Forum Thread: Microsoft XML Core Services (MSXML) 6.x

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft XML Core Services (MSXML) 6.x

This thread has been marked as resolved.
g3ntyuk Microsoft XML Core Services (MSXML) 6.x
Member 25th Apr, 2010 19:57
Ranking: 2
Posts: 8
User Since: 11th Jan, 2008
System Score: 95%
Location: UK
Ive just installed PSI on my laptop, the only insecure program is the

Microsoft XML Core Services (MSXML) 6.x

the version detected is: 6.10.1129.0

and the folder its found in is: D:\Windows\System32\msxml6.dll

ive looked on the windows update and theres nothing there.

im running Windows 7

any ideas on how to remove this threat?

Post "RE: Microsoft XML Core Services (MSXML) 6.x" has been selected as an answer.
gjjean RE: Microsoft XML Core Services (MSXML) 6.x
Contributor 25th Apr, 2010 20:30
Score: 192
Posts: 197
User Since: 9th Apr 2010
System Score: 100%
Location: LB


--
HP pavilion DV6
Win 7 64bit - SP1
IE10 + MSSE4.3.215
Was this reply relevant?
+1
-0
g3ntyuk RE: Microsoft XML Core Services (MSXML) 6.x
Member 25th Apr, 2010 20:48
Score: 2
Posts: 8
User Since: 11th Jan 2008
System Score: 95%
Location: UK
hi. ive looked at what you mean and the D drive is a partition (Recovery drive) so i checked the "Patched" section of secunia and as you state there are 2 programs.

One is located in C Drive (the same version as yours)

the other one is located in the D drive which shows version 3.xx etc

so its safe to ignore this insecure one then?

thanks buddy
Was this reply relevant?
+0
-0
gjjean RE: Microsoft XML Core Services (MSXML) 6.x
Contributor 25th Apr, 2010 21:12
Score: 192
Posts: 197
User Since: 9th Apr 2010
System Score: 100%
Location: LB


--
HP pavilion DV6
Win 7 64bit - SP1
IE10 + MSSE4.3.215
Was this reply relevant?
+0
-0
ddmarshall RE: Microsoft XML Core Services (MSXML) 6.x
Dedicated Contributor 25th Apr, 2010 21:21
Score: 1250
Posts: 992
User Since: 8th Nov 2008
System Score: 98%
Location: UK
If it's a Recovery Drive it will have been put there by the computer manufacturer to enable the computer to be reset to its factory settings. In this case you should leave it alone and create an ignore rule.

--
Was this reply relevant?
+2
-0
gjjean RE: Microsoft XML Core Services (MSXML) 6.x
Contributor 26th Apr, 2010 11:13
Score: 192
Posts: 197
User Since: 9th Apr 2010
System Score: 100%
Location: LB


--
HP pavilion DV6
Win 7 64bit - SP1
IE10 + MSSE4.3.215
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services (MSXML) 6.x
Handling Contributor 26th Apr, 2010 11:39
Score: 12090
Posts: 9,383
User Since: 4th Jan 2009
System Score: N/A
Location: UK
John,
@g3ntyuk has already stated he has a manufacturers OEM partition on his D drive.

@ddmarshall is 100% correct. U should not modify that drive at all. Recovery will be crippled paticularly with HP OEM recovery.

@g3ntyuk.
A OEM partition is scanned by PSI because it sees it as a hard drive (which it is).

A partition has NO EXPOSURE therefore it is totally safe to create an ignore rule.

To prevent this happening again create a Global ignore rule.

CREATING A GLOBAL IGNORE RULE
=============================

1.Click on the SETTINGS tab>scroll to the bottom & click on CREATE IGNORE RULE

2.In the RULE NAME BOX insert something like MY BACKUP DRIVE

3.In the RULE BOX type D:\ (or the drive letter U wish to ignore)

4.Click SAVE IGNORE RULE>CLOSE

All drives will continue to be scanned by default but the result from the drives ignored will not be published.

