[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Microsoft ignores serious MSXML update issue
- To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] Microsoft ignores serious MSXML update issue
- From: Zbygniew Prlwytzkofsky <prlwytzkofsky@xxxxxxxxx>
- Date: Mon, 15 Jul 2013 18:38:36 -0700 (PDT)
Firstly,
I hesitated to post to FD,
as the matter does not concern any new vulnerability, but an older issue.
However, as I think it's a serious issue nevertheless, I decided to post anyway.
The issue is, in abstract:
For Windows systems on which MSXML 4.0 SP2 is present, MSXML 4.0 SP3 is not
offered through Windows/Microsoft Update. And for Windows systems on which
MSXML 4.0 SP2 is present and not MSXML 4.0 SP3, security update KB2758694 (was
KB2721691) is not offered through Windows/Microsoft Update. I contacted
Microsoft and Microsoft made clear it won't do anything to resolve the issue.
As Microsoft made clear it won't do anything to resolve the issue, I felt
obligated to publish the information on the web, so that as many users as
possible can be informed of the issue and can choose to download and install
MSXML4 SP3 so that security update KB2758694 (was KB2721691) can be installed
to patch the MSXML 4.0 vulnerability.
I have informed Microsoft about that, several times during my correspondence
with Microsoft.
Last week, I posted at Security.nl, as Spiff.
See:
Microsoft ignores serious MSXML update issue
https://www.security.nl/artikel/46991/1/MS_ignores_XML_update_issue.html
First two parts are in English,
third and fourth part is the same content in Dutch.
Best regards
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/