contrary way of doing things, and Secunia is something I know a bit better.
What is Secunia showing in your Secure Browsing tab?

--
Was this reply relevant?
+0
-0
dehawkinz RE: Service Pack 3 is insecure - continuing problems
Member 8th Apr, 2010 23:16
Score: -2
Posts: 14
User Since: 3rd Apr 2010
System Score: N/A
Location: N/A
Secunia is showing it as secured

Google Chrome 4.x (Assessment: Secure for browsing)

Was this reply relevant?
+0
-0
mogs RE: Service Pack 3 is insecure - continuing problems
Expert Contributor 9th Apr, 2010 00:04
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
In effect then, your IE8 is not showing in your Secure Browsing tab with a long standing vulnerability ? Only Chrome is shown as secure ?
It seems that you have taken IE out of Secunia's jurisdiction; and yet when searching your progs knows that it should be an integral component of Windows.
Maybe your confusing it?

--
Was this reply relevant?
+0
-0
dehawkinz RE: Service Pack 3 is insecure - continuing problems
Member 9th Apr, 2010 00:27
Score: -2
Posts: 14
User Since: 3rd Apr 2010
System Score: N/A
Location: N/A
I am *Guessing* that Secunia only identifies the default browser - ie the program that is activated when you click on a webpage.

I have several browsers installed on my system, but Secunia is only identifying Google Chrome (which currently is my default browser) under the safe browsing tab.

I also have:

OffbyOne (V3.5a)
Safari (4 Public Beta 528.16)
FireFox (1.5.0.12)
Flock (1.2.7)
Opera (10.51)
Internet Explorer (6.0.2900.2180)


Was this reply relevant?
+0
-0
dehawkinz RE: Service Pack 3 is insecure - continuing problems
Member 16th Apr, 2010 08:59
Score: -2
Posts: 14
User Since: 3rd Apr 2010
System Score: N/A
Location: N/A
Hmmm,

Its been a week and no response from anyone - I know you are not a technical expert Mogs, and it seems the 'techies' can not explain why secunia and windows update are both identify different issues as not installed and resolved when the KB solutions are installed.

so, please can anyone explain why windows update says I need to fix Security Update for Windows XP (KB971468) and secunia is saying I need to fix Movie Maker 2 (KB975561) when both of these updates are in fact installed on my computer?

Or is this just too baffling?

If it is, fine at least I know that no-one understands why secunia and windows update can not figure out my system :)
Was this reply relevant?
+0
-0
This user no longer exists RE: Service Pack 3 is insecure - continuing problems
Member 16th Apr, 2010 09:19
Hi,

Please try rebooting, rechecking Microsoft Update, and then rescanning with the PSI.
Has this solved the problem?
Was this reply relevant?
+0
-0
mogs RE: Service Pack 3 is insecure - continuing problems
Expert Contributor 16th Apr, 2010 10:12
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
I'm possibly as technical as I need to be.....tend towards caring for the "Soul" more than erratic symptoms perhaps. I felt that I'd given you enough at that time.
You are "guessing" with regard to Secunia and default browsers. Secunia does not monitor Beta versions.
I'm using Chrome Dev as default and yet do not find myself in conflict with Secunia nor my own Operating System, about it.
As I stated previously, I find your ways ( and with words ); contrary.
I think you may be the master of your own misfortune. Regards,

--
Was this reply relevant?
+0
-0
Anthony Wells RE: Service Pack 3 is insecure - continuing problems
Expert Contributor 16th Apr, 2010 13:04
Score: 2434
Posts: 3,317
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 16th Apr, 2010 16:31
@dehawkinz ,

I know that Emil and Mogs are spending/taking a lot of time to look at your problem(s) , but I have to say that if PSI is not picking up any browser other than Chrome then I agree with Mogs , you seem to be "outguessing" yourself and confusing us all .

I'm sure Emil can supply all the "techie" details you require , but Secunia/PSI is dependent on IE , as it is embedded into Windows , in order to do it's job ; it does not need to be your default , but it should show up with all your other "installed" browsers in the "secure browsing" tab . My IE7 is completely broken and does not launch as a browser , but it still shows up in and for PSI .