If this post has solved your problem could you please select the ACCEPT option. This will lock the thread and stop you & I from receiving unnecessary update emails.

Revision 2


--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1607 Build 14393.222
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
gjjean RE: Microsoft XML Core Services (MSXML) 6.x
Contributor 26th Apr, 2010 12:11
Score: 192
Posts: 197
User Since: 9th Apr 2010
System Score: 100%
Location: LB


--
HP pavilion DV6
Win 7 64bit - SP1
IE10 + MSSE4.3.215
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services (MSXML) 6.x
Handling Contributor 26th Apr, 2010 12:26
Score: 12090
Posts: 9,383
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Because it is not patched & never will be. The key is a partition has NO EXPOSURE. No updaters can find unpatched programmes on a partition hence they are never updated which includes MS.


PSI scans all hard drives by default which is fairly unique hence it is finding the vulnerability.

The same rule applies with non partition hard drives with back up data. & folder i386. They can all be ignored.

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1607 Build 14393.222
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
gjjean RE: Microsoft XML Core Services (MSXML) 6.x
Contributor 26th Apr, 2010 12:39
Score: 192
Posts: 197
User Since: 9th Apr 2010
System Score: 100%
Location: LB
Thanks

--
HP pavilion DV6
Win 7 64bit - SP1
IE10 + MSSE4.3.215
Was this reply relevant?
+0
-0
ddmarshall RE: Microsoft XML Core Services (MSXML) 6.x
Dedicated Contributor 26th Apr, 2010 13:41
Score: 1250
Posts: 992
User Since: 8th Nov 2008
System Score: 98%
Location: UK
John

Manufacturers' recovery procedures vary. They are not part of Windows. For example, Dell used to use a version of Norton Ghost. Sometimes Windows can see the contents of the recovery partition, sometimes not.

--
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services (MSXML) 6.x
Handling Contributor 27th Apr, 2010 09:19
Score: 12090
Posts: 9,383
User Since: 4th Jan 2009
System Score: N/A
Location: UK
@ddmarshall
This statement requires clarification.

"Sometimes Windows can see the contents of the recovery partition, sometimes not".

Given this thread is only advising on creating an ignore rule are U saying MS can remotely interrogate an OEM partition & remotely update it? If so the OEM(s) should be revealed so that reversal action on any ignore rule made by those using these PC's. If MS can do that so can anyone else with knowledge which makes these PC's vulnerable.

I believe U are saying that some OEM's allow users to open the partition & see what files are there which does not have security implications and really has nothing to do with answering this question:

"hi. ive looked at what you mean and the D drive is a partition (Recovery drive) so i checked the "Patched" section of secunia and as you state there are 2 programs.

One is located in C Drive (the same version as yours)

the other one is located in the D drive which shows version 3.xx etc

so its safe to ignore this insecure one then?

thanks buddy"




--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1607 Build 14393.222
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
ddmarshall RE: Microsoft XML Core Services (MSXML) 6.x
Dedicated Contributor 27th Apr, 2010 10:42
Score: 1250
Posts: 992
User Since: 8th Nov 2008
System Score: 98%
Location: UK
I was replying to gjjean's question about why his experience was different from the original poster's.

For clarification.

Microsoft never do anything to a recovery partition.
Recovery partitions are there so that OEMs do not have to supply a full copy of Windows on DVD and thus keep their prices down.
How the recovery process works is down to the OEM.
Usually the recovery partition is not visible when using Windows; i.e. it doesn't show up in Computer. However on some systems it is. The original poster's seems to be one of those.
Setting up an ignore rule for a recovery partition is perfectly safe.

--
Was this reply relevant?
+0
-0
g3ntyuk RE: Microsoft XML Core Services (MSXML) 6.x
Member 27th Apr, 2010 11:10
Score: 2
Posts: 8
User Since: 11th Jan 2008
System Score: 95%
Location: UK
Thanks for all the advice. Case closed :-)
Was this reply relevant?
+0
-0

This thread has been marked as locked.