Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: .NET Framework 4.x - Suspect False Alerting

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
RxDdude .NET Framework 4.x - Suspect False Alerting
Member 28th Oct, 2010 08:42
Ranking: 4
Posts: 33
User Since: 20th Aug, 2009
System Score: N/A
Location: US
Last edited on 28th Oct, 2010 09:03

My last 2 scans (only) with PSI v1.5.0.2 have alerted on .NET Frameworks 1.1, 2.0, 3.0, and 4.0, in Windows XP Professional x86 (32-bit) SP3. There are various problems with these various warnings. This thread will address only 4.0, for which SA41751 is identified as the applicable Advisory.

The issue as I see it is, SA 41751 itself says, "The vulnerability only affects Microsoft .NET Framework 4.0 on the x64 and Itanium architectures."

It would be my contention that, therefore, this alert is a false alert for the given system, and Secunia PSI ought not to display an insecurity for the subject .NET Framework 4.0.30319.1.

FYI-1. When I accessed Microsoft Update on the web, it offered only 2 critical updates (see FYI-2., below) and two optionals, but nothing affecting .NET Framework 4.0; and I will note that Add/Remove programs shows that both .NET Framework 4 Client Profile and .Net Framework 4 Extended are installed, both are ID'ed in their Support Information popups as v4.0.30319, and for 4.0 Extended only, there is one patch installed, KB2416472. There is no patch available from Microsoft Update for the .NET v4.0 in Win XP Pro x86 SP3. Therefore, nothing can be done to patch this.

FYI-2. Windows' Automatic Updater and the Update website have repeatedly offered KB2418241 patch for .NET F'works 2.0 SP2 and 3.5 SP1, and also KB2416473 for 3.5 SP1, but nothing for 1.1, 3.0, or 4.0. These patches for 2.0 and 3.5 have failed of installation ever since they came out, i.e. approx. ten (10) tries. Is this possibly relevant?

Paths:
3.0.4506.2152 = D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
4.0.30319.1 = D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe

3.5 - SMSvcHost.* is not found in any subfolder. A/RP lists 3.5 SP1 with 2 Hotfixes KB953595 and KB958484 plus one Update KB963707.

With hope that this will be received as helpfully intended, it is requested that Secunia PSI definitions should be updated to remove the false alert when the installed OS is an x86 version, and, if I may venture to include this, PSI should alert me on the v3.5 - for the patches above.

--
R&DDude
========================================
All I really need to know in life, I learned from the
theory of relativity!
--------------------------------------------
“Everything should be completed as soon as possible.
And, not sooner.”
– attributed to Al Einstein
============================================
HP Pavilion a1020n / Win XP Pro SP3 (x86) / AMI BIOS 3.19
Intel P4 519J 3.06 GHz / 2 GB DDR2 PC-4200
140 GB free on System partition
Firefox 3.6.15 / NoScript 2.0.9.9 / M$ IE 8.0 (rarely used)
Comodo IS 2011 v5.3 / M$ Security Essentials v1.99.1103.0
============================================

mogs RE: .NET Framework 4.x - Suspect False Alerting
Expert Contributor 28th Oct, 2010 10:02
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello.
There have been various threads over recent weeks, concerning .NET problems...the general advice is to take as much time as possible in trying to unravel.
The following thread; and Maurice Joyce's post in particular, are a good place to start :
http://secunia.com/community/forum/thread/show/424...
Since then there have been further updates....the current arrangement for XP being as follows :-
2.0.50727.3618
3.0.4506.2152
4.0.30319.1
And of those, I'm assured, of .NET 4, there is no need.
I would advise reading thro' the foregoing first.
Hope this helps............regards,

--
Was this reply relevant?
+2
-0
Blue Zee RE: .NET Framework 4.x - Suspect False Alerting
Member 28th Oct, 2010 12:53
Score: 11
Posts: 4
User Since: 18th Oct 2010
System Score: 100%
Location: PT
Windows XP SP3

Went through the same pain and the only way I found to solve this was by uninstalling all versions of .NET Framework, using Aaron Stebner's .NET Framework Cleanup Tool to clean all remnants:
http://blogs.msdn.com/b/astebner/archive/2008/08/2...

Reinstalled .NET Framework (excluding version 4!) and finally got it sorted.

Couldn't find any other way.

--
Sometimes the alphabet starts with Z...
Was this reply relevant?
+2
-0
RxDdude RE: .NET Framework 4.x - Suspect False Alerting
Member 30th Oct, 2010 07:38
Score: 4
Posts: 33
User Since: 20th Aug 2009
System Score: N/A
Location: US
Mogs, thanks for the helpful inputs. I am not quite ready to ACCEPT because the issue isn't resolved until the false positive alert is resolved. I don't know, maybe you are official Secunia responder, maybe not. A couple of items -

1. It looks to me like this issue highlights a Bug that ought to be reported formally. Do you agree? If so, can you please advise me how to escalate a bug report, and to whom? I would like this thread to close, once we can post a statement of what the client needs to do, along with Secunia's action decision, positive or negative, and results of the client's experience with the suggested fix.

