Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Microsoft XML Core Services (MSXML) 6.x

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft XML Core Services (MSXML) 6.x

This thread has been marked as resolved.
g3ntyuk Microsoft XML Core Services (MSXML) 6.x
Member 25th Apr, 2010 19:57
Ranking: 1
Posts: 7
User Since: 11th Jan, 2008
System Score: 95%
Location: UK
Ive just installed PSI on my laptop, the only insecure program is the

Microsoft XML Core Services (MSXML) 6.x

the version detected is: 6.10.1129.0

and the folder its found in is: D:\Windows\System32\msxml6.dll

ive looked on the windows update and theres nothing there.

im running Windows 7

any ideas on how to remove this threat?

Post "RE: Microsoft XML Core Services (MSXML) 6.x" has been selected as an answer.
gjjean RE: Microsoft XML Core Services (MSXML) 6.x
Contributor 25th Apr, 2010 20:30
Score: 192
Posts: 197
User Since: 9th Apr 2010
System Score: 100%
Location: LB
@ g3ntyuk
You said that you use win7 and the offending file resides in the D:\ partition.
Is this your boot drive ? or is this an image or a copy of whatís in C:\ drive.
If this is correct than you can make an ignore rule to that file.

Iím using win 7 and my msxml version is 6.30.7600.16385.

Anyway, in PSI interface ďPatched ProgramsĒ you should see two entries
For msxml one in c:\windows\system32 the other in C:\windows\syswow64.
Good luck.


--
HP pavilion DV6
Win 7 64bit - SP1
IE10 + MSSE4.3.215
Was this reply relevant?
+1
-0
g3ntyuk RE: Microsoft XML Core Services (MSXML) 6.x
Member 25th Apr, 2010 20:48
Score: 1
Posts: 7
User Since: 11th Jan 2008
System Score: 95%
Location: UK
hi. ive looked at what you mean and the D drive is a partition (Recovery drive) so i checked the "Patched" section of secunia and as you state there are 2 programs.

One is located in C Drive (the same version as yours)

the other one is located in the D drive which shows version 3.xx etc

so its safe to ignore this insecure one then?

thanks buddy
Was this reply relevant?
+0
-0
gjjean RE: Microsoft XML Core Services (MSXML) 6.x
Contributor 25th Apr, 2010 21:12
Score: 192
Posts: 197
User Since: 9th Apr 2010
System Score: 100%
Location: LB
@g3ntyuk
If the D:\ drive is a copy of your C:\ Drive, itís better to make
a new copy of C:\ Rather than making an ignore rule.

That depend of what you have on D:\

Best wishes.


--
HP pavilion DV6
Win 7 64bit - SP1
IE10 + MSSE4.3.215
Was this reply relevant?
+0
-0
ddmarshall RE: Microsoft XML Core Services (MSXML) 6.x
Dedicated Contributor 25th Apr, 2010 21:21
Score: 1205
Posts: 957
User Since: 8th Nov 2008
System Score: 98%
Location: UK
If it's a Recovery Drive it will have been put there by the computer manufacturer to enable the computer to be reset to its factory settings. In this case you should leave it alone and create an ignore rule.

--
This answer is provided ďas-is.Ē You bear the risk of using it.
Was this reply relevant?
+2
-0
gjjean RE: Microsoft XML Core Services (MSXML) 6.x
Contributor 26th Apr, 2010 11:13
Score: 192
Posts: 197
User Since: 9th Apr 2010
System Score: 100%
Location: LB
@ ddmarshall
Thanks for the clarification.

@ g3ntyuk
In my last response yesterday I have mentioned if drive D:\ is a copy of the C:\ drive because I have a D partition marked as a recovery Drive.

I have all patched programs on C:\ drive and PSI donít worn me of whatever
not patched program in D:\ drive.
I think PSI donít read IMAGES or what is in a compressed or in VHD file.

Thatís why Iím suspecting that something is lurking in your D.

Although Iím sure that a response from secunia officials will be more satisfying
Then mine.

Good luck


--
HP pavilion DV6
Win 7 64bit - SP1
IE10 + MSSE4.3.215
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services (MSXML) 6.x
Handling Contributor 26th Apr, 2010 11:39
Score: 11630
Posts: 8,917
User Since: 4th Jan 2009
System Score: N/A
Location: UK
John,
@g3ntyuk has already stated he has a manufacturers OEM partition on his D drive.

@ddmarshall is 100% correct. U should not modify that drive at all. Recovery will be crippled paticularly with HP OEM recovery.

@g3ntyuk.
A OEM partition is scanned by PSI because it sees it as a hard drive (which it is).

A partition has NO EXPOSURE therefore it is totally safe to create an ignore rule.

To prevent this happening again create a Global ignore rule.

