Link to home
Start Free TrialLog in
Avatar of Al Nicely
Al NicelyFlag for United States of America

asked on

Nessus scan results - Critical vulnerability for mscomctl.ocx

All system in domain:
Windows 7 Professional
Service Pack 1
64-bit OS

Our Nessus scans are indicating a vulnerability with the Product :
Microsoft Office 2016
  - C:\Windows\SysWOW64\mscomctl.ocx has not been patched.
    Remote version : 6.1.97.82
    Should be      : 6.1.98.46

There are two MSCOMCTL.OCX on the systems… one in the C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\SYSTEM folder which is the current version 7.0.52.6282 and the offending MSCOMCTL.OCX version 6.1.97.82 found in C:\WINDOWS\SYSWOW64

My question is, is it safe to replace the offending MSCOMCTL.OCX with the newer OCX and if so what it the best way to do so?  I assumed I would need to unregister the OCX file, replace the old one with the new and run Regsvr32 on the newer OCX file.

PFA screenshot of found OCX files.

Ref:
CVE-2016-0012
CVE-2015-6117
CVE-2016-0010
CVE-2016-0035

Has anyone run into this vulnerability and if so what was done to remediate the issue?  Many thanks in advance!
SOLUTION
Avatar of Adam Brown
Adam Brown
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Al Nicely

ASKER

Thank you Adam for the prompt reply.  Do we have any documentation to substantiate the process?
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Adam & BST...  I am very familiar with registering DLL and OCX files but appreciate the refresher just the same.   Due to the fact that the older mscomctl.ocx file is constantly being restored I have had to create a script to overwrite the offending OCX and then register it so that the application can run and our scans are satisfied.