I installed the Secunia PSI, a GREAT FREE program, and on W7 beta 1 it shows that two core XML services are vulnerable:Version Detected:4.20.9818.0Installation Path:c:\Windows\SysWOW64\msxml4.dlland:Version Detected:4.20.9818.0Installation Path:c:\Windows\System32\msxml4.dllWindows Update did not install updated versions. I went to the direct download page and installed the update myself, and now the scan comes up clean. Seems like Windows Update does not detect the old version and offer the update.http://www.microsoft.com/downloads/details.aspx?FamilyId=96a4413c-5261-4f69-83d0-932c430abd14&displaylang=en

YngDiego777 said: I installed the Secunia PSI, a GREAT FREE program, and on W7 beta 1 it shows that two core XML services are vulnerable:Version Detected:4.20.9818.0Installation Path:c:\Windows\SysWOW64\msxml4.dlland:Version Detected:4.20.9818.0Installation Path:c:\Windows\System32\msxml4.dllWindows Update did not install updated versions. I went to the direct download page and installed the update myself, and now the scan comes up clean. Seems like Windows Update does not detect the old version and offer the update.http://www.microsoft.com/downloads/details.aspx?FamilyId=96a4413c-5261-4f69-83d0-932c430abd14&displaylang=enInteresting. Since MSXML 4 SP2 is not native to Win 7, what was the reason for installing it ?Windows Update should detect the lower version and prompt one to install KB954430.Are both files now at V. 4.20.9870.0 ?MowGreen MVP Data Center Management - Update Services Consumer Security

I didn't manually install it, I guess some software I installed did. But WU didn't detect the old vulnerable version, so I manually performed the updates.

As stated previously, is the Version level of msxml4.dll now at V. 4.20.9870.0 ? Windows Update detection logic *should* have detected the lower Version level and prompted you to install KB954430.Would you please do a Search and see if there are any other Versions of msxml4.dll present ?Some printing software installs MSXML. MVP Data Center Management - Update Services Consumer Security

MowGreen said: As stated previously, is the Version level of msxml4.dll now at V. 4.20.9870.0 ? Windows Update detection logic *should* have detected the lower Version level and prompted you to install KB954430.Would you please do a Search and see if there are any other Versions of msxml4.dll present ?Some printing software installs MSXML. MVP Data Center Management - Update Services Consumer Security C:\Windows\SysWOW64\msxml4.dll is now at 4.20.9780.0. The only other versions were in c:\windows\winsxs. One version is 4.1.0.0, another is 4.20.9818 and the last is 4.20.9870. The msxml4.dll in c:\windows\system32 seems to have disappeared.

I take it this is a 64 bit edition then, correct ? If so, then the absence of msxml4.dll in sys32 is correct.Here's some info on WinSxS in Vista that is, AFAIK, still applicable to Win7:What is the WINSXS directory in Windows 2008 and Windows Vista and why is it so large? MowGreen MVP Data Center Management - Update ServicesConsumer Security

The reason why KB954430 was not detected is that only Critical updates are being offered to Win7:http://blogs.technet.com/msrc/archive/2009/01/13/january-2009-monthly-bulletin-release.aspxWe provide security updates for beta versions of Windows through Windows Update for Critical issues only.Since KB954430 is rated as Important for Vista, one assumes it's Important for Win7, too:http://www.microsoft.com/technet/security/bulletin/MS08-069.mspxWindows VistaMicrosoft XML Core Services 6.0(KB954459)Information DisclosureImportant MowGreenMVP Data Center Management - Update Services Consumer Security

Thanks, that explains it.

You're welcome. Actually, the update is classified as Moderate according to the blog article:We know that there might be some questions about the beta version of Windows 7 and todays bulletin. Windows 7 is affected only by the SMB Validation Denial of Service Vulnerability (CVE-2008-4114) and, like Windows Vista and Windows Server 2008, would be rated as Moderate because the vulnerability would require authentication for any attack to succeed. MowGreenMVP Data Center Management - Update Services Consumer Security

You're welcome. Actually, the update is classified as Moderate according to the blog article: We know that there might be some questions about the beta version of Windows 7 and todays bulletin. Windows 7 is affected only by the SMB Validation Denial of Service Vulnerability (CVE-2008-4114) and, like Windows Vista and Windows Server 2008, would be rated as Moderate because the vulnerability would require authentication for any attack to succeed. MowGreen MVP Data Center Management - Update Services Consumer Security

any idea when microsoft will turn on windows update for the RTM of service pack 1?

From: Windows 7 SP1, SP2 and Windows 8 " Microsoft still has to offer users Windows 7 SP1, which it will do sometime between now and the end of March 2011. This, apparently, is the only piece of information that the company is ready to confirm about the general availability of Windows 7 SP1 RTM; that it’s due in Q1 2011. " MowGreen Windows Expert IT Pro - Consumer Security *-343-* FDNY NEVER FORGOTTEN