Hello @DaisyTian-MSFT.
Thank you for response. The system is new installed and full update over Windows Update. Where is a problem .?
I can not create new folder for IExpress. You can help me .?
Thank you Michal.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
on the server has a problem with "Windows IExpress Untrusted Search Path Vulnerability". Can you help me.? I can't fix it :(
Thx Michal.
Vulnerability
Windows IExpress Untrusted Search Path Vulnerability
This host has IExpress bundled with Microsoft Windows and is prone to an untrusted search path vulnerability.
Detection Result
Fixed version: Workaround
File checked: C:\Windows\system32\IEXPRESS.EXE
File version: 11.0.14393.2007
Hello @DaisyTian-MSFT.
Thank you for response. The system is new installed and full update over Windows Update. Where is a problem .?
I can not create new folder for IExpress. You can help me .?
Thank you Michal.
Hello @Michal Dejmek ,
Thank you for posting here.
After a lot of my research, here are the similar cases on other third-part forum.
Windows IExpress Untrusted Search Path Vulnerability
https://www.mageni.net/vulnerability/windows-iexpress-untrusted-search-path-vulnerability-813808
Self-Extracting Archive files created by IExpress may insecurely load Dynamic Link Libraries
http://jvn.jp/en/jp/JVN72748502/index.html
It seems a behavior by design.
And here is the workaround based on the similar cases.
As a workaround save self-extracting archive files into a newly created directory, and confirm there are no unrelated files in the directory and make sure there are no suspicious files in the directory where self-extracting archive files are saved.
Other reference
IExpress vulnerability… miscategorized?
https://community.greenbone.net/t/iexpress-vulnerability-miscategorized/2536
Hope the information above is helpful.
Should you have any question or concern, please feel free to let us know.
Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
Best Regards,
Dasiy Zhou