2. You gave a list of .NET Frameworks latest version numbers that is helpful, confirming that mine match yours, but the list omitted the .NET Framework v3.5. I cannot get my latest 3.5 version number from Add/Remove Programs just now because I am working just now in a Limited User Account in which Windows refuses me access to A/RP. I will post the 3.5 v-no. later if you choose not to.

3. Having scoured the Forum for answers on other issues, I have found it to be annoying when first a problem is reported, then in reply an expert offers suggestions, but no one ever reports whether the suggestions resolved the issue or not for the originator. This leaves uncertainties in the mind and inhibits (for me, at least) one's desire to follow the often arcane and time-consuming, detailed instructions of the expert.
(The sidebar does not show me an obvious Bug Reporting tool.) But enough on this. Please give me advice on reporting this bug to Secunia.

--
R&DDude
========================================
All I really need to know in life, I learned from the
theory of relativity!
--------------------------------------------
“Everything should be completed as soon as possible.
And, not sooner.”
– attributed to Al Einstein
============================================
HP Pavilion a1020n / Win XP Pro SP3 (x86) / AMI BIOS 3.19
Intel P4 519J 3.06 GHz / 2 GB DDR2 PC-4200
140 GB free on System partition
Firefox 3.6.15 / NoScript 2.0.9.9 / M$ IE 8.0 (rarely used)
Comodo IS 2011 v5.3 / M$ Security Essentials v1.99.1103.0
============================================
Was this reply relevant?
+0
-0
RxDdude RE: .NET Framework 4.x - Suspect False Alerting
Member 30th Oct, 2010 08:05
Score: 4
Posts: 33
User Since: 20th Aug 2009
System Score: N/A
Location: US
Last edited on 30th Oct, 2010 08:09
Blue Zee,

Thanks for the encouraging spirit of your suggestion. I agree that deploying Stebner's tool can be a necessary help. I had to use it last Winter, when Microsoft® patches refused to install, like this current pair, and I am thankful that the patches did install OK after using the tool. I simply hope to avoid the long, drawn-out sequence and waste of time.

BTW, Stebner's blog advises that he has recently updated the Cleanup Tool to add Microsoft® Framework v4.0 to its repertoire. I downloaded the new tool but haven't run it yet.

Stebner repeats his warning that the Cleanup Tool is not for casual use. I am so tired of these Microsoft® patches that fail to install cleanly without giving adequate clues for understanding of what happened. And now it is repeating, nearly a year later, and there is still no good reason being offered. Error 0x643 & 0x64c & 0x645 are opaque answers.

I don't like having to set off the dynamite to open the car's door when we can't find the combination for the entry keypad. I do not like having to uninstall all those Microsoft® .NET Frameworks with A/RP, one at a time, and then re-install each, and then try to install the patches and when they fail, go into Stebner's Cleanup Tool and uninstall the Microsoft® .NET Frameworks again,and then, re-install them again, and then run the patches again, and having them to fail after all that is an ugly prospect. But, what can be said? after all, it is Microsoft® software.

And, of course, the patches in question are not supposed to have any effect upon the Microsoft® .NET Framework v4.0, which is the object of the false alert by PSI and subject of this thread. So expending all that effort and time would seem unlikely to cure the issue. It is however, maddening to contemplate, that Microsoft® software being what it is, this might be the ONLY way to cure the issue. Grr-r-r-r.

Take care.

--
R&DDude
========================================
All I really need to know in life, I learned from the
theory of relativity!
--------------------------------------------
“Everything should be completed as soon as possible.
And, not sooner.”
– attributed to Al Einstein
============================================
HP Pavilion a1020n / Win XP Pro SP3 (x86) / AMI BIOS 3.19
Intel P4 519J 3.06 GHz / 2 GB DDR2 PC-4200
140 GB free on System partition
Firefox 3.6.15 / NoScript 2.0.9.9 / M$ IE 8.0 (rarely used)
Comodo IS 2011 v5.3 / M$ Security Essentials v1.99.1103.0
============================================
Was this reply relevant?
+0
-0
mogs RE: .NET Framework 4.x - Suspect False Alerting
Expert Contributor 30th Oct, 2010 10:00
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello again FallingRock.
Firstly....Secunia Officials are those with the title coloured Secunia red. You can direct a thread to, on the forum if you wish. You can also contact support@secunia.com at any time to report a matter.
I can understand your disgruntlement with regard to your .NET 4 problem...tho' I'm not exactly sure of where you're at with it. Have you now in fact removed .NET 1 and .4 : as you say the versions correspond to those previously given ?
As you can see from my details below, I use Vista......I too at one time had .NET 3.5 showing: it disappeared a while ago when updated....I have no info regarding a version number for such, to be able to confirm/correlate. One reason why having referred earlier to Maurice's post for background.
It is up to the originator of a thread to show that a matter has been resolved....very often tho': in very many instances; they are heard no more of......a disatisfying scenario for helpers too.
Wherever possible, helpers try to guide to solutions/info that have been found to work....not a perfect system maybe...but the overall success of the forum seems quite phenomenal to me.
I hope the foregoing is of some use and you find it possible to move on with it......regards,

--
Was this reply relevant?
+2
-1

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer