Ensuring that XML Core Services are patched - MSXML and Secunia

soccer97

Level 11
Thread author
Verified
May 22, 2014
517
MSXML Core Services v4.0 is one of the most unpatched software versions that has critical vulnerabilities. Secunia PSI detects it as unpatched which let to a rash of confusion (it particularly affects Windows 7 users). MSXML v4 SP2 was EOL'd - so Windows Update did not deliver patches for it. SP3 has to be manually installed , you have to reboot and then run Windows update again. Then the security patches will appear. Allegedly, this is particularly present when users have older software such as Quicken/QuickBooks, some HP products, etc. Regardless- Flexera (formerly Secunia) lists it as #2 out of the top 50 vulnerabilities as of March 2-016. You may want to look into getting it patched.


Note: make a restore point or backup first. The Secunia forums are helpful as there is a good bit of confusion. To the best of my knowledge- you need MSXML v4.0 SP3 parser. It's about a 2mb file as an MSI.

This is done at your own risk. Sorry- but I am just not an XML/compatibility expert and don't want to make anyone mad.

I imagine that Internet Explorer- and thus the code that is ised in Windows such as Office products can be affected. Once patched (if you do) If you Go into IE and click on Manage Add-ons- then Run without permission, you can likely see the MSXML 4 parser. Maybe it should be disabled. Most PC's also have v6 installed. Again, this is sort of an experimental work-around.

Top 10 External and Internal Vulnerabilities | Qualys, Inc.

Why Microsoft XML Core Services is the most exposed program on private PCs for 11 months running

https://secunia.com/?action=fetch&filename=secunia_vulnerability_review_2015_pdf.pdf

Vulnerability Review 2016 | Flexera Software



Download link below:

Read the release notes if you decide to patch (if you are affected):
Download MSXML 4.0 Service Pack 3 (Microsoft XML Core Services) from Official Microsoft Download Center
 
  • Like
Reactions: Logethica

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top