After running Trend Micro Internet Security, I received message: Security Vulnerabilities in the Windows Operating System: Risk: Critical MS06-071 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution. " " MS07-042 " " " " " " " " " " Should I download and install these manually? ( Windows update doesn't detect them) I understand they are not normally included in Windows, is this correct? Or is there more involved in just these two?

The vulnerabity scan is definitely not meant for Windows 7. MS06-071 is about a dll created in 2006. MS07-042 is also a few months before Windows 7 RTM. You can rest assured that these fixes have been part of the Windows 7 development cycle and that these vulnerabilities will not be part of the released product.You better wait for an updated version of Trend Internet Security for an up to date vulnerability report.Ray

Good News Ray,But this threads triggered me one question,i may ask you or anyone if MSE will have that functionality of scanning vulnerabilities working with WU services,as soon as the solution gets release and when will technet have windows 7 Bulletins and workarounds to solve issues or even .msi fixes available before windows update just like windows vista?Thanks in advance,RR

hmmm... I am running the RTM of W7 Ultimate, with the latest W7 compatible TrendMicro (17.50.1366.0000), and I am getting the scan message from TM for MS06-071 and MS07-042 as part of its scan today.Doc

I just got the message from TM again, on today's scan, regarding MS06-071 and MS07-042.Are these an error, or not? If an error, will the Vista patch correct them?Doc

RE: MS06-071According to this windows vista us not affected. However the text below makes note of a vulnerability.The patch is an .msi windows installer.http://www.microsoft.com/technet/security/bulletin/ms06-071.mspx Is Windows Vista vulnerable to this issue?Windows Vista does not include a vulnerable version of Microsoft XML Core Services. Windows Vista includes msxml6.dll version 6.10.1129 and is not vulnerable. However, if an application has been applied that installed a vulnerable version of Microsoft XML Core Services 4.0 this update should be applied.

As I said, I am running the RTM of W7 Ultimate, with the latest W7 compatible TrendMicro (17.50.1366.0000).TrendMicro is reporting the vulnerability under Windows 7.So, is it a W7 problem, or a TM problem? Also, I have reported this to TM as of this afternoon. No meaningful response yet.Doc

Strangelove-Read the bulletin and that should answer most of you questions. You see the excerpt from the bulliten above. If you have not installed any version of xml core services that the bulliten pertains to via third party software than it is plain to see TM is giving you a false alarm.

Ok, I have checked the file versions. MSXML6 appears ok per the version info. My MSXML4.dll and MSXML4r.DLL are 4.10.9404.0, 3/8/2007.I am not clear on which update to download, or even if a download is needed.Advise?Doc

MSXML6 is version 7600 or 7100 so nothing affected here. If MSXML4 is installed as a redistributable from some other program but windows update should detect it.In any case some versions of MSXML4are affected. According to the bulliten vista is not affected unless the above senario. The dowload page does not list vista. The update is an .msi installer compatible with all versions of windows. I dowloaded the apropriate update and installed it. It says installation was successfull but it does not really install. Selecting uninstall from the .msi package states "this action is only applies to installed products" so the update probably does not apply to my system. > Windows Update is best way to find out what updates are really needed and therefore I would go by the notifications provided by Windows Update to tell me what updates are needed especially for microsoft products such as MSMXL and not be as concerned with the messeges from programs like Trend Micro.

Windows update is not picking it up (MSXML4.DLL). I found KB954430http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=96a4413c-5261-4f69-83d0-932c430abd14This is for MSXML4.dll sp2.I have downloaded and installed it. Now, the version of MSXML4.dll is 4.20.9870.0, 9/30/2008. However, MSXML4r.dll was left as before.I also found while doing the update that MSXML4.dll was in use by IDU(Intel Desktop Utilities) (which shows my fans, temp, and power for my board). So, I am assuming that is how MSXML4.dll got there.Make sense?Doc

This bulletin was not listed by the op as an alert from trend micro butI dowloaded and was given the option to repair, modify or remove, so this sp was already on my Vista partition which is what I am on right now.

I just rebooted. I tested IDU and it works as it should.Then, I ran a full scan with TrendMicro - no vulnerabilities detected.I am assuming that TrendMicro was correct in detecting the issue, and also assuming that there is a problem with Windows Update in that it did not detect and update MSXML4.DLL. So, a philosophical question: If you make an error go away, did you really fix anything?DocBTW, Horshack, thanks for the help on this.

I just logged on to 7 and installed the update which was not on previously installed as was with vista, so the install went well and my computer is updated. It is now sitting in the programs list but not in the installed updates list. So I think we resolved this and everything seems to be up to date.

Excellent. You also used the update that I did for MSXML4.dll sp2? It seemed to be the latest/greatest available.Now, we need to get this to the folks that do Windows Update.Also, without understanding MSXML4r.dll, that is something that TrendMicro does not look at?Doc

Intresting that it was present on my Vista drive but not for windows 7.

Horshack, it appears that only you and I were interested in this MSXML4.DLL issue.Doc

Well, I guess so. I'm pretty sure it did apply to my system...

Same here. Like I said, a full TM scan after the update went without error.Is C:\Program Files\MSXML 4.0 on your system empty?Doc

Mine is also emptybecause it may be a working folder for temp files.