Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Microsoft XML Core Services (MSXML) 6.x and how to Ignore

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft XML Core Services (MSXML) 6.x

This thread has been marked as locked.
Peter5 Microsoft XML Core Services (MSXML) 6.x and how to Ignore
Member 18th Aug, 2010 04:42
Ranking: 0
Posts: 4
User Since: 18th Aug, 2010
System Score: N/A
Location: PT
Hi,

First of all i want say that i love this program, and that i use it on all of my computers.
But recently Secunia detected a vulnerability in Microsoft XML Core Services (MSXML) 6.x, and i tried to update it using windows update, but windows update said that there were no more updates and then i saw in Secunia this message:
"Under normal circumstances it is possible to update this application using Microsoft Windows Update:
http://update.microsoft.com/microsoftupdate/

However, if after applying Windows Update the files still show up as insecure, please take note of the installation path of the inspected files. If the installation path does not begin with:

"[Drive letter]:\WINDOWS\system32"

then it is possible that the detected files are in backup locations (such as C:\i386) or were installed by a third-party program, not Microsoft.

If the files are located in backup locations, you can use the Ignore Directories & Paths option so that the Secunia PSI does not look in these locations. If you suspect that the files were installed by a third-party program, please contact the program vendor to get the secure version of these files"

The installation is in C:\x86\sources\msxml6.dll , so my question is: do i really should ignore it, and if so should the rule be c:\ msxml6.dll.

Many thanks

This user no longer exists RE: Microsoft XML Core Services (MSXML) 6.x and how to Ignore
Member 18th Aug, 2010 09:25
Hi,

When dealing with Microsoft Updates, you should keep in mind that frequently they don't "kick in" before a reboot. Therefore, the best procedure to follow when installing Microsoft Updates is:

1) Check Microsoft Update, install all important patches
2) Reboot
3) Repeat step 1, if anything was installed, repeat step 2
4) Rescan with the PSI

hope this helps.
Was this reply relevant?
+0
-0
ddmarshall RE: Microsoft XML Core Services (MSXML) 6.x and how to Ignore
Dedicated Contributor 18th Aug, 2010 11:51
Score: 1208
Posts: 959
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Last edited on 18th Aug, 2010 22:20
I have a C:\x86 folder on my laptop. It appears to be either a leftover from the OEM's installation process or it may be used by their factory reset procedure. It contains WIM files amongst other things.

I have an ignore rule of C:\x86\sources\

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
Peter5 RE: Microsoft XML Core Services (MSXML) 6.x and how to Ignore
Member 19th Aug, 2010 00:13
Score: 0
Posts: 4
User Since: 18th Aug 2010
System Score: N/A
Location: PT
Hi ,

I have this vulnerability for a long time, and only now that i am posting so i do not think the problem is with the reboot.
So should i use a rule like ddmarshall suggested. I have other folders and files in C:\86 like c:\86\boot; C:\86\efi ; C:\86\upgrade ;C:\86\support ; etc.
Will they still be scanned or it does not matter because they are WIM files.

Thanks


Was this reply relevant?
+0
-0
This user no longer exists RE: Microsoft XML Core Services (MSXML) 6.x and how to Ignore
Member 19th Aug, 2010 08:49
Hi,

Since this as an OEM directory, it should no longer be shown if you try a full rescan.

hope this helps.
Was this reply relevant?
+0
-0
Seadley RE: Microsoft XML Core Services (MSXML) 6.x and how to Ignore
Member 22nd Aug, 2010 23:46
Score: 9
Posts: 33
User Since: 12th Sep 2009
System Score: N/A
Location: US
Hi

Secunia points out I need to secure my version of msxml 6x.
I have 6.20.1076.0. There must be later versions?
If so, how do I get them from Microsoft?

My installation paths are :
C:\$INPLACE.~TR\Machine\DATA\Windows\SysWOW64\msxm l6.dll
C:\$INPLACE.~TR\Machine\DATA\Windows\System32\msxm l6.dll
(These two paths I cannot access)
and
C:\Windows.old\Windows\System32\msxml6.dll
D:\Windows\System32\msxml6.dll
I can access these files. The D drive is the recovery drive.

(I had msxml 4x sp2 as a problem but as I saw it was a program which is at the end of its life and it was in the 'old' section, I deleted it instead of upgrading to SP3) Is this OK? Or do I need 4 with SP3?

I think I am caught in the Vista/W7 update situation as I am running W7 Home Premium on top of Vista.

These are the last four insecure problems.
I would appreciate any help which can be given.

--
Secunia 3.0
Windows 7 SP1 64 Bit OS
Dell XPS M1530 Laptop 8GB RAM 128GB SSD
Was this reply relevant?
+0
-0
This user no longer exists RE: Microsoft XML Core Services (MSXML) 6.x and how to Ignore
Member 23rd Aug, 2010 09:33
Hi,

If you rescan your system, the entries of msxml that you cannot solve should have disappeared.

To update your other entries for MSXML, please try following this procedure:

1) Check Microsoft Update, installing all critical patches
2) Reboot
3) Repeat step 1, repeat step 2 if anything was installed at this point
4) Rescan with the PSI.

hope this helps.
Was this reply relevant?
+0
-0
ddmarshall RE: Microsoft XML Core Services (MSXML) 6.x and how to Ignore
Dedicated Contributor 23rd Aug, 2010 12:53
Score: 1208
Posts: 959
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Last edited on 23rd Aug, 2010 13:01
The Windows.old folder is created when you upgrade or reinstall Windows. It is used if you want to go back to the previous operating system or want to copy user files from the previous system. If you no longer need it, it can be deleted using the Disk Cleanup Utility.

http://windows.microsoft.com/en-US/windows7/How-do...


