Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: Insecure File MS Data Access Components 2.x
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
PSI
| StevenYork | Insecure File MS Data Access Components 2.x |
|---|---|
 |
25th Nov, 2008 13:51 |
|
Ranking: 0 Posts: 9 User Since: 25th Nov, 2008 System Score: N/A Location: US |
When I go to the settings tab and uncheck Show only "Easy-to-Patch" programs, I get information that the file Microsoft Data Access Components (MDAC) 2.x (CAT. 4 THREAT) is insecure and that I should go to and download a Microsoft Knowledge Base (KB) to correct this. When I do so, Microsoft says I have already downloaded this KB or a more current one. I wonder what the problem is. Does anyone have an answer? |
| mapych | RE: Insecure File MS Data Access Components 2.x | ||||||||
|
|
27th Nov, 2008 23:19 | ||||||||
| Score: 0 Posts: 47 User Since: 27th Nov 2008 System Score: N/A Location: N/A |
There are many versions of MDAC containing many different DLLs. Normally Windows Update takes care of updating the version you have. But sometimes bad written Setup packages are installing DLLs which belong to older MDAC version (the VisualBasic 6 Setup packager does it all the time). You then get a mix of MDAC versions on your PC. This explain why PSI tells you to update when you already are uptodate. To find the MDAC DLLs which have nothing to do on your PC, I can only recommend you to use the "Component Checker" which can be downloaded at this MS MDAC Web Page: http://msdn.microsoft.com/en-us/data/aa937730.aspx I tried once a commercial MDACfixer software to clean the MDAC mess on my PC, but it didnt found anything to fix. This programm will give you are report of all MDAC files found on your PC. You have then to click on "details" to see the file versions. Then it is up to you to remove "manually" the files which are "really" too old, or have a version which "really" does not match the current installed MDAC version. By the way, the current MDAC version number can always be found in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataAccess\ |
||||||||
|
|||||||||
| StevenYork | RE: Insecure File MS Data Access Components 2.x | ||||||||
|
|
28th Nov, 2008 00:38 | ||||||||
| Score: 0 Posts: 9 User Since: 25th Nov 2008 System Score: N/A Location: US |
Thanks mapsych. That worked. | ||||||||
|
|||||||||
| mapych | RE: Insecure File MS Data Access Components 2.x | ||||||||
|
|
28th Nov, 2008 01:13 | ||||||||
| Score: 0 Posts: 47 User Since: 27th Nov 2008 System Score: N/A Location: N/A |
thanks for your feedback | ||||||||
|
|||||||||
| TiPunK | RE: Insecure File MS Data Access Components 2.x | ||||||||
|
|
4th Dec, 2008 23:16 | ||||||||
| Score: 0 Posts: 4 User Since: 27th Nov 2008 System Score: 100% Location: FR Last edited on 5th Dec, 2008 00:00 |
Could you help me explaining step by step what will I have to do to delete the old MDAC version ? The actual version on my computer (Windows XP Pro SP3 French) is 2.81.1132.0 The wrong version of MDAC is located by Secunia on the following directory : XXX:\Program Files\Fichiers communs (eq. Common Files)\System\ado I found the msadox.dll which is aimed by Secunia, but I'm unable to delete it. Everytime I try, the file appears again. I've done a Component Checker against my version 2.81.1132.0 I've done some screenshots to help you in your help, and I joined the XML generated by Component Checker into the same place. You'll find them at http://tipunk.free.fr/MDAC Thanks a lot. -- /me is on line... |
||||||||
|
|||||||||
| StevenYork | RE: Insecure File MS Data Access Components 2.x | ||||||||
|
|
5th Dec, 2008 00:58 | ||||||||
| Score: 0 Posts: 9 User Since: 25th Nov 2008 System Score: N/A Location: US |
What I ended up doing is leaving well enough alone. When you click the insecure tab and the + mark beside the file, a page opens up. At the bottom, just click the ignore (or whatever it's called) icon. Then just follow the instructions. The MSDA 2.x files where you found them are so called backups and cause no harm. When you have completed the above, Secunia will ignore that file in the future. Do this only after you have tried to download an update from MS. If it says your version is the latest one available, then do the above. If your file is out of date, MS will update the file. And then you should not have to do anything further except run Secunia scan again to ensure that it no longer finds the insecure file. If it still does, then use the ignore steps above. | ||||||||
|
|||||||||
| mapych | RE: Insecure File MS Data Access Components 2.x | ||||||||
|
|
5th Dec, 2008 02:02 | ||||||||
| Score: 0 Posts: 47 User Since: 27th Nov 2008 System Score: N/A Location: N/A |
You could ignore the PSI warning, because your MDAC files seems very modern! the files v2.81.1117 came with the SP2 of XP see: http://support.microsoft.com/kb/899456 the more modern files v2.81.1132 came with some other update, which did not update all the MDAC files. the msadox.dll file you have seems to have v2.81.1132 according to your screenshots. so this version is not "old". I found only one reference about a higher version msadox.dll in a MS hotfix article, which speaks about msadox.dll v2.81.1135 as you certainly know, hotfixes should only be installed if you experience the specific problem described in the article. I have no idea what PSI expects you to install to be happy... normally windows update takes care to install the needed patches and updates, even for MDAC dlls. have you tried to stop PSI totally, start it again, and then do a full scan. sometimes PSI changes its mind when doing this! |
||||||||
|
|||||||||
| TiPunK | RE: Insecure File MS Data Access Components 2.x | ||||||||
|
|
5th Dec, 2008 02:10 | ||||||||
| Score: 0 Posts: 4 User Since: 27th Nov 2008 System Score: 100% Location: FR Last edited on 5th Dec, 2008 12:09 |
I tried to click ignore, but after each scan it still remains. I followed the instructions, my version is up to date, it's the latest available as said Microsoft. That's the reason of my post, I'm up to date for each of my programs, and this is the only one which, beeing up to date, still remains even if I ignore it. I'll try to reboot PSI now... [Edit] PROBLEM RESOLVED !!! Well Done ! I can ignore it now ;) Nice job ! Thanks a lot. -- /me is on line... |
||||||||
|
|||||||||
| StevenYork | RE: Insecure File MS Data Access Components 2.x | ||||||||
|
|
5th Dec, 2008 12:28 | ||||||||
| Score: 0 Posts: 9 User Since: 25th Nov 2008 System Score: N/A Location: US |
Good. Thanks for the feedback. | ||||||||
|
|||||||||
| TiPunK | RE: Insecure File MS Data Access Components 2.x | ||||||||
|
|
5th Dec, 2008 14:09 | ||||||||
| Score: 0 Posts: 4 User Since: 27th Nov 2008 System Score: 100% Location: FR |
You're welcome -- /me is on line... |
||||||||
|
|||||||||
| Tinker001 | RE: Insecure File MS Data Access Components 2.x | ||||||||
|
|
30th Dec, 2008 02:17 | ||||||||
| Score: 0 Posts: 3 User Since: 2nd Nov 2008 System Score: N/A Location: N/A |
I have the same issue I get the message: This installation of Microsoft Data Access Components (MDAC) 2.x is insecure and potentially exposes your system to security threats!" Problem is I am on Service Pk 3 and there is not Service Pack 3 updates. |
||||||||
|
|||||||||
| TiPunK | RE: Insecure File MS Data Access Components 2.x | ||||||||
|
|
30th Dec, 2008 10:23 | ||||||||
| Score: 0 Posts: 4 User Since: 27th Nov 2008 System Score: 100% Location: FR |
Try to follow what I've done, I was on sp3 too... -- /me is on line... |
||||||||
|
|||||||||
