I am using MSXML version 6.0 in my Visual studio application.Recently I found some risks of using MSXML6 due to the below vulnerabilities reported in National Vulnerability Database(NVD - [email protected]).
Please refer the below table
| Vulnerabilities | Windows version | Windows OS Update | Download link mentioned in Database |
|---|---|---|---|
| CVE-2019-1060 (MS XML Remote Code Execution Vulnerability) | Windows 10 for x64-based Systems | KB4520011 | https://catalog.update.microsoft.com/Search.aspx?q=KB4520011 |
| CVE-2019-1057 | Windows 10 for x64-based Systems | KB4512497 | https://catalog.update.microsoft.com/Search.aspx?q=KB4512497 |
| CVE-2019-0795 | Windows 10 for x64-based Systems | KB4493470 | https://catalog.update.microsoft.com/Search.aspx?q=KB4493470 |
| CVE-2013-0006 | Windows 10 for x64-based Systems | KB4493475 | https://catalog.update.microsoft.com/Search.aspx?q=KB4493475 |
It is mentioned in the NVD, the vulnerabilities are solved by Microsoft in Security patch updates.
But when I checked the mentioned links, it was not working (say https://catalog.update.microsoft.com/Search.aspx?q=KB4520011 for CVE-2019-1060)
So I couldn't figure out the exact MSXML6 patch version in which all the above vulnerabilities are solved.
So it would be really appreciable, if anyone share the working valid link of the update or patch version information.
Below is my development environment setup:-
- OS name :Microsoft Windows 10 Enterprise LTSC
- OS version :10.0.17763 Build 17763
- Compiler : 64-bit
- Visual studio version : VS 2017 (18.9.28307.222 Release)
Thanks in advance.