Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: .NET Framework x,x pointing to KB978464 Sliverlight

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
amccombs .NET Framework x,x pointing to KB978464 Sliverlight
Member 11th May, 2011 12:55
Ranking: 0
Posts: 6
User Since: 11th May, 2011
System Score: N/A
Location: US
Last edited on 11th May, 2011 12:56

I have in my scan results insecure
Microsoft .NET Framework 2.x, 2.0.50727.4955
Microsoft .NET Framework 2.x, (64-bit) 2.0.50727.4955
Microsoft .NET Framework 3.x, 3.0.4506.4926

all 3 of them have
Microsoft Security Patches Not Installed:
KB978464

KB978464 is for Silverlight.3.0, not .NET Framwork.

If I tried to install KB978464, it will say that I already have a newer version of Sliverlight installed.

There are a couple bugs here, the one that I am pointing out is that PSI incorrectly points to the wrong KB article for the correct .NET Framework to manually install.

The last thing I installed was Visual Studio 2010 Ultimate. I am not convinced uninstalling it will fix my Frameworks.

Windows Update does not show that I need to update any Framwork or Silverlight.

I am running Windows 7 Ultimate x64

Maurice Joyce RE: .NET Framework x,x pointing to KB978464 Sliverlight
Handling Contributor 11th May, 2011 14:45
Score: 11297
Posts: 8,715
User Since: 4th Jan 2009
System Score: N/A
Location: UK
There is something amiss.

The latest version for .NET Framework for both 32 & 64 Bit on Windows 7 is:

2.0.50727.5420

Have U run MBSA to verify your hotfix installs?

MICROSOFT BASELINE SECURITY ANALYSER (MBSA)

If U are having difficulty confirming the status of Microsoft updates installed on your PC U may wish to install MBSA.

It scans a PC, highlights general security features that were checked, in particular missing Microsoft hot fixes (patches), with additional links to fixes or help lines.

More details & the download link are here:

http://technet.microsoft.com/en-us/security/cc1849...

Update 1 23:32 25/01/2011




--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-1
amccombs RE: .NET Framework x,x pointing to KB978464 Sliverlight
Member 12th May, 2011 01:40
Score: 0
Posts: 6
User Since: 11th May 2011
System Score: N/A
Location: US
Then that's another bug in PSI that it's reporting the current version being obsolete.

I don't see how installing Microsoft Baseline will help PSI from detecting the correct version installed on the machine, the current version available, and providing the correct KB articles.
Was this reply relevant?
+0
-0
Maurice Joyce RE: .NET Framework x,x pointing to KB978464 Sliverlight
Handling Contributor 12th May, 2011 07:47
Score: 11297
Posts: 8,715
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 12th May, 2011 08:04
Up to you. As far as I am concerned PSI is reporting correctly. Your .Net is out of date. MBSA will show you the way forward.

I will unsubscribe.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
This user no longer exists RE: .NET Framework x,x pointing to KB978464 Sliverlight
Member 12th May, 2011 08:55
Hi

It's usually not a good idea to contradict freely given help if you want it to continue.

Anyway, as for the aid on our behalf, try walking through these steps of our FAQ:
http://secunia.com/vulnerability_scanning/personal...

Hope this helps
Was this reply relevant?
+0
-0
amccombs RE: .NET Framework x,x pointing to KB978464 Sliverlight
Member 12th May, 2011 12:05
Score: 0
Posts: 6
User Since: 11th May 2011
System Score: N/A
Location: US
My posting is about what PSI is reporting, not about installing more and more software to guess or hope to fix my .NET as the .NET was fine last week without the MBSA.

Maurice, You posted earler that my .NET had the correct version, now you say it's PSI is correct, isnt that contridicting?

How is PSI giving me a KB978464 to Silverlight a fix for .NET? When it's not, I installed KB978464 and PSI still said that .NET was out of date with the current version.

E.Petersen, Are you reading faq#2, if Windows update says all files are up to date, then that would imply that 'critical' patches have already been installed, otherwise windows update would not say that all files are up to date.
Was this reply relevant?
+0
-0
Anthony Wells RE: .NET Framework x,x pointing to KB978464 Sliverlight
Expert Contributor 12th May, 2011 15:23
Score: 2371
Posts: 3,277
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 12th May, 2011 15:37
Hi ,

If Maurice is no longer subscribing to this thread , then let me answer for him . He clearly states (twice) that there appears to be a problem as the file numbers displayed by the PSI for .Net 2.0.x are not the latest :ie: you have posted version ......4955 and the latest/up to date version is .....5420 .

If the PSI is seeing these "insecure" versions on your machine , it may help to tell us where the PSI is "seeing" them ; click the [+] on the lhs of the programme display and tell us the detected instance pathway .

If two supposedly reliable people give one conflicting information , then I personally , would seek a second/third opinion . The MBSA will do that for you , I always use the (free) Belarc scanner :-

http://belarc.com/free_download.htm

The advice is free , use as you wish .

Take care

Anthony

PS : the FAQ item posted by Emil is done to ensure you have rebboted and run a full PSI scan to ensure all M$ updtaes have registered correctly ; perhaps you should reread it .

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0
amccombs RE: .NET Framework x,x pointing to KB978464 Sliverlight
Member 12th May, 2011 17:55
Score: 0
Posts: 6
User Since: 11th May 2011
System Score: N/A
Location: US
hello Anthony,

The only thing Maurice said twice was to install MBSA.

