Help with MS Baseline Security Analyzer

Discussion in 'Computer Support' started by ECLiPSE 2002, May 5, 2004.

  1. ECLiPSE 2002

    ECLiPSE 2002 Guest

    I am somewhat confused by the results of a scan I just ran with the MS
    Baseline Security Analyzer. It is telling me that two security updates
    are out of date and 3 could not be confirmed as follows:

    MSXML 3 lacks the latest service pack SP 4
    MSXML 4 lacks the latest service pack SP 2

    MS)#-008
    MS03-030
    MS03-051

    Yet when I run Windows Update it tells me there are no critical
    updates to be installed? Exactly what are the MSXML service packs and
    what do they do? Where can they be found to download?

    Can some kind soul explain what is happening and should I attempt to
    download and install the above updates even though Windows Update
    doesn't recognize the need?

    Thanks for any assistance.

    Frank
    ECLiPSE 2002, May 5, 2004
    #1
    1. Advertising

  2. ECLiPSE 2002

    why? Guest

    On Wed, 05 May 2004 10:28:29 -0400, ECLiPSE 2002 wrote:

    >I am somewhat confused by the results of a scan I just ran with the MS
    >Baseline Security Analyzer. It is telling me that two security updates
    >are out of date and 3 could not be confirmed as follows:
    >
    >MSXML 3 lacks the latest service pack SP 4
    >MSXML 4 lacks the latest service pack SP 2


    The 2 above are for viewing / developing with XML.
    Download, I would have though Windows Update, if not then here
    http://msdn.microsoft.com/XML/XMLDownloads/default.aspx

    There is usually an older version of these from IE or other service
    packs, you would need to check at
    www.microsoft.com/security/ for what the security patches protect
    against - or
    http://support.microsoft.com , use search by KB article for the PSS ID's
    below.

    Knowledge Base
    Conformance and Security Changes in MSXML 4.0 SP2
    PSS ID Number: 820882
    Article Last Modified on 9/10/2003

    The other lot is quite a bit to work through as most of it is
    development type issues. However some of the security fixes involve OE ,
    access to local files.
    There are a number of what's fixed articles, usually 2 or 4 parts.

    - or

    Try http://search.microsoft.com/
    Advanced search
    exact phrase - MSXML service pack
    microsoft.com site - knowledge base


    >MS)#-008


    That would be MS03-008 :) critical
    http://www.microsoft.com/technet/security/bulletin/MS03-008.mspx
    A security issue has been identified that could allow an attacker to run
    programs on a computer running Microsoft® Windows®. The attacker would
    first have to send you an e-mail message or entice you into visiting a
    malicious website. You can help protect your computer by installing this
    update from Microsoft.

    On the links for these, read the General Info / FAQs section.


    >MS03-030

    http://www.microsoft.com/technet/security/bulletin/MS03-030.mspx
    Impact of vulnerability:
    Allow an attacker to execute code on a user's system
    Maximum Severity Rating:
    Critical
    Recommendation:
    Customers should apply the security patch immediately


    >MS03-051

    http://www.microsoft.com/technet/security/bulletin/MS03-051.mspx
    Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code
    Execution (813360)


    >Yet when I run Windows Update it tells me there are no critical


    These may have been updated by other patches since.

    There is a big difference between critical, moderate and important etc.
    It may also depend on how current the BSA database is.

    >updates to be installed? Exactly what are the MSXML service packs and
    >what do they do? Where can they be found to download?
    >
    >Can some kind soul explain what is happening and should I attempt to
    >download and install the above updates even though Windows Update
    >doesn't recognize the need?


    Check the migitating factors section of the above notices, usually lists
    conditions in which the flaw works.

    008, did this one on some PCs not others. Usually I don't use Active
    Scripting enabled in IE and I don't use OL/OE.

    051, also did this as I use the FrontPage extensions.

    030, although I have older directx , part of the flaw is MIDI files so I
    didn't bother.

    >Thanks for any assistance.
    >
    >Frank


    Me
    why?, May 5, 2004
    #2
    1. Advertising

  3. ECLiPSE 2002

    ECLiPSE 2002 Guest

    Thanks for the detailed and informative response, why.

    Frank


    On Wed, 05 May 2004 19:17:03 GMT, why?
    <fgrirp*sgc@VAINY!Qznq.fpvragvfg.pbz> wrote:

    >
    >On Wed, 05 May 2004 10:28:29 -0400, ECLiPSE 2002 wrote:
    >
    >>I am somewhat confused by the results of a scan I just ran with the MS
    >>Baseline Security Analyzer. It is telling me that two security updates
    >>are out of date and 3 could not be confirmed as follows:
    >>
    >>MSXML 3 lacks the latest service pack SP 4
    >>MSXML 4 lacks the latest service pack SP 2

    >
    >The 2 above are for viewing / developing with XML.
    >Download, I would have though Windows Update, if not then here
    >http://msdn.microsoft.com/XML/XMLDownloads/default.aspx
    >
    >There is usually an older version of these from IE or other service
    >packs, you would need to check at
    >www.microsoft.com/security/ for what the security patches protect
    >against - or
    >http://support.microsoft.com , use search by KB article for the PSS ID's
    >below.
    >
    >Knowledge Base
    >Conformance and Security Changes in MSXML 4.0 SP2
    >PSS ID Number: 820882
    >Article Last Modified on 9/10/2003
    >
    >The other lot is quite a bit to work through as most of it is
    >development type issues. However some of the security fixes involve OE ,
    >access to local files.
    >There are a number of what's fixed articles, usually 2 or 4 parts.
    >
    >- or
    >
    >Try http://search.microsoft.com/
    >Advanced search
    >exact phrase - MSXML service pack
    >microsoft.com site - knowledge base
    >
    >
    >>MS)#-008

    >
    >That would be MS03-008 :) critical
    >http://www.microsoft.com/technet/security/bulletin/MS03-008.mspx
    >A security issue has been identified that could allow an attacker to run
    >programs on a computer running Microsoft® Windows®. The attacker would
    >first have to send you an e-mail message or entice you into visiting a
    >malicious website. You can help protect your computer by installing this
    >update from Microsoft.
    >
    >On the links for these, read the General Info / FAQs section.
    >
    >
    >>MS03-030

    >http://www.microsoft.com/technet/security/bulletin/MS03-030.mspx
    >Impact of vulnerability:
    >Allow an attacker to execute code on a user's system
    >Maximum Severity Rating:
    >Critical
    >Recommendation:
    >Customers should apply the security patch immediately
    >
    >
    >>MS03-051

    >http://www.microsoft.com/technet/security/bulletin/MS03-051.mspx
    >Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code
    >Execution (813360)
    >
    >
    >>Yet when I run Windows Update it tells me there are no critical

    >
    >These may have been updated by other patches since.
    >
    >There is a big difference between critical, moderate and important etc.
    >It may also depend on how current the BSA database is.
    >
    >>updates to be installed? Exactly what are the MSXML service packs and
    >>what do they do? Where can they be found to download?
    >>
    >>Can some kind soul explain what is happening and should I attempt to
    >>download and install the above updates even though Windows Update
    >>doesn't recognize the need?

    >
    >Check the migitating factors section of the above notices, usually lists
    >conditions in which the flaw works.
    >
    >008, did this one on some PCs not others. Usually I don't use Active
    >Scripting enabled in IE and I don't use OL/OE.
    >
    >051, also did this as I use the FrontPage extensions.
    >
    >030, although I have older directx , part of the flaw is MIDI files so I
    >didn't bother.
    >
    >>Thanks for any assistance.
    >>
    >>Frank

    >
    >Me
    ECLiPSE 2002, May 6, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    2
    Views:
    2,515
  2. Replies:
    1
    Views:
    1,693
    Martin Bilgrav
    Apr 30, 2006
  3. Doug Fox
    Replies:
    6
    Views:
    554
    Michael J. Pelletier
    Jan 20, 2005
  4. Doug Fox
    Replies:
    1
    Views:
    487
    Michael J. Pelletier
    Jan 20, 2005
  5. Don Awalt

    Baseline Security Analyzer

    Don Awalt, Jun 20, 2005, in forum: Windows 64bit
    Replies:
    3
    Views:
    464
    Charlie Russel - MVP
    Jun 20, 2005
Loading...

Share This Page