Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Microsoft XML Core Services (MSXML) 6.x Fix

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft XML Core Services (MSXML) 6.x

This thread has been marked as resolved.
KEVINWILLIAMSHT Microsoft XML Core Services (MSXML) 6.x Fix
Member 6th Feb, 2011 04:14
Ranking: 0
Posts: 5
User Since: 21st Apr, 2009
System Score: N/A
Location: N/A
Dear all:

I am not a computer guy, so I wasted a lot of time trying to download the fix for this one. The reason why I can not find the fix, there is none needed for a system running Windows Vista service pack 2.

Don't take my word for it, check I have not messed up and I do need a patch.
The link below will take you to the page, (why do we call it a page, surly we need new terminology) that tells you what to download depending on your windows system and service pack.

http://www.microsoft.com/technet/security/Bulletin...

Hope this helps someone.

Post "RE: Microsoft XML Core Services (MSXML) 6.x Fix" has been selected as an answer.
puget1 RE: Microsoft XML Core Services (MSXML) 6.x Fix
Member 6th Feb, 2011 04:51
Score: 0
Posts: 551
User Since: 21st Dec 2007
System Score: N/A
Location: US
Last edited on 6th Feb, 2011 05:12
Here is a forum about the requested info on what I believe you are stating . Have a read through.http://secunia.com/community/forum/thread/show/348... http://secunia.com/community/forum/thread/show/114...

****I GOT THE FIX****If you have all updates referred to in Microsoft security bulletin MS013. Then you are updated. What needs to be done to clear with Secunia and get your 100% is to uninstall Secunia, Restart to clear ocx files and remember to re-log to Secunia profiles as a current user. Secunia will perform a re-scan and pick up the correction giving you back your 100%. (It may have something to do with the new format.)

From what I remember:MSXML 6. was an old XP exe/dll and was not needed in Vista.

If this does not apply we need info ion your OS and what service packs you are running.

--
Windows Home Basic-Service Pack 2
Dell AMD Athlon 64x2 Processor 4000+ 2.10Ghz 2Memory 32 Bit

Firefox 27+ - MS Security Essentials+Spybot-Spyware Blaster-Malwarebytes-Emsisoft Malware- Sandboxie

IE 9-seldom












Was this reply relevant?
+1
-0
Maurice Joyce RE: Microsoft XML Core Services (MSXML) 6.x Fix
Handling Contributor 6th Feb, 2011 11:13
Score: 11620
Posts: 8,911
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Kevin,
Is PSI telling U that MSXML 6 is vulnerable? If so we need the path to it.

I wrote this some time ago as a solution for MSXML 4 issues. It also clears up all the theories being banded around about MSXML in general.

In a nutshell MSXML 6 is a core component of XP SP3,Vista & Windows 7 & is managed by Microsoft via Windows Update.

WINDOWS MSXML DETAILS

This gives an overview of MSXML & a fix for MSXML 4 problems.

MSXML 6.0.
+++++++++
MSXML6 is the latest MSXML product from Microsoft, and along with MSXML3 is shipped with Microsoft SQL Server 2005, Visual Studio 2005, .NET Framework 3.0, Windows Vista, Windows 7 and Windows XP Service Pack 3. It also has support for native 64-bit environments. It is an upgrade but not replacement for versions 3 and 4 as they still provide legacy features not supported in version 6. Version 6, 4, and 3 may all be installed and running concurrently. MSXML 6 is not supported on Windows 9x. Windows XP SP3 includes MSXML 6.0 SP2.

MSXML 5.0
+++++++++
MSXML5 is a binary developed specifically for Microsoft Office. It originally shipped with Office 2003 and also ships with Office 2007. Microsoft has not released documentation for this version as they consider it an internal/integrated component.

MSXML 4.0
+++++++++
MSXML4 was shipped as an independent, downloadable SDK targeted at Independent Software Vendors and third parties. It is an upgrade for but not a replacement to MSXML3 as version 3 still provides legacy features. Versions 4 and 3 may be run concurrently.

MSXML 4.0 SP3 is the most recent version released in March 2009, SP2 support expired in April 2010.

The download link is here:
http://www.microsoft.com/downloads/en/details.aspx...

PLEASE READ THE RELEASE NOTES - A download link to read them is on the same site.

If U do require to update your current MSXML4 Secunia picks it up as secure with version 4.30.2107.0 provided U have downloaded the additional patch via MS Update.

MSXML 3.0
+++++++++
MSXML3 is a current MSXML product, represented by msxml3.dll. MSXML 3.0 SP2 first shipped with Windows XP, Internet Explorer 6.0 and MDAC 2.7. Windows XP SP2 includes MSXML 3.0 SP5 as part of MDAC 2.81. Windows 2000 SP4 also ships with MSXML 3.0. By default, Internet Explorer version 6.0, 7.0 and 8.0 use MSXML 3 to parse XML documents loaded in a window. MSXML 3.0 SP7 is the last supported version for Windows 9x. Windows XP SP3 includes MSXML 3.0 SP9. Windows Vista includes MSXML 3.0 SP10 & Windows 7 has MSXML 3 SP11

Update 4 10:09 06/02/2011





--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
ddmarshall RE: Microsoft XML Core Services (MSXML) 6.x Fix
Dedicated Contributor 6th Feb, 2011 11:37
Score: 1205
Posts: 957
User Since: 8th Nov 2008
System Score: 98%
Location: UK
The link you posted is from 2006.

