Forum Thread: Updating Microsoft Data Access Components 2.x

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

This thread has been marked as locked.
jware5558 Updating Microsoft Data Access Components 2.x
Member 9th Dec, 2008 20:40
Ranking: 0
Posts: 15
User Since: 23rd Feb, 2008
System Score: N/A
Location: US
Secunia has identified as Microsoft Data Access Components 2.x as insecure on my computer. I have run the patch listed by Secunia several times but it has not removed the problem. The Secunia note states that this problem is usually resolved by running Microsoft Windows updates, which I do religiously (automatic update), but that also has not solved the problem. Can anyone assist?

mapych RE: Updating Microsoft Data Access Components 2.x
Member 10th Dec, 2008 13:59
Score: 0
Posts: 47
User Since: 27th Nov 2008
System Score: N/A
Location: CH
If you go to All Threads an make a search with MDAC, you will find out you are not alone with this problem.

You can read the other MDAC threads to see if a solution apply to you.

If not, it would be interesting to tell us which file PSI detects as been outdated.
Was this reply relevant?
+0
-0
jware5558 RE: Updating Microsoft Data Access Components 2.x
Member 12th Dec, 2008 00:36
Score: 0
Posts: 15
User Since: 23rd Feb 2008
System Score: N/A
Location: US
I looked at the MDAC threads under All Threads but, frankly, I'm a little lost given the amount of technical material in the threads. PSI identied the MDAC 2.x version as 2.81.1117.0. Could you walk me through how to identify the appropriate MDAC that I need to delete and how to do it?
Thanks
Was this reply relevant?
+0
-0
mapych RE: Updating Microsoft Data Access Components 2.x
Member 12th Dec, 2008 01:13
Score: 0
Posts: 47
User Since: 27th Nov 2008
System Score: N/A
Location: CH
It is true that Windows Updates takes care to update your MDAC files.
Sometimes through a big service pack, sometime through monthly fixes.

If you applied all windows updates, this means that your MDAC files (10-20 DLLs or so) are now at version 2.81.x (if you have Windows XP).

Sometimes, when you install third party applications (not MS), they install DLLs on your PC which are part of MDAC. If these files are copied outside of c:\Windows\System32 or c:\Program Files\Common Files\System, Windows doesn't take care of updating them.

So it would be interesting to know which MDAC file(s) PSI thinks are not uptodate on your machine.

Was this reply relevant?
+0
-0
jware5558 RE: Updating Microsoft Data Access Components 2.x
Member 13th Dec, 2008 05:10
Score: 0
Posts: 15
User Since: 23rd Feb 2008
System Score: N/A
Location: US
The installation path is c:\i386\msadox.dll. Does that help?
Was this reply relevant?
+0
-0
This user no longer exists RE: Updating Microsoft Data Access Components 2.x
Member 13th Dec, 2008 07:46
on 13th Dec, 2008 05:10, jware5558 wrote:
The installation path is c:\i386\msadox.dll. Does that help?

My msadox.dll is 2.81.1132.0 in C:\WINDOWS\ServicePackFiles\i386, C:\WINDOWS\system32\dllcache and C:\WINDOWS\CommonFile\ado only.
Was this reply relevant?
+0
-0
mapych RE: Updating Microsoft Data Access Components 2.x
Member 13th Dec, 2008 17:13
Score: 0
Posts: 47
User Since: 27th Nov 2008
System Score: N/A
Location: CH
on 13th Dec, 2008 05:10, jware5558 wrote:
The installation path is c:\i386\msadox.dll. Does that help?

In this case, the file itself, or the whole directory c:\i386 can be put on the ignore list.

c:\i386 is a windows source installation directory.
This kind of directory never gets updated (normally).
So your msadox.dll file will stay outdated forever.
It is not used/active anyway !
Was this reply relevant?
+0
-0
mapych RE: Updating Microsoft Data Access Components 2.x
Member 13th Dec, 2008 18:06
Score: 0
Posts: 47
User Since: 27th Nov 2008
System Score: N/A
Location: CH
on 13th Dec, 2008 07:46, wrote:
My msadox.dll is 2.81.1132.0 in C:\WINDOWS\ServicePackFiles\i386, C:\WINDOWS\system32\dllcache and C:\WINDOWS\CommonFile\ado only.


The first directory has been created by the last Service Pack Installation. It will only be updated the next time MS will publish a service pack.

The second directory contains backup copies of important windows files in case files like the one in the third directory gets deleted.

because your MDAC file versions seems current, I would try first to call windows update, to check if there is really nothing more to update.

then I would reboot, and let PSI do a full scan.
Was this reply relevant?
+0
-0
jware5558 RE: Updating Microsoft Data Access Components 2.x
Member 24th Dec, 2008 01:23
Score: 0
Posts: 15
User Since: 23rd Feb 2008
System Score: N/A
Location: US
on 13th Dec, 2008 17:13, mapych wrote:
In this case, the file itself, or the whole directory c:\i386 can be put on the ignore list.

c:\i386 is a windows source installation directory.
This kind of directory never gets updated (normally).
So your msadox.dll file will stay outdated forever.
It is not used/active anyway !

Was this reply relevant?
+0
-0
jware5558 RE: Updating Microsoft Data Access Components 2.x
Member 24th Dec, 2008 01:25
Score: 0
Posts: 15
User Since: 23rd Feb 2008
System Score: N/A
Location: US
So if the directory is inactive and never gets updated anyway, as you indicated in your comment, then I should be able to delete it from PSI and ignore it, correct? I assume it is not a security threat. I still have a question as to why PSI continues to identify this directory file as an insecure file requiring an update (which I have tried numerous time without result)>
Was this reply relevant?
+0
-0
jware5558 RE: Updating Microsoft Data Access Components 2.x
Member 24th Dec, 2008 01:26
Score: 0
Posts: 15
User Since: 23rd Feb 2008
System Score: N/A
Location: US
Please see my comment above to your previous post on this issue.

Thanks
Was this reply relevant?
+0
-0
mapych RE: Updating Microsoft Data Access Components 2.x
Member 28th Dec, 2008 14:02
Score: 0
Posts: 47
User Since: 27th Nov 2008
System Score: N/A
Location: CH
on 24th Dec, 2008 01:25, jware5558 wrote:
So if the directory is inactive and never gets updated anyway, as you indicated in your comment, then I should be able to delete it from PSI and ignore it, correct? I assume it is not a security threat.

This i386 directory is useful if you want to add some rarely used windows component after the initial installation (IIS, etc). it can be useful to build a BartPE recovery CD too.
But apart of that you could put it in the PSI ignore list.
If you want to be on the secure side, you could burn a CD with the i386 directory, and then delete this i386 directory.
If Windows really needs something from there you will be able to give the path to the CD-ROM then.

on 24th Dec, 2008 01:25, jware5558 wrote:
I still have a question as to why PSI continues to identify this directory file as an insecure file requiring an update (which I have tried numerous time without result)>

IMO I think it is because the PSI detection algorithm does not take the risk to ignore something which could be in 1% of the case a malign i386 directory (something else which tries to hide inside a i386 named directory).
Was this reply relevant?
+0
-0
jware5558 RE: Updating Microsoft Data Access Components 2.x
Member 1st Jan, 2009 20:39
Score: 0
Posts: 15
User Since: 23rd Feb 2008
System Score: N/A
Location: US
Thank all who responded to my questions. I have followed your advice and solved my PSI security issues--I now have a 100% PSI security rating. Excellent product and good way to get answers using the forum. Thanks again.
Was this reply relevant?
+0
-0

This thread has been marked as locked.