Forum Thread: False alarm on Windows XP?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft XML Core Services (MSXML) 4.x

This thread has been marked as locked.
cvalde False alarm on Windows XP?
Member 28th Aug, 2012 07:23
Ranking: 11
Posts: 22
User Since: 30th Jul, 2009
System Score: N/A
Location: CL
Hello, this is what PSI says

---START---

Program Name:
Microsoft XML Core Services (MSXML) 4.x

Security State:
Insecure

Download Link:
https://dl.secunia.com/SPS/MSXML_4.30.2100.0_SPS.e...

Instances Found:
D:\WINDOWS\system32\msxml4.dll, version: 4.20.9876.0

Last System Scan (localtime):
27. Aug 2012, 23:43

Operating System:
Microsoft Windows XP Professional,

---END---

I have Windows XP SP3, I have this on my system
http://www.microsoft.com/en-us/download/details.as...
and I have
http://www.microsoft.com/en-us/download/details.as...
that's the latest update I can find. How does it happen that PSI still reports a problem?

MBSA 2.2 found nothing.
Windows Update found nothing.

Please explain if there's a problem in PSI's detection logic, because I see many threads asking for explanations about the same issue.

Claudio.

C.

cvalde RE: False alarm on Windows XP?
Member 28th Aug, 2012 07:26
Score: 11
Posts: 22
User Since: 30th Jul 2009
System Score: N/A
Location: CL
I forgot to say: the download offered by Secunia doesn't work: it stalls at the beginning and it remains in this state until I cancel it.
Moreover, I'm not sure this URL is for Windows XP.
Thanks.
Claudio.
Was this reply relevant?
+0
-0
Maurice Joyce RE: False alarm on Windows XP?
Handling Contributor 28th Aug, 2012 08:46
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
What do U use your D drive for?

If it is solely used for back up or is an OEM reinstallation partition U should create a permanent ignore rule for that drive.

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
cvalde RE: False alarm on Windows XP?
Member 28th Aug, 2012 08:58
Score: 11
Posts: 22
User Since: 30th Jul 2009
System Score: N/A
Location: CL
Hello.
D is the operating system drive, so it's not wise to ignore it until I understand why PSI is nitpicking. Thanks.
Was this reply relevant?
+0
-0
Maurice Joyce RE: False alarm on Windows XP?
Handling Contributor 28th Aug, 2012 09:33
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
If that is your main operating system then I fail to see why PSI is nit picking.

It has found this file on that drive:

D:\WINDOWS\system32\msxml4.dll, version: 4.20.9876.0

To be secure it should be version 4.30.2114.0

If,as suggested by you, this up to date version was installed manually onto drive D http://www.microsoft.com/en-us/download/details.as... & was updated with this http://www.microsoft.com/en-us/download/details.as... via Windows Update then the old file was not overwritten by Microsoft.

In this instance it should be removed manually but such an approach is unique.

I have mainly dealt with this issue on the Forum. From where I sit all are fixed except for:

a. One lady who would rather blame everything rather than get on with it.

b. A new case, other than yours, that is pending.

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+2
-0
cvalde RE: False alarm on Windows XP?
Member 28th Aug, 2012 22:48
Score: 11
Posts: 22
User Since: 30th Jul 2009
System Score: N/A
Location: CL
Hello, Maurice.
I think that by today, most strange problems users noticed are solved.
First, I was (finally) able to download the file offered by Secunia.
After installing it, Windows Update found a security problem, then I downloaded the latest patches for XML services 3, 4 and 5. At least one of them had been updated very recently.
Installed them all and now Secunia says I'm 100% partched.
We are in peace now. :-)

What I don't understand is this assessment the program does:

How secure is your PC compared to users from the rest of the world?
User Type Difference
Average user with Secunia PSI: 0%
Average user without Secunia PSI: +15%

What is the correct thread to ask about it? I find strange that users without Secunia PSI are 15% more secure.

Thanks.
Claudio.
Was this reply relevant?
+0
-0
Maurice Joyce RE: False alarm on Windows XP?
Handling Contributor 28th Aug, 2012 23:09
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Please to see MSXML is fixed.

I would write to Secunia at support@secunia.com if you want a detailed explanation on your question.

I have never really got my head around it. As long as I am secure I have little interest in gimmicks like that which does nothing for individual security.

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0

This thread has been marked as locked.