Why don't you post the path and version information for the program PSI was flagging up? Somebody may be able to explain it. It could be a backup or OEM copy or included in 3rd party software which is not being updated by Microsoft, for example.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
puget1 RE: Microsoft XML Core Services (MSXML) 6.x Fix
Member 6th Feb, 2011 13:36
Score: 0
Posts: 551
User Since: 21st Dec 2007
System Score: N/A
Location: US
Last edited on 6th Feb, 2011 13:44
@ Maurice Joyce

Question: weren't certain library files that were deemed as vulnerable and could be removed without interrupting the whole MSXML package? Such as msxml3.dll 8.90.1002.0 as I remember being one. As I remember there was a update to msxml6 with a patch in msxml14.

@KEVINWILLIAMSHT

So exactly what was your question. 1.Can't achieve 100% score with Secunia2. How to locate the exact file.

--
Windows Home Basic-Service Pack 2
Dell AMD Athlon 64x2 Processor 4000+ 2.10Ghz 2Memory 32 Bit

Firefox 27+ - MS Security Essentials+Spybot-Spyware Blaster-Malwarebytes-Emsisoft Malware- Sandboxie

IE 9-seldom












Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services (MSXML) 6.x Fix
Handling Contributor 7th Feb, 2011 08:43
Score: 11620
Posts: 8,911
User Since: 4th Jan 2009
System Score: N/A
Location: UK
@puget1

To be frank I am not too sure what the originator is telling us until such time that he clarifies if there is a problem with MSXML 6 & the path to it, which I requested.

Also unclear how your questions link to MSXML 6 or what MSXML "packages" U are referring to or MSXML 14. I have never heard of MSXML 14.

For solution purposes they should be treated as independent components as laid down in my previous post.



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
puget1 RE: Microsoft XML Core Services (MSXML) 6.x Fix
Member 7th Feb, 2011 11:27
Score: 0
Posts: 551
User Since: 21st Dec 2007
System Score: N/A
Location: US
Last edited on 7th Feb, 2011 11:31
@ Maurice Joyce
O.K. I meant MSXML4 anyway,it was certain files within the package that had become the vulnerabilities. To which I no longer have the file numbers to be dealt with in 6 Like I gave in MSXML3.. In either event he has the resources now to make a decision on what he wants to do.

--
Windows Home Basic-Service Pack 2
Dell AMD Athlon 64x2 Processor 4000+ 2.10Ghz 2Memory 32 Bit

Firefox 27+ - MS Security Essentials+Spybot-Spyware Blaster-Malwarebytes-Emsisoft Malware- Sandboxie

IE 9-seldom












Was this reply relevant?
+0
-0
KEVINWILLIAMSHT RE: Microsoft XML Core Services (MSXML) 6.x Fix
Member 7th Feb, 2011 15:23
Score: 0
Posts: 5
User Since: 21st Apr 2009
System Score: N/A
Location: N/A
Dear All:

Thank you for you help.

I thought I was actually posing a resolution, but now I am lost. I ended up ignoring the problem, because from what I was told, on the page to which I linked in the original post, I had a version that did not require an update.

So may have a problem, because I ignored it. Because I ignored it, I have no idea where it is now and can not find it.

All I can tell you is that the file was where it was expected to be if there was a problem, i.e. it is not a backup or a third party file.

Can someone tell me in simple terms:

If I have a configuration (Vista with service pack 2) that had been deemed by Microsoft not to require and update, am I safe in ignoring this problem.

Sorry for the delayed response and lack of knowledge on my part.

Was this reply relevant?
+0
-0

puget1

RE: Microsoft XML Core Services (MSXML) 6.x Fix
[+]
This reply has been minimised due to a negative Relevancy Score.
Maurice Joyce RE: Microsoft XML Core Services (MSXML) 6.x Fix
Handling Contributor 7th Feb, 2011 15:36
Score: 11620
Posts: 8,911
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Kevin,
What is important is to try & get U secure if U have a problem.

Open PSI>On the Dashboard click CONFIGURATION>Click SETTINGS>open the IGNORE RULE tab>take the tick (check mark) out of any programmes U have ignored.

Once done complete a FULL PSI rescan.

Are there any items showing as vulnerable (insecure)?

If so I require the paths to them.

FINDING A FILE PATH - PSI VERSION 2

From the DASHBOARD page click on SCAN RESULTS.

1. This will list all your programmes with a + to the left of each one.
2. Click the + sign next to the item that U want help with.
3. This will reveal the path under DETECTED INSTANCES.
4. Highlight it then copy (CTRL+C) then paste (CTRL+V)) that path back to the Forum.



ALL OTHER PSI VERSIONS

To locate the exact file that the Secunia PSI has detected, use or switch to the ADVANCED interface, then :

1 Click on the + sign of the programme to "expand' it.
2 Click on Technical Details in the Toolbox to see the installation path of the detected file. (Copy (CTRL+C) & paste (CTRL+V)) the Installation Path of the file back to the Forum.


Update 6 22:33 29/01/2011



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
KEVINWILLIAMSHT RE: Microsoft XML Core Services (MSXML) 6.x Fix
Member 7th Feb, 2011 16:06
Score: 0
Posts: 5
User Since: 21st Apr 2009
System Score: N/A
Location: N/A
Dear All:

Thanks again, the path is D:\\Windows\System32\msxml6.dll

Which is a little embarrassing, because D drive is my back up drive. So I have no problem.

Crap.

Thanks again for your help.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft XML Core Services (MSXML) 6.x Fix
Handling Contributor 7th Feb, 2011 17:15
Score: 11620
Posts: 8,911
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 7th Feb, 2011 17:15
That is correct therefore U were right in the first place by creating an ignore rule.

Pleased everything worked out for U. As my long post above suggests there are few problems with MSXML if U let Microsoft manage it via Windows Update & U do not tinker with it in Control Panel>add/remove or the Registry.

If all your problems are now resolved could U please lock (Accept) the thread. This will prevent us both from receiving update emails from "tag on" posts.



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability