Guest Stefan Kanthak Posted May 16, 2008 Posted May 16, 2008 Hi @ll, one more chapter in the book "How Microsoft lives Trustworthy Computing". NOT! Yesterday the "Virtual PC 2007 Service Pack 1" was published on the Microsoft Download Center. The SETUP.EXE (32 bit) available for download there contains but an outdated and vulnerable MSXML6 (msxml6-KB927977-enu-x86.exe to be precise; notice the ENU, even in the GERMAN SETUP.EXE). This MSXML6 gets installed (in case no newer MSXML6 is already present on the target system) WITHOUT ANY notice even before the first MSI dialog of VPC is displayed, i.e. the users system is altered even if s/he choses to abort the installation (or the installation aborts itself, as is the case on Windows 2000). Where has the QA department been sleeping lately? Stefan PS: "Virtual PC 2007" has the same error too. Quote
Guest Chris Wood Posted May 28, 2008 Posted May 28, 2008 Stefan, Is this on XP SP3? I wonder if this is related http://forums.microsoft.com:80/MSDN/ShowPo...267649&SiteID=1 Chris "Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message news:e4BaX23tIHA.4492@TK2MSFTNGP02.phx.gbl...<span style="color:blue"> > Hi @ll, > > one more chapter in the book "How Microsoft lives Trustworthy > Computing". NOT! > > Yesterday the "Virtual PC 2007 Service Pack 1" was published on the > Microsoft Download Center. > The SETUP.EXE (32 bit) available for download there contains but an > outdated and vulnerable MSXML6 (msxml6-KB927977-enu-x86.exe to be > precise; notice the ENU, even in the GERMAN SETUP.EXE). > > This MSXML6 gets installed (in case no newer MSXML6 is already > present on the target system) WITHOUT ANY notice even before the > first MSI dialog of VPC is displayed, i.e. the users system is > altered even if s/he choses to abort the installation (or the > installation aborts itself, as is the case on Windows 2000). > > Where has the QA department been sleeping lately? > > Stefan > > PS: "Virtual PC 2007" has the same error too. > </span> Quote
Guest Chris Wood Posted May 28, 2008 Posted May 28, 2008 Seems that msxml6r.dll is now protected by Windows XP SP3. Chris "Chris Wood" <anonymous@microsoft.com> wrote in message news:uCkTvANwIHA.5448@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > Stefan, > > Is this on XP SP3? I wonder if this is related > http://forums.microsoft.com:80/MSDN/ShowPo...267649&SiteID=1 > > Chris > > "Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message > news:e4BaX23tIHA.4492@TK2MSFTNGP02.phx.gbl...<span style="color:green"> >> Hi @ll, >> >> one more chapter in the book "How Microsoft lives Trustworthy >> Computing". NOT! >> >> Yesterday the "Virtual PC 2007 Service Pack 1" was published on the >> Microsoft Download Center. >> The SETUP.EXE (32 bit) available for download there contains but an >> outdated and vulnerable MSXML6 (msxml6-KB927977-enu-x86.exe to be >> precise; notice the ENU, even in the GERMAN SETUP.EXE). >> >> This MSXML6 gets installed (in case no newer MSXML6 is already >> present on the target system) WITHOUT ANY notice even before the >> first MSI dialog of VPC is displayed, i.e. the users system is >> altered even if s/he choses to abort the installation (or the >> installation aborts itself, as is the case on Windows 2000). >> >> Where has the QA department been sleeping lately? >> >> Stefan >> >> PS: "Virtual PC 2007" has the same error too. >></span> > > </span> Quote
Guest Stefan Kanthak Posted May 28, 2008 Posted May 28, 2008 "Chris Wood" <anonymous@microsoft.com> schrieb: ~~~~~~~~~~~~~~~~~~~~~~~ Really? <span style="color:blue"> > Stefan, > > Is this on XP SP3?</span> No. XP SP3 (as well as Server 2008 and Vista; all three are the intended hosts of VPC2007SP1) has the current MSXML6, so the distribution of the MSXML update with VPC2007SP1 is USELESS! <span style="color:blue"> > I wonder if this is related > http://forums.microsoft.com:80/MSDN/ShowPo...267649&SiteID=1</span> I suspect the same cause: MSXML6 is uptodate on XP SP3. <span style="color:blue"> > Chris</span> ARGH! Please stop top posting. Stefan <span style="color:blue"> > "Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message > news:e4BaX23tIHA.4492@TK2MSFTNGP02.phx.gbl...<span style="color:green"> >> Hi @ll, >> >> one more chapter in the book "How Microsoft lives Trustworthy >> Computing". NOT! >> >> Yesterday the "Virtual PC 2007 Service Pack 1" was published on the >> Microsoft Download Center. >> The SETUP.EXE (32 bit) available for download there contains but an >> outdated and vulnerable MSXML6 (msxml6-KB927977-enu-x86.exe to be >> precise; notice the ENU, even in the GERMAN SETUP.EXE). >> >> This MSXML6 gets installed (in case no newer MSXML6 is already >> present on the target system) WITHOUT ANY notice even before the >> first MSI dialog of VPC is displayed, i.e. the users system is >> altered even if s/he choses to abort the installation (or the >> installation aborts itself, as is the case on Windows 2000). >> >> Where has the QA department been sleeping lately? >> >> Stefan >> >> PS: "Virtual PC 2007" has the same error too. >> </span></span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.