In the case of Recovery volumes these can safely be ignored- ignore rule D:\.
You should never try to alter them in any way.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
Seadley RE: Microsoft XML Core Services (MSXML) 6.x and how to Ignore
Member 24th Aug, 2010 00:12
Score: 9
Posts: 33
User Since: 12th Sep 2009
System Score: N/A
Location: US
Last edited on 24th Aug, 2010 00:16
@ERP - Thanks for your reply.
Rescanning did not help as the scan came back with the same 4 insecure listings.
Starting to check for updates to 6.20.1076.0, I checked the 'patched' programs and found I have both patched versions of 6.30.7600.16385.

@DDM - Thanks for your reply.
Following your suggestions i now have just two insecure programs listed.
C:\$INPLACE.~TR\Machine\DATA\Windows\SysWOW64\msxm l6.dll
C:\$INPLACE.~TR\Machine\DATA\Windows\System32\msxm l6.dll
These both refer to the 6.20.1076.0 version.
What do these paths mean ?
As I cannot access these files, is it OK to create an ignore rule for them ?

Also, (MSXML) 6x does not show up in the Control panel program listings.

Any further help in solving these last two pieces of my insecure program puzzle will be much appreciated.

Seadley
W7 Home Premium Upgrade 64 Bit


--
Secunia 3.0
Windows 7 SP1 64 Bit OS
Dell XPS M1530 Laptop 8GB RAM 128GB SSD
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services (MSXML) 6.x and how to Ignore
Handling Contributor 24th Aug, 2010 00:22
Score: 11711
Posts: 8,954
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Run the Windows Disk Clean Up utility.

Start>All Programs>Accessories>System Tools>Disk clean up.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
ddmarshall RE: Microsoft XML Core Services (MSXML) 6.x and how to Ignore
Dedicated Contributor 24th Aug, 2010 14:02
Score: 1208
Posts: 959
User Since: 8th Nov 2008
System Score: 98%
Location: UK
They are leftovers from the Windows 7 upgrade. Maurice is right as usual.

More details here:
http://www.howtogeek.com/howto/6685/what-are-the-i...

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+2
-0
Seadley RE: Microsoft XML Core Services (MSXML) 6.x and how to Ignore
Member 24th Aug, 2010 18:10
Score: 9
Posts: 33
User Since: 12th Sep 2009
System Score: N/A
Location: US
Thanks to both Maurice and DDM for putting me on the right track to clear up my two last insecure listings on my laptop.

Maurice for pointing out what to do.

DDM for guiding me to the 'howtogeek' article which specifically told me how to purge the files I needed to clear.

Until the next Secunia alert, my laptop is 'insecure' free.

This is the first time I have used the Forum.
Secunia and the Forum are great !

Thanks for the replies and for sharing your expertise.

Seadley

--
Secunia 3.0
Windows 7 SP1 64 Bit OS
Dell XPS M1530 Laptop 8GB RAM 128GB SSD
Was this reply relevant?
+0
-0
Peter5 RE: Microsoft XML Core Services (MSXML) 6.x and how to Ignore
Member 25th Aug, 2010 04:18
Score: 0
Posts: 4
User Since: 18th Aug 2010
System Score: N/A
Location: PT
Thanks, it worked. I did a new scan and it disappeared (the vulnerability ).
One last question, for example ,now i do not have any vulnerability to correct in Google chrome (everything is safe, adobe, quicktime,etc) does that mean that drive by downloads won´t work. That i can go to any site and i will not get infected by drive by download, only by social engineering (if i am using
Google chrome of course)

Many thanks
Was this reply relevant?
+0
-0
This user no longer exists RE: Microsoft XML Core Services (MSXML) 6.x and how to Ignore
Member 25th Aug, 2010 09:09
Hi,

The status of "Secure" is not an absolute promise of security. In fact, there is no such thing as absolute security.

The risk of unpatched vulnerabilities, or completely unknown ones, will always persist, when using any software. Your security depends on whether white hat security researchers, and the vendors, are ahead of the "bad guys" (ie. the people writing viruses and so on), though there are of course measures one can take to curb the risks of vulnerable software (MAC systems, sandboxing, etc).

However, your risk of getting infected in a drive-by is greatly reduced, as all patches that fix known vulnerabilities are installed when the PSI flags your application as "Secure".

hope this helps.
Was this reply relevant?
+0
-0
Anthony Wells RE: Microsoft XML Core Services (MSXML) 6.x and how to Ignore
Expert Contributor 25th Aug, 2010 10:51
Score: 2437
Posts: 3,323
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

@Peter5 ,

Adding to what Emil hes said , your Chrome tabs are individually sandboxed reducing a "download" risk , but a keylogger could probably still read your drive data out of the tab or an exploit might piggyback down on someting you choose .

No uncalled for risk is worth the nightmare of trying to clean up a serious malware infection or worse losing your ID ; safe browsing rules always !!

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0
Peter5 RE: Microsoft XML Core Services (MSXML) 6.x and how to Ignore
Member 26th Aug, 2010 01:41
Score: 0
Posts: 4
User Since: 18th Aug 2010
System Score: N/A
Location: PT
Thanks for the great support.
I got to say that this forum is as good as the product (Secunia PSI). :)

Many Thanks
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability