Hello MSXML 4, it's been a long time, nice to see you again. Looks like I'll have the last laugh [insert evil laugh here]
As you can tell, my blog has become a bit of a one-trick pony. I've focused most of my writing time talking about MSXML 4.0 and it now being out of support. For a long time I've felt like I've been 'hoisted by my own petard' when I look at my Nessus and see results (alomst mocking me) saying:
Microsoft XML Parser (MSXML) and XML Core Services Unsupported.
Well today it looks like I have the last laugh as the default installation of EMET blocks msxml4*.dll from loading in Internet Explorer.
EMET is Microsoft's Enhanced Mitigation Experience Toolkit . EMET provides Windows with a number of additional Mitigation Controls, and allows better control of existing Mitigation controls such as DEP and ASLR.
Alongside a number of other controls, installing EMET with the default configuration blocks msxml4*.dll from loading in Internet Explorer.
Now I am comfortable with lowering or accepting the risk rating within Nessus for Un-supported MSXML knowing that I am protected.
1 - https://www.microsoft.com/emet