- Content source
- https://www.qualys.com/research/top10/2015/07/
MSXML Core Services v4.0 is one of the most unpatched software versions that has critical vulnerabilities. Secunia PSI detects it as unpatched which let to a rash of confusion (it particularly affects Windows 7 users). MSXML v4 SP2 was EOL'd - so Windows Update did not deliver patches for it. SP3 has to be manually installed , you have to reboot and then run Windows update again. Then the security patches will appear. Allegedly, this is particularly present when users have older software such as Quicken/QuickBooks, some HP products, etc. Regardless- Flexera (formerly Secunia) lists it as #2 out of the top 50 vulnerabilities as of March 2-016. You may want to look into getting it patched.
Note: make a restore point or backup first. The Secunia forums are helpful as there is a good bit of confusion. To the best of my knowledge- you need MSXML v4.0 SP3 parser. It's about a 2mb file as an MSI.
This is done at your own risk. Sorry- but I am just not an XML/compatibility expert and don't want to make anyone mad.
I imagine that Internet Explorer- and thus the code that is ised in Windows such as Office products can be affected. Once patched (if you do) If you Go into IE and click on Manage Add-ons- then Run without permission, you can likely see the MSXML 4 parser. Maybe it should be disabled. Most PC's also have v6 installed. Again, this is sort of an experimental work-around.
Top 10 External and Internal Vulnerabilities | Qualys, Inc.
Why Microsoft XML Core Services is the most exposed program on private PCs for 11 months running
https://secunia.com/?action=fetch&filename=secunia_vulnerability_review_2015_pdf.pdf
Vulnerability Review 2016 | Flexera Software
Download link below:
Read the release notes if you decide to patch (if you are affected): Download MSXML 4.0 Service Pack 3 (Microsoft XML Core Services) from Official Microsoft Download Center
Note: make a restore point or backup first. The Secunia forums are helpful as there is a good bit of confusion. To the best of my knowledge- you need MSXML v4.0 SP3 parser. It's about a 2mb file as an MSI.
This is done at your own risk. Sorry- but I am just not an XML/compatibility expert and don't want to make anyone mad.
I imagine that Internet Explorer- and thus the code that is ised in Windows such as Office products can be affected. Once patched (if you do) If you Go into IE and click on Manage Add-ons- then Run without permission, you can likely see the MSXML 4 parser. Maybe it should be disabled. Most PC's also have v6 installed. Again, this is sort of an experimental work-around.
Top 10 External and Internal Vulnerabilities | Qualys, Inc.
Why Microsoft XML Core Services is the most exposed program on private PCs for 11 months running
https://secunia.com/?action=fetch&filename=secunia_vulnerability_review_2015_pdf.pdf
Vulnerability Review 2016 | Flexera Software
Download link below:
Read the release notes if you decide to patch (if you are affected): Download MSXML 4.0 Service Pack 3 (Microsoft XML Core Services) from Official Microsoft Download Center