CREATING A GLOBAL IGNORE RULE
=============================

1.Click on the SETTINGS tab>scroll to the bottom & click on CREATE IGNORE RULE

2.In the RULE NAME BOX insert something like MY BACKUP DRIVE

3.In the RULE BOX type D:\ (or the drive letter U wish to ignore)

4.Click SAVE IGNORE RULE>CLOSE

All drives will continue to be scanned by default but the result from the drives ignored will not be published.

If this post has solved your problem could you please select the ACCEPT option. This will lock the thread and stop you & I from receiving unnecessary update emails.

Revision 2


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
gjjean RE: Microsoft XML Core Services (MSXML) 6.x
Contributor 26th Apr, 2010 12:11
Score: 192
Posts: 197
User Since: 9th Apr 2010
System Score: 100%
Location: LB
Hi all
@ MJ
I appreciate your prompt response to this matter but, Iím
wondering If a partition has no exposure then why psi has flagged MSMXL on D: Of g3ntyuk as not patched?

Although if I have the same in my computer, Why PSI donít show me this?
Maybe I have something inadequate in my comp?

Waiting for your response.

Thanks


--
HP pavilion DV6
Win 7 64bit - SP1
IE10 + MSSE4.3.215
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services (MSXML) 6.x
Handling Contributor 26th Apr, 2010 12:26
Score: 11630
Posts: 8,917
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Because it is not patched & never will be. The key is a partition has NO EXPOSURE. No updaters can find unpatched programmes on a partition hence they are never updated which includes MS.


PSI scans all hard drives by default which is fairly unique hence it is finding the vulnerability.

The same rule applies with non partition hard drives with back up data. & folder i386. They can all be ignored.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
gjjean RE: Microsoft XML Core Services (MSXML) 6.x
Contributor 26th Apr, 2010 12:39
Score: 192
Posts: 197
User Since: 9th Apr 2010
System Score: 100%
Location: LB
Thanks

--
HP pavilion DV6
Win 7 64bit - SP1
IE10 + MSSE4.3.215
Was this reply relevant?
+0
-0
ddmarshall RE: Microsoft XML Core Services (MSXML) 6.x
Dedicated Contributor 26th Apr, 2010 13:41
Score: 1205
Posts: 957
User Since: 8th Nov 2008
System Score: 98%
Location: UK
John

Manufacturers' recovery procedures vary. They are not part of Windows. For example, Dell used to use a version of Norton Ghost. Sometimes Windows can see the contents of the recovery partition, sometimes not.

--
This answer is provided ďas-is.Ē You bear the risk of using it.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services (MSXML) 6.x
Handling Contributor 27th Apr, 2010 09:19
Score: 11630
Posts: 8,917
User Since: 4th Jan 2009
System Score: N/A
Location: UK
@ddmarshall
This statement requires clarification.

"Sometimes Windows can see the contents of the recovery partition, sometimes not".

Given this thread is only advising on creating an ignore rule are U saying MS can remotely interrogate an OEM partition & remotely update it? If so the OEM(s) should be revealed so that reversal action on any ignore rule made by those using these PC's. If MS can do that so can anyone else with knowledge which makes these PC's vulnerable.

I believe U are saying that some OEM's allow users to open the partition & see what files are there which does not have security implications and really has nothing to do with answering this question:

"hi. ive looked at what you mean and the D drive is a partition (Recovery drive) so i checked the "Patched" section of secunia and as you state there are 2 programs.

One is located in C Drive (the same version as yours)

the other one is located in the D drive which shows version 3.xx etc

so its safe to ignore this insecure one then?

thanks buddy"




--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
ddmarshall RE: Microsoft XML Core Services (MSXML) 6.x
Dedicated Contributor 27th Apr, 2010 10:42
Score: 1205
Posts: 957
User Since: 8th Nov 2008
System Score: 98%
Location: UK
I was replying to gjjean's question about why his experience was different from the original poster's.

For clarification.

Microsoft never do anything to a recovery partition.
Recovery partitions are there so that OEMs do not have to supply a full copy of Windows on DVD and thus keep their prices down.
How the recovery process works is down to the OEM.
Usually the recovery partition is not visible when using Windows; i.e. it doesn't show up in Computer. However on some systems it is. The original poster's seems to be one of those.
Setting up an ignore rule for a recovery partition is perfectly safe.

--
This answer is provided ďas-is.Ē You bear the risk of using it.
Was this reply relevant?
+0
-0
g3ntyuk RE: Microsoft XML Core Services (MSXML) 6.x
Member 27th Apr, 2010 11:10
Score: 1
Posts: 7
User Since: 11th Jan 2008
System Score: 95%
Location: UK
Thanks for all the advice. Case closed :-)
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability