|
Posted by Stefan Kanthak on May 21, 2007, 5:01 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hmmm.... invalid From: without valid Reply-To:, top posting and omitted
MIME declaration. This scores 3 out of 3.-(
> MSXML4 and MSXML6 are not the same, so while the XML team is working with
> vendors to migrate them to use MSXML6 instead of MSXML4, these binaries are
> not interchangable and unfortunately those vendors currently shipping MSXML4
> cannot/will not completely change things overnight.
Yes, I know this. And I expect every programmer out there to know this too,
especially when releasing their software to the public.
> I have not tried the update you mention myself yet, but if you are saying
> that installing the "xp2k_204_..." driver rolls-back a fully-patched MSXML4
> install on Windows to something undesirable, thats very interesting.
That would be very interesting indeed.
My observation but was/is that an outdated version of just the 2 MSXML4
DLLs are installed into %SystemRoot%\System32\ if you happen to have no
MSXML4 installed before.
I prefer to keep my installations lean and mean, but already three
versions of MSXML snugged in here: MSXML 2.5 comes with Windows 2000 RTM,
MSXML3 comes with the security rollup package and the WindowsUpdateAgent2,
and MSXML5 comes with the Office 2003 viewers.
> If what
> you are saying is that the driver disto installs an MSXML4 that is older
> than the latest one available on Windows Update (like MS06-071), that is not
> a huge surprise;
How about the surprised customers of both MSFT and Matrox when their PCs
become infected due to installation of an outdated and security-flawed
component?
BTW: Matrox does not distribute the redistributable MSXML4 at all, they
just place the two mentioned DLLs (besides the three MSVC[MPR]80.DLL)
into the SYSTEM dir.
> the Xml Core team does not pre-ship updates to vendors
> before releasing them to customers on Windows Update.
Thats no excuse for a third party shipping outdated and even security-flawed
components, especially half a year AFTER these component has been updated.
> Obviously MSXML4
> shouldn't be replaced if the currently-installed version number is greater
> than the one in the Matrox driver distro; the setup util should check the
> version and silently ignore. I'll alert someone to take a look at this patch
> you've mentioned.
As clarified above (and written in the Subject, if you read this very
carefully): the DLLs got installed with no MSXML4 present before, and I'm
quite sure that newer DLLs wont get overwritten since the installer used is
MSI.
> Thanks for the heads up, Alex
Stefan
> > Hi @ll,
> >
> > if you happen to have a Matrox video card and are going to install
> > their just released latest and greatest, WHQL-certified, unified
> > PowerDesk SE driver "xp2k_204_00_179_se_u_whql.exe": this will
> > install the two outdated and long replaced since MSXML4.DLL and
> > MSXML4R.DLL, at least if you dont have MSXML4 already installed.
> >
> > See MSKB 927978/925627 a.k.a MS06-071.
> >
> > To quote the XML team from
> >
<http://blogs.msdn.com/xmlteam/archive/2006/10/23/using-the-right-version-of-msxml-in-internet-explorer.aspx>
> >
> > | MSXML 4.0 was released to the web about 5 years ago, but at this
> > | point has been superseded by MSXML 6.0 and is only intended to
> > | support legacy applications
> >
> > See also:
> >
<http://blogs.msdn.com/xmlteam/archive/2007/03/12/msxml4-is-going-to-be-kill-bit-ed.aspx>
> >
> > How can such $%*@§# pass the WHQL tests?
> >
> > Stefan
> >
>
>
| 
XML site map