今天要跟大家分享的是关于微软XML的系统缺陷。
下面是关于这个问题的具体的描述:
The remote host contains one or more unsupported versions of the Microsoft XML Parser (MSXML) or XML Core Services.
Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
Note that support for MSXML 3.0 and 6.0 is based on the support policy of the operating system on which it is installed. Support for MSXML 5.0 is based on the Microsoft Office lifecycle policy.
简单来说, 远端的主机包含了一个或者多个MSXML 或者XML 核心服务组件不支持的版本。 由于版本的不支持, 导致供应商没有新的安全更新包的提供, 结果很有可能造成了安全漏洞问题。
值得注意的是对于MSXML3.0 和6.0 的支持是基于可支持的操作系统前提下。MSXML5.0 是基于微软Office 产品的生命周期。
参照Nessus 发布的插件补丁的输出:
Solution
Upgrade the software packages responsible for the unsupported DLL versions or upgrade to a supported version of Windows (Vista / 2008 or later). Alternatively, uninstall the outdated MSXML or XML Core Services.
对于这一类问题的解决方案就是升级插件的版本,要不就是尝试卸载掉受漏洞影响的MSXML或者XML 核心服务组件,就可以解决因此带来的安全缺陷问题。
标签:XML,Core,MSXML,Vulnerability,Services,support,Microsoft From: https://blog.51cto.com/u_2660957/6149589