As for your KB problems , if your system confuses PSI it may well confuse M$ updates and PSI needs you to be able to connect to "M$ updates" via IE in order to display your up to date system .

If you "Google" your KB's there are plenty of references to download/update difficulties people have/are experiencing . For example Bleeping Computer offer a second "workaround" for KB971486 , as well as the one you say you followed in your first post (BP method has slightly different details , which could be significant):-

http://www.bleepingcomputer.com/blogs/mowgreen/ind...

Have you tried the free (for personal use) Belarc Advisor as a "second opinion" as to which KB may or may not be loaded on your system ??

http://www.belarc.com/

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
taffy078 RE: Service Pack 3 is insecure - continuing problems
Contributor 16th Apr, 2010 16:42
Score: 408
Posts: 1,322
User Since: 26th Feb 2009
System Score: 100%
Location: UK
this thread is too technical for me but I just wanted to say thanks to Anthony for the Belarc link.
Just run it - no issues on my PC, thank goodness.

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
taffy078 RE: Service Pack 3 is insecure - continuing problems
Contributor 16th Apr, 2010 16:51
Score: 408
Posts: 1,322
User Since: 26th Feb 2009
System Score: 100%
Location: UK
As Anthony suggested, I just googled and found many posts with problems with KB975561.
Possible solution,including reply from an MS MVP:
http://www.keyongtech.com/5528423-kb975561-update-...

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
pengwyn RE: Service Pack 3 is insecure - continuing problems
Member 16th Apr, 2010 17:28
Score: 5
Posts: 24
User Since: 6th Mar 2009
System Score: N/A
Location: Sacramento, N/A
Last edited on 16th Apr, 2010 17:55
You might want to check your iexplorer.exe isn't replaced with the original. IIRC that's a protected file and last time I deleted the whole microsoft internet explorer dir many files were re-created along with the directory. IE also has a backend API that can be used to network and screw things up without firing up iexplorer.exe as a running process - I hope your aware of that as well.

There's ways around this, but you would needed to jump through some hoops to force that file to be other than what the system wants, and your system will be unstable. Also, updates will probably be broken as well as help center, security center, and system restore. Anything which uses the IE backend.

I know cause I forcefully removed IE before on a system where I had IE8 slipstreamed in. Trying to remove it and install IE7 = fail, but I learned a lot about different ways an unstable system behaves with missing IE.. The system will run, but be very screwy with the end result being the need to reformat and reinstall the OS completely..

Two more ideas here about UPDATES at microsoft.

1. A partially downloaded patch will sometimes fail to install.
2. Automatic Updates Service must not only be running, but be in automatic and started. BITS (Background Intelligent Transfer Service) should be running the same way... Automatic and started. If these are annoying they can be scripted to not run when the system normally boots. It's how I do it.

2a. You might try CUSTOM instead of EXPRESS if your going that route on your windows updates


About Moviemaker...

I have v2.1.4027.0 on XP SP3 (with the patch for more than X hundred transitions windowsxp-kb969395-x86-enu.exe http://support.microsoft.com/kb/969395 )

It scans fine (e.g. passes) in PSI 1.5.0.1.

Was this reply relevant?
+0
-0
dehawkinz RE: Service Pack 3 is insecure - continuing problems
Member 17th Apr, 2010 00:10
Score: -2
Posts: 14
User Since: 3rd Apr 2010
System Score: N/A
Location: N/A
@anthony

Curioser and curioser

I removed the movie maker folder from windows - I never used it anyway, so no great loss :)

This cured the service pack 3 issue when I re-scanned - gaining me a 100% score on PSI :)

I downloaded and ran the belarc advisor, and it promptly found 10 issues which psi is missing :(

Missing Microsoft Security Hotfixes
Q971468 - Important
Q977816 - Critical
Q978338 - Moderate
Q978601 - Critical
Q979309 - Critical
Q979402 - Critical
Q979683 - Important
Q980182 - Critical
Q980232 - Critical
Q981349 - Important

So thanks for the tip Anthony, I could have been blissfully ignorant but for belarc :)
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability