  |
| Sie sind hier: Microsoft Security Bulletins |
Es waren bisher 6065407 Besucher hier. |
 |
Sehr geehrte User, Sie können hier für die WinTipps 2001 in verschiedenen Toplisten voten...
|
Microsoft Security Bulletins |
|
|
|
|
Bulletin
MS04-010
Datum:
09.03.2004
|
Vulnerability in MSN Messenger Could Allow Information Disclosure (838512)
Version: 1.0
Summary
Who should read this document:
Customers who are using Microsoft® MSN Messenger
Impact of vulnerability:
Information Disclosure
Maximum Severity Rating:
Moderate
Recommendation:
Customers should consider applying the security update.
Security Update Replacement:
None
Caveats:
None
Tested Software and Security Update Download Locations:
Affected Software:
? Microsoft MSN Messenger 6.0
? Microsoft MSN Messenger 6.1
Non Affected Software:
? Windows Messenger (All versions)
The software listed above has been tested to determine if the versions are affected. Other versions either no longer include security patch support or may not be affected. Please review the Microsoft Support Lifecycle Web site to determine the support lifecycle for your product and version.
Technical Details
Technical description:
A security vulnerability exists in Microsoft MSN Messenger. The vulnerability exists because of the method used by MSN Messenger to handle a file request. An attacker could exploit this vulnerability by sending a specially crafted request to a user running MSN Messenger. If exploited successfully, the attacker could view the contents of a file on the hard drive without the user's knowledge as long as the attacker knew the location of the file and the user had read access to the file.
To exploit this vulnerability, an attacker would have to know the sign-on name of the MSN Messenger user in order to send the request.
Mitigating factors:
? An attacker must know the sign-on name of the user
? If the user has blocked receiving messages from anonymous users not on their contact list by placing "All Others" in their block list, the attacker's messenger account must be on the user's allow list to exploit the vulnerability.
? The attacker could access files that the user had read access to. If the user is logged into the computer with restricted privileges this would limit the files that the attacker could access.
Severity Rating:
Microsoft MSN Messenger 6.0
Moderate
Microsoft MSN Messenger 6.1
Moderate
The above assessment is based on the types of systems that are affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them.
Frequently Asked Questions
What is the scope of the vulnerability?
This is an Information Disclosure vulnerability. An attacker who exploited this vulnerability could view the contents of a file on the hard drive without the user's knowledge if the attacker knew the exact location of the file.
What causes the vulnerability?
A vulnerability results because of the method used by MSN Messenger to handle a file request between two MSN Messenger accounts. The method used to handle the request does not validate certain contents of the request when creating the session.
What is MSN Messenger?
MSN Messenger is an instant messaging program that allows users to send instant messages to each other, or create other peer to peer sessions such as sharing voice, video, or sending files. More information about MSN Messenger can be found at the following Web site.
What is Windows Messenger?
Windows Messenger is also an instant messaging program that allows similar functionality to MSN Messenger. Windows XP comes with Windows Messenger, which remains available even after MSN Messenger 6.1 is installed on a computer. Windows Messenger can connect to the Communications Service and Exchange Instant Messaging, which are only used in corporations. More information about Windows Messenger can be found at the following Web site.
Does the vulnerability apply to Windows Messenger as well?
No - the vulnerability is unique to the method of validating file requests utilized by MSN Messenger.
What is wrong with the way that MSN Messenger handles file requests?
The vulnerability results from the way MSN Messenger validates a file request. It is possible for an attacker to craft a request in such a way that MSN Messenger could allow the request to view a file on the hard drive.
Why does this pose a security vulnerability?
The vulnerability could provide a way for an attacker to view confidential files or view user names or passwords, although the attacker would have no way to edit or change the files.
What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could have read access to any file the user had access to if the attacker knew the location of the file. There would not be any indication to the user that the attacker was attempting to read the files.
Who could exploit the vulnerability?
A user with MSN Messenger and the knowledge of a specific user sign-on name could seek to exploit the vulnerability.
What does the update do?
The update removes the vulnerability by modifying the handling of file requests by MSN Messenger.
Security Update Information
Installation Platforms and Prerequisites:
For information about the specific security update for your platform, click the appropriate link:
MSN Messenger 6.0 or 6.1
Prerequisites
This security update requires Microsoft Windows.