Is this the "insecure" that you are looking for?

.NET Framework 2.x
C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspn et_wp.exe, version 2.0.50727.4955


.NET Framework 2.x (64bit)
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\as pnet_wp.exe, version 2.0.50727.4955


.NET Framework 3.x
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe, version 3.0.4506.4926
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe, version 3.0.4506.4926




I ran MBSA, it said:
Security assessment:
Incomplete Scan (Could not complete one or more requested checks.)
IE9 and SP1 was not installed.
One of my hard drives is not formatted NTFS
Automatic updates are not Updated Automatically.
Passwords are non-expiring

SQLEXPRESS
something wrong with the service accounts
password policy non-expiring passwords

How does this MBSA report help?
http://www.filesonic.com/file/979966424/MBSA.txt


After running MBSA, I re-ran PSI, which now says all files are up-to-date, however it still shows the same versions of 4955, not 5420

Thanks,
Allan



Was this reply relevant?
+0
-0
Anthony Wells RE: .NET Framework x,x pointing to KB978464 Sliverlight
Expert Contributor 12th May, 2011 20:16
Score: 2371
Posts: 3,277
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello Allan ,

First things first , I am not looking for anything in particular , I was asking you to post the pathway(s) of the file(s) and programme(s) the PSI is/was displaying as "insecure" in it's results .

I was then giong to suggest that you double click the entry and post the "TroubleShoot report" from the "Toolbox" in the splash window ; that might have helped track down the Silverlight KB anomaly .

No point now that running the MBSA has resulted in that the PSI and M$ updates agree you are up to date with your "old" file version still in place .

If the PSI is now showing you as 100% secure/up to date , that seems to be good and I have nothing to add .

A minor point is that I would never normally download a file from a file sharing website from a someone I do not know and trust ; to help you , I checked out the report in a sandbox . The difficult bit (for me) is that I always use Belarc and am on XP and so do not use either MBSA or W 7 . I think there are a few points you need to take up with the experts ; what use is the report ?? Depends on what you do with it ; the person best placed to comment here on the Forum is not subscribing here to this thread .

You could post a Belarc report which I could comment on , but it will contain a lot of personal data which you should not post to an open Forum . So forget that option , except that I find the Belarc more intuitive for me so you might be able to gain something for yourself .

You could wait and see if a kind volunteer passes by with enough time/patience/tech knowledge to help out , but I think you would better find more help from the MBSA forum here :-

http://social.technet.microsoft.com/Forums/en-US/M...

I am finished here for today .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
amccombs RE: .NET Framework x,x pointing to KB978464 Sliverlight
Member 12th May, 2011 20:55
Score: 0
Posts: 6
User Since: 11th May 2011
System Score: N/A
Location: US
Thank you Anthony for your time.

-Allan
Was this reply relevant?
+0
-0
xyzzy RE: .NET Framework x,x pointing to KB978464 Sliverlight
Member 13th May, 2011 08:24
Score: -17
Posts: 39
User Since: 7th Mar 2008
System Score: 98%
Location: DE
Check out http://support.microsoft.com/kb/2446710 - this KB article contains version lists for various .NET files (among others 2.0.50727.5420 and 5444).
Was this reply relevant?
+0
-0
This user no longer exists RE: .NET Framework x,x pointing to KB978464 Sliverlight
Member 13th May, 2011 08:37
Last edited on 13th May, 2011 08:38 Hi,

on 12th May, 2011 12:05, amccombs wrote:
E.Petersen, Are you reading faq#2, if Windows update says all files are up to date, then that would imply that 'critical' patches have already been installed, otherwise windows update would not say that all files are up to date.


Please just step through the FAQ. If you do, I will be happy to give you a logical explaination of why this helps.

Otherwise I hope you figure something else out yourself.
Was this reply relevant?
+0
-0
xyzzy RE: .NET Framework x,x pointing to KB978464 Sliverlight
Member 15th May, 2011 16:48
Score: -17
Posts: 39
User Since: 7th Mar 2008
System Score: 98%
Location: DE
Looking at http://secunia.com/community/forum/thread/show/895... I guess that the odd KB 978464 "silverlight" is a typo and should be KB 976982 ".NET updates".
Was this reply relevant?
+1
-0
amccombs RE: .NET Framework x,x pointing to KB978464 Sliverlight
Member 15th May, 2011 17:15
Score: 0
Posts: 6
User Since: 11th May 2011
System Score: N/A
Location: US
That's what I having been saying. However, I don't think that's the correct KB either as PSI is flagging 2.x, 3.x and 4.x, and that ddmarshall's points to 1.1, 1.1SP1 and 3.5.
Was this reply relevant?
+0
-0
xyzzy RE: .NET Framework x,x pointing to KB978464 Sliverlight
Member 15th May, 2011 17:43
Score: -17
Posts: 39
User Since: 7th Mar 2008
System Score: 98%
Location: DE
I've tested various "FixIt" solutions on my boxes. Sometimes it didn't help, but so far "FixIt" never caused a problem: IMO you can simply try Microsoft Fix it 50123 as suggested in KB 976982, and then try WU (windows update) again. After all the .NET versions on your system are apparently not state of the art. You can also simply try a manual KB 2446710 installation if WU refuses to offer it.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability