|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
Newsletter Archives
-
XML Core Services 4.0 vulnerability on Windows 7 – unpatched and vulnerable for several years
This from IT:
I previously made a comment (been a year or so) about this issue XML Core Services 4.0 Vuln on Windows 7 – unpatched and vulnerable for several years.
Secunia PSI detects it, Belarc Advisor detects it according to some users. Reports are that it is frequently the result of older software (Quicken/QuickBooks, possibly HP).
Apparently it seems that MSXML SP3 must be installed manually from Microsoft’s download site, then reboot and run Windows update. There will be security patches that appear.
Some have postulated that it was because MSXML 4 SP2 was EOL’d that MS Update did not deliver any patches to users with outdated software. It still seems to be one of the top vulnerabilities exploited.
Included are some relevant links:http://www.flexerasoftware.com/enterprise/resources/research/vulnerability-review/tab/vendor-update (see page 28) – pdf is available via Google.I “think” that post #2 by Maurice is the most correct answer. It’s one of those- at your own risk compatibility things. If you run Secunia PSI – its listed as unpatched – Critical. People need to know it’s the #2 out of 50 top vulnerability as of 2016!Thought you and your readers need to know! – I think it’s listed as “Critical”.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Finding Microsoft Office 2021 product key
by 1 hour, 48 minutes ago
-
Over-the-Top solves it!
by 2 hours, 31 minutes ago
-
To Susan – Woody Leonhard, the “Lionhearted”
by 9 hours, 32 minutes ago
-
Extracting Data From All Sheets
by 11 hours, 7 minutes ago
-
Use wushowhide in Windows 11 24H2?
by 11 hours, 15 minutes ago
-
Hacktool:Win32/Winring0
by 11 hours, 2 minutes ago
-
Microsoft Defender as Primary Security Question
by 11 hours, 43 minutes ago
-
USB printers might print random text with the January 2025 preview update
by 13 hours, 46 minutes ago
-
Google’s 10-year-old Chromecast is busted, but a fix is coming
by 23 hours, 22 minutes ago
-
Expand the taskbar?
by 23 hours, 12 minutes ago
-
Gregory Forrest “Woody” Leonhard (1951-2025)
by 1 hour, 58 minutes ago
-
March 2025 updates are out
by 25 minutes ago
-
Windows 11 Insider Preview build 26120.3380 released to DEV and BETA
by 1 day, 16 hours ago
-
Update Firefox to prevent add-ons issues from root certificate expiration
by 2 days ago
-
Latest Firefox requires Password on start up
by 1 day, 18 hours ago
-
Resolved : AutoCAD 2022 might not open after updating to 24H2
by 2 days, 12 hours ago
-
Missing api-ms-win-core-libraryloader-11-2-1.dll
by 1 day, 11 hours ago
-
How Much Daylight have YOU Saved?
by 1 day, 14 hours ago
-
A brief history of Windows Settings
by 1 day, 8 hours ago
-
Thunderbolt is not just for monitors
by 1 day, 6 hours ago
-
Password Generators — Your first line of defense
by 1 day, 12 hours ago
-
AskWoody at the computer museum
by 12 hours, 12 minutes ago
-
Planning for the unexpected
by 1 day, 13 hours ago
-
Which printer type is the better one to buy?
by 2 days, 14 hours ago
-
Upgrading the web server
by 2 days, 13 hours ago
-
New Windows 11 24H2 Setup – Initial Win Update prevention settings?
by 3 days, 8 hours ago
-
Creating a Google account
by 3 days, 6 hours ago
-
Undocumented “backdoor” found in Bluetooth chip used by a billion devices
by 3 days, 13 hours ago
-
Microsoft Considering AI Models to Replace OpenAI’s in Copilot
by 4 days ago
-
AI *emergent misalignment*
by 4 days, 1 hour ago
Remembering Woody
