A recent security scan has identified our Provisioning Server servers and Identity Manager Servers in all environments as vulnerable to MS08-070: Vulnerabilities in Visual Basic 6.0 ActiveX Controls Could Allow Remote Code Execution (932349). Given the fact that no other servers were flagged, it seems to be related to the Provisioning Manager software. In reading the documentation, it is mentioned that Provisioning Manager will be removed from a future release. Therefore, we have a couple of questions. Does Provisioning Manager install the C++ redistributable files as part of its installation? Will it function without them? Finally, will the system work as intended if Provisioning Manager is uninstalled completely?
This is a standalone deployment on Windows 2019 Servers with 14.3 CP3.
The vulnerability report refers specifically to msflxgrd.ocx.