Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Insecure program (security threat0

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft Windows XP Professional

This thread has been marked as locked.
Pockets Insecure program (security threat0
Member 12th Aug, 2010 11:28
Ranking: 2
Posts: 12
User Since: 29th Jan, 2009
System Score: N/A
Location: N/A

PSI lists the following - Microsoft Windows XP Professional Category 4 threat

As there are no updates or patches available I presume that it is trying to tell me I need to update to Windows 7 - is my presumption correct???

This user no longer exists RE: Insecure program (security threat0
Member 12th Aug, 2010 12:15
Hi,

The PSI is not trying to tell you to update to Windows 7. The PSI does not offer or suggest updates from one operating system to another, but only from insecure to secure versions. Keep in mind that most Microsoft updates require a reboot before "kicking in".

Please try this procedure for updating Microsoft programs:
1) Install all available patches from Microsoft Update (click the solution button in the PSI)
2) Reboot
3) If any patches were installed, check Microsoft update again.
4) If any patches was installed this time, restart from step 2.
5) Rescan with the PSI

hope this helps.
Was this reply relevant?
+0
-0
Pockets RE: Insecure program (security threat0
Member 12th Aug, 2010 15:37
Score: 2
Posts: 12
User Since: 29th Jan 2009
System Score: N/A
Location: N/A
Hi Emil

I have tried the options you outlined previously - there was only one update download that was offered by Microsoft and that was - Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906) which had a download size of 0Kb (dated 13/7/2010)

It goes through the process of downloading the empty file and also goes through the install process but obviously fails to install so comes up with the message that the update was not installed.

That is the only update offered so whether the inability to install it is reason for PSI picking up the the problem.

I have since checked the Microsoft site which leads to a recommendation to use a dotnetfx cleanup tool.

The tool readme file warns that it is a last resort option as it will remove shared files so the other versions of NET.Framework would need repair afterwards - do you reckon I should try this???
Was this reply relevant?
+0
-0
This user no longer exists RE: Insecure program (security threat0
Member 13th Aug, 2010 09:16
Last edited on 13th Aug, 2010 09:16 Hi,

Did you reboot and rescan? XP shouldn't be shown as insecure if you've deployed all available patches.

As for whether or not to start deleting the old files, I'm afraid you're going to have to rely on Microsoft's wisdom. Secunia is not involved with the development or maintenance of Microsoft patches.

If you decide to remove any files, or take other action, it happens at your own risk. All I can do is recommend you contact Microsoft support if you encounter difficulties.

Please don't hestitate to ask if you have any problems or questions.
Was this reply relevant?
+0
-0
Pockets RE: Insecure program (security threat0
Member 13th Aug, 2010 09:25
Score: 2
Posts: 12
User Since: 29th Jan 2009
System Score: N/A
Location: N/A
Hi Emil

Yes I did reboot and rescan with the same result - insecure.

The download showing 0KB in Net .Framework 1.1 should have had a file showing 13.5Mb and as a result the empty download keeps popping up on my taskbar.

I am in the process of resolving the NET .Framework problems and will advise the result in case others are faced with the same problem.

Thanks
Was this reply relevant?
+0
-0
Pockets RE: Insecure program (security threat0
Member 13th Aug, 2010 10:18
Score: 2
Posts: 12
User Since: 29th Jan 2009
System Score: N/A
Location: N/A
Hi Emil

I went to Control panel - add and remove programs and did a repair to all versions of NET .Framework then rebooted and rescanned in PSI - the security problem was resolved in Microsoft XP SP3.
Was this reply relevant?
+0
-0
Anthony Wells RE: Insecure program (security threat0
Expert Contributor 13th Aug, 2010 12:46
Score: 2414
Posts: 3,310
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 13th Aug, 2010 12:51

Hello Pockets ,

Websearch of your KB 979906 shows a history of not loading and being re-offered by/at M$ updates .

The 0kb's may not be relevant as a download often shows as such in it's initial location and the full MB's show up after the first system based operation - that's what I have been told .

Glad you have fixed your problem ; if you have spare time , there is a lot more detail in this thread on the same problem (if you scroll thru') and links to follow which get you to Maurice Joyce's excellent advice on .NET and Aaron Stebner's Clean UP Tool should you need future assistance :-

http://secunia.com/community/forum/thread/show/507...

As Emil says , it's your own risk when it comes to .NET

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
Pockets RE: Insecure program (security threat0
Member 13th Aug, 2010 15:16
Score: 2
Posts: 12
User Since: 29th Jan 2009
System Score: N/A
Location: N/A
Hi Anthony

Thanks for that info Maurice Joyce's comments are interesting and the links - I had already downloaded the dotnetfx cleanup tool in case I needed it.

All's well that ends well - until the next time.

Cheers Pockets
Was this reply relevant?
+0
-0
Pockets RE: Insecure program (security threat0
Member 14th Aug, 2010 11:47
Score: 2
Posts: 12
User Since: 29th Jan 2009
System Score: N/A
Location: N/A
Incidentally - I ended up having to reinstall NET .Framework 1.1 using dotnetfx on my operating system CD as I kept getting the Microsoft update request with the 0Kb nag - after the reinstall the update was successful.
Was this reply relevant?
+1
-0
Anthony Wells RE: Insecure program (security threat0
Expert Contributor 14th Aug, 2010 12:17
Score: 2414
Posts: 3,310
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello Pockets ,

Thank you for reporting back with all the extras ; any tips or wrinkles may help our/everyone's understanding (?) of the taming of the beast :)

The actual structure of .NET Framework must be a wonder to behold , but without the manual (if it exists) a trail of breadcrumbs is maybe our only hope !!

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability