MS07-042 Help!

This is a problem that persists and I am desperate to solve it!!!
I have a XML problem: a vulnerability known as MS07-042.
There is no KB936227 known to be on my Windows XP Pro SP2 system; and in a prevkious attempt to solve this problem I was directed to a Microsoft Website that had Updates applying to MS07-027; but they applied only to machines running Vista. I have XP Pro SP2. A file, KB933579 was referenced; but, I find it no where on my system. In "ADD/REMOVE PROGRAMS, I have installed: MSXML 4 SP2 (KB927979; KB936181 and MSXML Parser 6.0 KB 933579.

I AM DESPERATE. If anyone knows of a way to solve this XML Problem: MS07-042, please help me. I would give 1,000 points if I could.

Thanks Very Much!!!

GadgetDude
GadgetDudeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

hlarseCommented:
Do you have Office 2003?  The vulerability is corrected with MS Office 2003 SP3, here --> http://support.microsoft.com/kb/870924/

Buried in the update information of this security bulletin is a reference to the file to install.  It is WindowsXP-KB936021-x86-enu.  Get it here --> http://www.microsoft.com/downloads/details.aspx?FamilyId=dea6a48f-fb00-43f3-a374-3220f9759c2d&displaylang=en

Also in there is a verification to check if it is installed.  Take a look at c:\windows\system32\msxml3.dll.  Right click on the file and select properties.  Select the Version tab.  The version of the file should be 8.90.1101.0 after the update.
0
GadgetDudeAuthor Commented:
Since I already have installed:
MSXML 4 SP2; and, MSXML 6.0 Parser
I am making the assumption that I should download and install; First, the XML Update for 4.0; then, Second, the XML Update for Version 6 - as you have listed above.
Once these are installed, I presume that the problem with MS07-042 will be fixed.

Let me know if what I have said here is the correct chronological procedure to follow.

Thanks!

GadgetDude :)
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

hlarseCommented:
Doesn't hurt to run all three actually.  Order doesn't particuarly matter.  The update will only apply if there is something to apply it to.  Once complete you can run the MS Baseline Security Analyzer to identify any vulerabilities --> http://www.microsoft.com/technet/security/tools/mbsa2/default.mspx

Or use the update website here --> http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us  This would likely be a one-stop shop.

There are a number of ways to deal with MS patching.

Good luck!
0
GadgetDudeAuthor Commented:
ARRGH! It didn't work!
Did as you suggested: installed all 3.
Then:
[1] Rebooted the system
[2] Check that all was updated: Windows XP; Trend Micro's "internet Security Pro".

When I ran a vulnerability check through Trend Micro, it displayed a vulnerability warning (again): MS07-042.

Shouldn't this have worked?  Solved the MS07-042 problem? I am sorry; but, I feel frustrated.
I do appreciate your help.

GadgetDude :(




0
hlarseCommented:
Ok GadgetDude.  First of all, don't panic.  A vulernability is not the same as an attack. This can only affect you if you visit a "specially crafted web site" that exploits this.

Second, check the file version of Msxml3.dll.  The update lists this as Win XP for all versions, so if the version of the file is 8.90.1101.0 the patch applied successfully.

Third, run the baseline security analyzer.  Download MBSASetup-EN.msi from http://www.microsoft.com/downloads/details.aspx?FamilyID=4b4aba06-b5f9-4dad-be9d-7b51ec2e5ac9&displaylang=en&Hash=DiuLI4FI5O4AkDuSDMRxdo1OG12f5RDnF9ebY20GU1gmBq5eLoS7uoENIxpqYDguH8SILEJxILIJaV2C1cRP7A%3d%3d#filelist and install it.  Run it and let me know what it says for vulerabilities.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
GadgetDudeAuthor Commented:
I apologize if I sounded panicky.
First of all, it is curious. Found references to MSXML3.DLL in 4 locations: [1] c:\windows\system32 (8.9.1101.0 - SP9); [2] c:\windows\ServicePackFiles\i386 (8.50.2102.0 - SP5); [3] c:\windows\common files\microsoft shared\SFPCA cache (8.70.1104.0 - SP7); [4] c:\windows\$hf_mig$\KB936021\SP2QFE (8.90.1101.0 - SP9)

With MBSA, found the following "vulnerability: Under "Administrative Vulnerabilties": Local Account Password Test - Some user accounts (9 of 9 - which is strange because I only have 6 accounts which includes Guest) have blank or simple passwords, or could not be analyzed (access denied).
The only other items found were: Office 2003 SP3 not installed (I am using Office 2007, so I don't need 2003); and, "Automatic Updates are not downloaded and installed automatically.l"

Thanks!
GadgetDude
0
hlarseCommented:
Absolutely no apology necessary, just didn't want you worrying over nothing :)

Sounds like you're all set, regardless of what Trend Micro is telling you.  The version in c:\windows\system32 is what you are concerned with.

If you want to make doubly sure about your patches, go to http://office.microsoft.com/en-us/downloads/maincatalog.aspx and see if it wants to install anything for you.
0
GadgetDudeAuthor Commented:
"Office Updates is unable to check for Updates".
???
GadgetDude

P.S. I am assuming I do not have to install the Office 2003 update since I'm running 2007. Also, the above message seems to imply a problem with Windows Installer 1.1?
I suppose you're telling me to ignore the MS07-042 notice and tell Trend Micro to stuff it.
0
GadgetDudeAuthor Commented:
hlarse:
I've been thinking about what you've said in the last submittal. The warning on MS07-042 has to be coming from somewhere? If "HIGH" risk warnings were meant to be ignored, why even send them?
I know I'm not very knowledgable about XML; but, that warning does bother me somewhat. I apologize for my ignorance.

GadgetDude
0
hlarseCommented:
Yes, you are right.  There is a patch also for office 2007.  Get it here http://www.microsoft.com/downloads/details.aspx?FamilyId=7A97478A-832C-4A6B-B074-0E18B1E4ED33&displaylang=en
0
hlarseCommented:
GadgetDude, I haven't given up on you on this.  You ok?
0
GadgetDudeAuthor Commented:
I admit to almost giving up.
Biut, I am still a reasonable man. I am still willing to listen. NEVER GIVE UP!!!

GadgetDude :)
0
hlarseCommented:
I think you about got it. The referenced files in the locations you indicate are as follows:
1. good, this is done.  
2. This folder is part of the backup from applying SP2.  It is just a backup and will not be updated.  
3.  This file is the one left to update.  Since you say you are running office 2007, the above patch should take care of it.  
4. Comes from running the patch KB936201, initial unpack area.
Let me know what your scans say.
0
GadgetDudeAuthor Commented:
Please! Forgive my ignorance; but, the way you phrased your statement, I am not really certain what you are saying, where to go, or what to do. I am sorry.
Can you please clarify?

GadgetDude
0
GadgetDudeAuthor Commented:
What folder? What Patch?

GadgetDude
0
hlarseCommented:
Run this one.  I think it is the last.  It is the update for office 2007.
http://www.microsoft.com/downloads/details.aspx?FamilyId=7A97478A-832C-4A6B-B074-0E18B1E4ED33&displaylang=en

Sorry for the confusion.  I was referring to the 4 instances you listed where you found the files and their versions.
0
GadgetDudeAuthor Commented:
Attempted to run your suggested file, the response gives me a reason as to why I have been unable to update Office 2007: "The detection failed, this can be due to a corrupted installation database."
Of course, I did not have the installation disk in the drive when I ran this file?!

GadgetDude
0
hlarseCommented:
Okay, so we've got something else going on.  Try going into Start, Programs, Microsoft Office, Office Tools, Microsoft Office Diagnostics and running a repair.  Once that is done, try the patch again.
0
GadgetDudeAuthor Commented:
I am running Office Diagnostics (Again) so I don't expect anything different - nothing needed repair last time. I am almost wondering if I should uninstall/reinstall Office 2007? That might get rid of the MS07-042 problem. But that would be extreme to say the least. Somehow, I get the feeling that the Office Update Problem and the MS07-042 are somehow related. But that's just a guess.
GadgetDude
P.S. If the current Diagnostics show ANYTHING, I will let you know.
0
GadgetDudeAuthor Commented:
The Diagnostic showed nothing!
However, MS Baseline Security Analyzer keeps wanting me to install an Office 2003 update. It probably means nothing and in no way affects the initial problem: MS07-042. I am reluctant to do a uninstall/reinstall of Office 2007 because (a) the disks I have are an upgrade; so, I would probably have to reinstall Office 2003; then, the Upgrade; and, (2) I don't know for certain if the MS07-042 problem is somehow related to Office 2007 Updating Problem.

I am confused.

GadgetDude
0
hlarseCommented:
Hi GagetDude,

Well, I have to admit, this has been a journey!  I'm not sure how the upgrade version of Office 2007 affects this whole thing.  However, if it wants to run the Office 2003 sp3 release, I'd do it.  MS patches and SPs will only patch something if it finds something there to patch.  The remaining vulnerability relates to Office, not Windows.  And, if Office 2003 sp3 does run, it should fix the vulerability.  You can install it from here http://www.microsoft.com/Downloads/details.aspx?familyid=E25B7049-3E13-433B-B9D2-5E3C1132F206&displaylang=en.

0
GadgetDudeAuthor Commented:
I am thisclose to giving up.
Ran the stupid Office 2003 SP3 update. It doesn't matter.
MS07-042 still shows up.
Somehow, I think it's related to Office 2007 (Excel & XML).
But I think the only way I am going to solve this is to pay the Devil (Bill Gates) his money and contact their Tech Support.
Now, I know why when we move to San Francisco from Illinois in a few months, PSC Enterprises will be switching over to Apple computers. I think we have all HAD ENOUGH of Microsoft.

But your help has been appreciated !!!!!

GadgetDude
0
hlarseCommented:
I understand.  I am sorry we didn't get this resolved.
0
GadgetDudeAuthor Commented:
I am giving this member an "Excellent" rating not because a solution was found. It was not! The rating is due because of the time, effort and patience this member has shown during a most annoying, frustrating and difficult time. Sometimes, you reward the efforts of an individual and not necessarily the outcome. The efforts were outstanding! The outcome sucks.
0
hlarseCommented:
Thank you, GadgetDude.  Again, I'm sorry.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
XML

From novice to tech pro — start learning today.