Al Nicely
asked on
Nessus scan results - Critical vulnerability for mscomctl.ocx
All system in domain:
Windows 7 Professional
Service Pack 1
64-bit OS
Our Nessus scans are indicating a vulnerability with the Product :
Microsoft Office 2016
- C:\Windows\SysWOW64\mscomc tl.ocx has not been patched.
Remote version : 6.1.97.82
Should be : 6.1.98.46
There are two MSCOMCTL.OCX on the systems… one in the C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\SYSTEM folder which is the current version 7.0.52.6282 and the offending MSCOMCTL.OCX version 6.1.97.82 found in C:\WINDOWS\SYSWOW64
My question is, is it safe to replace the offending MSCOMCTL.OCX with the newer OCX and if so what it the best way to do so? I assumed I would need to unregister the OCX file, replace the old one with the new and run Regsvr32 on the newer OCX file.
PFA screenshot of found OCX files.
Ref:
CVE-2016-0012
CVE-2015-6117
CVE-2016-0010
CVE-2016-0035
Has anyone run into this vulnerability and if so what was done to remediate the issue? Many thanks in advance!
Windows 7 Professional
Service Pack 1
64-bit OS
Our Nessus scans are indicating a vulnerability with the Product :
Microsoft Office 2016
- C:\Windows\SysWOW64\mscomc
Remote version : 6.1.97.82
Should be : 6.1.98.46
There are two MSCOMCTL.OCX on the systems… one in the C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\SYSTEM folder which is the current version 7.0.52.6282 and the offending MSCOMCTL.OCX version 6.1.97.82 found in C:\WINDOWS\SYSWOW64
My question is, is it safe to replace the offending MSCOMCTL.OCX with the newer OCX and if so what it the best way to do so? I assumed I would need to unregister the OCX file, replace the old one with the new and run Regsvr32 on the newer OCX file.
PFA screenshot of found OCX files.
Ref:
CVE-2016-0012
CVE-2015-6117
CVE-2016-0010
CVE-2016-0035
Has anyone run into this vulnerability and if so what was done to remediate the issue? Many thanks in advance!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Adam & BST... I am very familiar with registering DLL and OCX files but appreciate the refresher just the same. Due to the fact that the older mscomctl.ocx file is constantly being restored I have had to create a script to overwrite the offending OCX and then register it so that the application can run and our scans are satisfied.
ASKER