This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 91%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
I am using MSXML version 6.0 in my Visual studio application. Recently I found some risks of using MSXML6 due to the below vulnerabilities reported in National Vulnerability Database(NVD -https://nvd.nist.gov/) Please refer the below table
| Vulnerabilities | National Vulnerability Database link | Windows version | Windows OS Update | Download link mentioned in Database |
|---|---|---|---|---|
| CVE-2019-1060 (MS XML Remote Code Execution Vulnerability) | https://nvd.nist.gov/vuln/detail/CVE-2019-1060 | Windows 10 for x64-based Systems | KB4520011 | https://catalog.update.microsoft.com/Search.aspx?q=KB4520011 |
| CVE-2019-1057 | https://nvd.nist.gov/vuln/detail/CVE-2014-1816 | Windows 10 for x64-based Systems | KB4512497 | https://catalog.update.microsoft.com/Search.aspx?q=KB4512497 |
| CVE-2019-0795 | https://nvd.nist.gov/vuln/detail/CVE-2013-0007 | Windows 10 for x64-based Systems | KB4493470 | https://catalog.update.microsoft.com/Search.aspx?q=KB4493470 |
| CVE-2013-0006 | https://nvd.nist.gov/vuln/detail/CVE-2013-0006 | Windows 10 for x64-based Systems | KB4493475 | https://catalog.update.microsoft.com/Search.aspx?q=KB4493475 |
From the NVD links, it is mentioned like, the vulnerabilities are solved by Microsoft in Security patch updates. But when I checked the mentioned links, it was not working (say https://catalog.update.microsoft.com/Search.aspx?q=KB4520011 for CVE-2019-1060). So I couldn't figure out the exact MSXML6 patch version in which all the above vulnerabilities are solved. So it would be really appreciable, if anyone share the working valid link of the update or patch version information. Below is my development environment setup:- OS name : Microsoft Windows 10 Enterprise LTSC OS version : 10.0.17763 Build 17763 Compiler : 64-bit Visual studio version : VS 2017 (18.9.28307.222 Release) Thanks in advance.
A family of Microsoft suites of integrated development tools for building applications for Windows, the web, mobile devices and many other platforms. Miscellaneous topics that do not fit into specific categories.
There are many different builds of Windows 10 for x64. The dead link appears to be for the original version of Win 10 that was released in 2015. If you go the the Microsoft link included in the NVD search results you can see all the Windows versions and links to the related security information and updates. For example take a look at https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2019-1060 You would need to pick the update applicable to your build of Win 10. According to https://support.microsoft.com/en-us/topic/windows-10-and-windows-server-2019-update-history-725fc2e1-4443-6831-a5ca-51ff5cbcb059 build 17763 is for Win 10 version 1809.