msxml4.dll

[Robin Bignall]

Recently Kaspersky has been warning me that there's a critical
vulnerability in msxml4.dll. If I jump to the source description it
gets me to
http://www.viruslist.com/en/advisories/23655

on which there are five different patches for 32-bit XP SP2 and / or
SP3. Which one should I use? Logic says 4.0, but I've tried that
with no effect. I have 32-bit SP3 and have also tried the last one
for 6.0., which didn't remove the vulnerability.
Has anybody else come across this problem?

 

[Shenan Stanley]

Recently Kaspersky has been warning me that there's a critical
vulnerability in msxml4.dll. If I jump to the source description it
gets me to
http://www.viruslist.com/en/advisories/23655

on which there are five different patches for 32-bit XP SP2 and / or
SP3. Which one should I use? Logic says 4.0, but I've tried that
with no effect. I have 32-bit SP3 and have also tried the last one
for 6.0., which didn't remove the vulnerability.
Has anybody else come across this problem?

http://windowsupdate.microsoft.com/
CUSTOM scan
Install the things it tells you that you need.
(All High Priority, Optional Software - I'd personally avoid only the
Windows Search, Optional Hardware - avoid completely.)

 

[Robin Bignall]

I am having exactly the same problem as Robin. The MS Windowsupdate site
found nothing to update, but Kasperky still lists five vulnerabilities,
all involving versions of the msxml4.dll file located in five folders
starting with
C:\Windows\WinSxS\x86_Microsoft.MSXML2_ (etc.).

Exactly. Kaspersky reports that the system is protected but it also
reports these (3, in my case) vulnerabilities in msxml4.dll as
"critical". My system is bang up to date with ALL critical and other
Windows updates from microsoftupdate.com. The site I referred to in
my post is not a critical update -- it's a hotfix. I suppose with
hotfixes it's up to the user to decide he has a problem and then
choose to install the appropriate hotfix or not. Trouble is, with
five to choose from with XP SP2/3, which to choose? I've tried them
all, with no effect as far as Kaspersky is concerned.

 

[bertieboy]

I finally worked out how to quarantine these troublesome files in
Kaspersky (I had been trying to do them all in a batch instead of
one-by-one). I am not happy about this solution as I fear it may come
back to bite me during an attempted Microsoft update. Also, I may yet
discover that some older application no longer works. But for now, I no
longer get the vulnerability reports. I would still like to know how to
update or delete them properly.

Along with loads of other people in the Kaspersky forum, I managed to
get rid of my vulnerabilities by following their advice. I think I just
deleted the entries about 2 weeks ago, not had any problems since.

http://forum.kaspersky.com/index.php?showtopic=92620

 

[Robin Bignall]

Along with loads of other people in the Kaspersky forum, I managed to
get rid of my vulnerabilities by following their advice. I think I just
deleted the entries about 2 weeks ago, not had any problems since.

http://forum.kaspersky.com/index.php?showtopic=92620

There seemed to be quite a few Kaspersky users who were a little
confused in that thread, but it seems to net out to using add / delete
programs to remove old versions of msxml4 and 6, just as one should
clear out old versions of Java. I've done it, rebooted, checked with
microsoftupdate and am now about to run a full K9 scan

 

[Robin Bignall]

There seemed to be quite a few Kaspersky users who were a little
confused in that thread, but it seems to net out to using add / delete
programs to remove old versions of msxml4 and 6, just as one should
clear out old versions of Java. I've done it, rebooted, checked with
microsoftupdate and am now about to run a full K9 scan

That didn't completely clear them. I then deleted any examples of
msxml4 and 6 from system32 that had dates before 2008. K9 still found
modules in various places, so I simply found the files via K9 and
deleted all of them. Rebooted. Checked with windowsupdate. Ran K9
again. Clean.

It appears that critical updates do not remove old versions of these
files when it updates them, just as Java does not remove old versions.

Thanks very much Bertieboy for your help with this problem.

 

[bertieboy]

That didn't completely clear them. I then deleted any examples of
msxml4 and 6 from system32 that had dates before 2008. K9 still found
modules in various places, so I simply found the files via K9 and
deleted all of them. Rebooted. Checked with windowsupdate. Ran K9
again. Clean.

It appears that critical updates do not remove old versions of these
files when it updates them, just as Java does not remove old versions.

Thanks very much Bertieboy for your help with this problem.

You're welcome. That's what forums are for! I've been on Kaspersky IS
2009 now for about 3 weeks and I've used their forum a lot. I'm
impressed with the help available there.

 

[bertieboy]

Thanks for the advice. It seems the K9 'sniffer dog' had dug up some
old bones. When I ignored all the warnings against doing so, I deleted
all those old DLLs. The sky did not fall in, and, at last, the
vulnerability warnings have gone.

Its funny, some people in the Kaspersky forum were quite indignant about
these vulnerabilities and were asking how to turn off the notifications!
I think they were missing the point!
I had 454 of these when I first installed KIS. Nearly all old Quicktime,
Java, Adobe reader and the MSXML ones. All gone now though.

 

[Robin Bignall]

Its funny, some people in the Kaspersky forum were quite indignant about
these vulnerabilities and were asking how to turn off the notifications!
I think they were missing the point!
I had 454 of these when I first installed KIS. Nearly all old Quicktime,
Java, Adobe reader and the MSXML ones. All gone now though.

I didn't have as many as that, but I started with K7 a year or two ago
and it cleared lots out. These "old bones" of the msxml? dlls were
only revealed after M$'s latest set of critical updates. I have
learned one thing that I didn't realise before: that XP apparently
allows files with the same filename/extension but different dates to
reside in the same folder. I found three msxml4.dlls in system32
after I had gone through the add / delete programs route, and deleted
those with dates prior to 2008.

I know analogies are futile in the computer business, but installers
leaving old modules behind instead of removing them when they update
is like a garage replacing your piston rings and leaving the old ones
still in place.

 

[bertieboy]

I didn't have as many as that, but I started with K7 a year or two ago
and it cleared lots out. These "old bones" of the msxml? dlls were
only revealed after M$'s latest set of critical updates. I have
learned one thing that I didn't realise before: that XP apparently
allows files with the same filename/extension but different dates to
reside in the same folder. I found three msxml4.dlls in system32
after I had gone through the add / delete programs route, and deleted
those with dates prior to 2008.

I know analogies are futile in the computer business, but installers
leaving old modules behind instead of removing them when they update
is like a garage replacing your piston rings and leaving the old ones
still in place.

Resulting in gnashing of teeth and much wailing from users.