Vulnerability Remediation for msxml4.dll in vCenter VUM 5.5


vCenter 5.5

Update Manager 5.5

Esxi 5.5

We have a client that has vCenter 5.5  installed using VUM (Yes I understand unsupported). I have seen in another question but no definitive answer hence my question as to  the issue relating to the fact that version 4 of Microsoft's XML Parser engine (DLL) is no longer supported and needs to be removed / unregistered.

The vCenter server  has both msxml3.dll and msxml6.dll installed with the CLSID pointing to msxml3.dll.  On the post which I found referenced here: https://kb.vmware.com/s/article/2113837 it states that there were issues with upgrading to version 6 which and the download process for VUM.

My question is this: Is the vSphere vCenter client and COM written application (C++) or is it .NET written in C# and therefore uses different .NET assemblies and not COM?

I want to disable the version 4 by doing an unregister of the DLL via:  regsvr32 /u msxml4.dll and also rename the file but I do not want to break the functionality of VUM. If version 6 msxml6.dll is already installed on the server will version 5.5 VUM work with this or does it require msxml4.dll specifically?


0 Kudos
1 Reply

The vSphere Client is written in C# and doesn't use COM (to my knowledge). The prudent thing to do here is not manually unregister the DLL and patch the issue, but to do as the KB says and upgrade wholesale the vCenter Server or, better still, get to 6.0. If do not do so, you run the risk of putting your customer in a precarious position that may cause future upgrades to fail for strange and difficult-to-troubleshoot reasons.

0 Kudos