Microsoft XML Core Services vulnerability is still computer users face the biggest risk-vulnerability warning-the black bar safety net

ID MYHACK58:62201558236
Type myhack58
Reporter 佚名
Modified 2015-01-21T00:00:00


Recently reported, Microsoft XML Core Services vulnerability is still computer users face the biggest risk, and more than 4 3% of users are running a vulnerable version. Can you explain why these problems still exist as well as to alleviate the problem the best way?

Michael Cobb: the Secunia in the 2 0 1 4 in software vulnerabilities the second quarter report, Microsoft XML Core Services 4.0 (MSXML)is a U.S. computer users face the biggest risk. There are now multiple versions of MSXML, which is also 4. 0 version still constitutes a risk for one reason. MSXML 3.0 and MSXML 6.0 is Windows and IE is part of the MSXML 5.0 is installed in the Office 2 0 0 3 and 2 0 0 7. And MSXML 4.0 mainly for building XML-centric application developers. These applications will quietly install MSXML 4.0 as an appendage, but in 2 0 1 4 year 4 months, this version no longer under Microsoft Support, and will not receive any further security updates.

In the United States, 7 9% of computer users have installed MSXML 4.0, of which, 4 3% still in running vulnerability exists in the MSXML 4.0 SP2. Why is it so? With other included in the Microsoft product in MSXML, MSXML 4.0 is a separate launch, and is defined as a“tool”(helps to complete different task or a limited set of task utilities), so it has with General Microsoft products Support Lifecycle. Microsoft believes MSXML 4.0 SP3 with SP2 completely different product, it has never been released to the automatic channels, which means that Windows Updates, WSUS and SCCM never users or businesses from SP2 automatic update to SP3.

Although there have been no recent public disclosure of a new vulnerability, but in SP2 in the presence of unpatched vulnerabilities. Back in 2 0 1 0 year Microsoft has stopped support for MSXML 4.0 SP2, because of this, in 2 0 1 2 year 7 month Microsoft released for SP3 critical security update MS12-0 4 3(fix publicly reported remote code execution vulnerability), and not as the MSXML 4.0 SP2 update, causing the user unpatched, vulnerable to attack.

Relieve MSXML 4.0 risk the best way is to check for any installed application whether it needs it;if not, uninstall it. If the old app needs this particular version, contact the supplier to see if there is an upgrade path, because running unsupported software or the attachment is not good practice.

In the minimum case, make sure that you from MSXML 4.0 SP2 to upgrade to SP3;Please note that this requires a manual update. Then, to ensure that the next automatic update after installing the MS13-0 0 2 and MS12-0 4 3 patch. If the business of the traditional software requires MSXML 4.0, companies should use Microsoft's Enhanced Mitigation Experience Toolkit 5.0 by preventing MSXML 4.0 in IE and does not belong to the Trusted sites or Intranet zone in the web run, to relieve trying to use SP2 unpatched vulnerability to potential attack.