New Reader, Acrobat, Flash patches — and a SinoXP push for Linux

Topic

New Reply

This just in from EP:Adobe has released new Adobe Reader & Acrobat security updates here new Adobe Flash Player security updates for May 2014 post
[See the full post at: New Reader, Acrobat, Flash patches — and a SinoXP push for Linux]

Reply | Quote

Replies

Woody, what makes you think that in China it would be difficult to move folks to Linux?

In China and India there are lots of folks already using various Linnux distros. In fact, much recent innovation in Linux programming and development has come out of India, according to my own observations. the expertise and desire to keepout of Microsoft’s clutches are strong in both india and China.

Also in India and especially in China, developers and programmers have been concentrating on small devices, like tablets and HDMI sticks, which run Android, a close cousin to Linux. Even common users in both regions are used to using multiple interfaces and multiple OSes.

True, pirated Windows XP is the most common OS in use in China. But as is often the case there, what appears to outsiders on the surface is not necessarily all there is to the tech scene in China.

This may be a turning point in the OS area of tech evolution. We may be seeing the rise of Linux on a grand scale. Or not.

Reply | Quote

Hi Woody,

Forgive me if this is off topic, but I follow Secunia’s website and blog. I thought it was relevant to notice that many of your viewers may still have an unpatched vulnerability in Microsoft XML Core Services. I will post links at the bottom. It does not appear on Windows Update because it is considered End-of-Life by Microsoft until you manually install SP3 (see the last post of the discussion board post in the second link – it is the most helpful.). To reproduce the issue and for current Microsoft users, you can download Secunia PSI 3.0 from their website. It shows as unpatched. It’s great to run a weekly check, as many third party programs (such as Java/JRE/SE) release patches that we may not immediately know about). I personally do not use the auto-update feature- but manually update the applications.
Please read the discussion board post #7 VERY carefully to determine the correct version!!!

Here are the links to the Secunia report and the discussion blog post. Woody, feel free to moderate the post if necessary.

Disclaimer:
(I do not work for and have no relationship with Secunia and I am not a professional- just a consumer interested in IT. Always make regular backups in case something goes wrong).

Why Microsoft XML Core Services is the most exposed program on private PCs for 11 months running

http://secunia.com/blog/why-microsoft-xml-core-services-is-the-most-exposed-program-on-private-pcs-for-11-months-running-384/

Link to discussion post (You need to download and run Secunia PSI first to see it as unpatched).

http://secunia.com/community/forum/thread/show/14265/programs_that_will_not_update

(See the last post-post #7)

The program was listed as vulnerable on an otherwise fully patched Windows 7, Windows Vista, and I think it may apply to Windows XP as well. I patched it months ago, and noticed no issues. Be sure to reboot your computer run and then manually run Windows Update afterwards, as you will receive updates after installing the update referenced in the Secunia discussion post!

If you are interested, here is the link to Secunia’s USA vulnerability Report for 2013 Q3 which lists other issues.

http://secunia.com/?action=fetch&filename=PSI-Country-Report-(US)-(2013Q3).pdf
(It’s a PDF)

Config tip: Under settings in Secunia PSI 3.0 – I choose Detailed view and Under Update handling I choose Notify instead of automatic update.

Reply | Quote

@it –

Wow. First time I’ve heard of this. Let me strap on some hip waders and take a look.

Appreciate the heads up!

Reply | Quote

@it —

That Secunia Report is dated October 2013. This was before two 2014 patches to this piece of MS software. Microsoft has long since patched the issues cited in that old article.

Read the dates on security company articles before raising general alarm here, please.

Reply | Quote

@RC –

The latest Secunia report – for 1Q 2014 – also reports this as the top vulnerability.

Which patches from 2014 fixed version 4???

Reply | Quote

Sorry, Woody.

I was going by the date at the top of the Secunia article, not the content. It appears there are still significant issues with Microsoft XML Core Services. This is a serious and still ongoing Windows security issue.

Reply | Quote

I just found and looked over the Q1 2014 Secunia Vulnerabitlity Report. It definitely shows MSXML Core Services as the top vulnerability in Widnows PCs, without going into any details about MSXML Versions or Windows Versions on which it is installed, or Service Pack (for MSXML) Versions. In other words, these could all be PCs without up to date MSXML Service Packs and patches.

I recall seeing at least two MS Updates patches since October 2013 for MSXML Core Services on Susan Bradley’s monthly patch lists. I think they addressed some issues with Version 4.x.

Again, bottom line is — Windows 7 does not have MSXML in the vulnerable version unless some obsolete software running in a Compatibility Mode has installed it. Which may be more common thanit would appear should be the case.

Reply | Quote

I just recounted. There are six items I have submitted, two of which were posted already, on the MSXML 4 sub-topic. All had errors in them. those which are still awaiting moderation (including this one) may be kept out of the thread to keep things tidy around here. Sorry about the mess.

Reply | Quote

@RC –

I deleted some of the earlier ones. Yell if you’d like me to resurrect them.

Reply | Quote

The one thing I would like to add back is that one program which shows current issues involving MSXML4 on Windows 7 is a widely used one — QuickBooks from Intuit. Users of QuickBooks who for any reason have an older version installed should take any PSI 3 warnings very seriously.

Either upgrade QuickBooks, or fully patch and upgrade MSXML4. If fully patched with all three Service Packs, MSXML4 passes PSI3 inspections with a solid GREEN. But it will still be marked as having known security vulnerabilities.

Since it is not native to Windows 7, there is no good reason other than obsolete software, to have MSXML4 on any Windows 7 PC. The current version is MSXML5.

Reply | Quote

@RC –

I didn’t realize that. No comments so far from Microsoft…

Reply | Quote

@rc primak: The current version is actually MSXML6, which ships as part of XP SP3, Vista and later. MSXML3 is also part of Windows.

Reply | Quote

@Yuhong —

All the more reason that if there is a newer version of any legacy software which does not depend on the older versions of MSXML, it is time to upgrade.

@Woody —

My observations about QuickBooks come from their own forum at the QuickBooks website. Questions and requests for help are still mentioning MSXML4 and its relationship to at least some versions of QuickBooks still in use.

Reply | Quote

Hi Woody – It’s not just a Secunia thing. I’m running Win 7 Professional SP1 and both Belarc Advisor and Windows Updates are telling me I need two MS XML Core Services 4.0 SP1 patches – KB954430 and KB973688. These did not appear a month ago and I haven’t installed any new programs in the meantime that might use them.

More confusing is that Windows Update says these patches were published on 7-12-2011. I went to the KB954430 page at http://www.microsoft.com/downloads/details.aspx?FamilyId=96a4413c-5261-4f69-83d0-932c430abd14 and this is a very old patch from 2008. Windows 7 isn’t even listed in the “supported operating systems.”

To say I’m confused would be putting it very mildly. Any advice? Thanks!

Reply | Quote

Hi Woody – Just a thought – perhaps this MS XML issue deserves a separate post? It started as an off topic comment 10 days ago and, as far as I can tell, it hasn’t been resolved yet and has pretty much taken over the original post.

Reply | Quote

@Susan –

I’m toying with the idea of expanding it a bit and posting on InfoWorld. I’m on vacation at the moment, but will mull it over once I’m back and working for real…

Reply | Quote