Restart Requirement
This update may require you to restart your computer.
Removal Information
This update cannot be uninstalled.
Verifying Update Installation
To verify that a security update is installed on an affected system, please perform the following steps:
1.
Within MSN Messenger, Click Help, then About.
2.
Check the version number.
If the Version number reads 6.1 (6.1.0211) the update has been successfully installed.
Ihr WinTipps 2001 - Team
|
|
|
|
|
|
Bulletin
MS04-009
Datum:
10.03.2004
|
Vulnerability in Microsoft Outlook Could Allow Code Execution (828040)
Version: 2.1
Summary
Who Should Read This Document:
Customers that are using Microsoft® Office XP and Outlook 2002
Impact of Vulnerability:
Remote Code Execution
Maximum Severity Rating:
Critical
Recommendation:
Customers should apply the update immediately.
Security Update Replacement:
None
Caveats:
None
Tested Software and Security Update Download Locations:
Affected Software
? Microsoft Office XP Service Pack 2
? Microsoft Outlook 2002 Service Pack 2
Note An administrative update is also available; please see the Security Update Information section for more details.
Non Affected Software
? Microsoft Office 2000 Service Pack 3
? Microsoft Office XP Service Pack 3
? Microsoft Office 2003
? Microsoft Outlook 2000 Service Pack 3
? Microsoft Outlook 2002 Service Pack 3
? Microsoft Outlook 2003
The software listed above has been tested to determine if the versions are affected. Other versions either no longer include security patch support or may not be affected. Please review the Microsoft Support Lifecycle Web site to determine the support lifecycle for your product and version.
General Information
Technical details
Technical description:
Subsequent to the release of this bulletin, it was determined that this vulnerability could also affect users who do not have the ?Outlook Today? folder home page as their default home page in Outlook 2002. As a result, Microsoft has re-released this bulletin with a new severity rating of ?critical? to reflect the expanded attack vector. The update released with the original version of this security bulletin is effective in protecting from the vulnerability and users who have applied the update or have installed Office XP Service Pack 3 do not need to take additional action.
In addition, Microsoft is making available an additional ?client update? for customers on the Microsoft Download Center. This additional update does not contain new fixes or functionality, but is instead an additional offering of the update that provides an alternative for customers. More information on the client update is available in the Security Update Information section.
A security vulnerability exists within Outlook 2002 that could allow Internet Explorer to execute script code in the Local Machine zone on an affected system. The parsing of specially crafted mailto URLs by Outlook 2002 causes this vulnerability. To exploit this vulnerability, an attacker would have to host a malicious Web site that contained a Web page designed to exploit the vulnerability and then persuade a user to view the Web page.
The attacker could also create an HTML e-mail message designed to exploit the vulnerability and persuade the user to view the HTML e-mail message. After the user has visited the malicious Web site or viewed the malicious HTML e-mail message an attacker who successfully exploited this vulnerability could access files on a user's system or run arbitrary code on a user's system. This code would run in the security context of the currently logged-on user. Outlook 2002 is available as a separate product and is also included as part of Office XP.
Mitigating factors:
? Users who read e-mail messages in plain text format in are at less risk from the HTML e-mail attack vector as they would need to click on a link in an e-mail message to be affected.
? If an attacker exploited this vulnerability, the attacker would gain only the same privileges as the user. Users whose accounts are configured to have few privileges on the system would be at less risk than users who operate with administrative privileges.
Severity Rating:
Microsoft Office XP
Critical
Microsoft Outlook 2002
Critical
The above assessment is based on the types of systems that are affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them.
Workarounds
Microsoft has tested the following workarounds. These workarounds will not correct the underlying vulnerability. However, they help block known attack vectors. Workarounds may reduce functionality in some cases; in such cases, the reduction in functionality is identified below.
Do not use the "Outlook Today" folder home page in Outlook 2002
You can help protect against this vulnerability by turning off the ?Outlook today? folder home page in Outlook 2002.
1.
In the ?Folder List? window of Outlook, right-click on ?Outlook Today? or ?Mailbox ? [User Name]?
2.
Select Properties for ?Outlook Today? or ?Mailbox ? [User Name]?
3.
Select ?Home Page? tab
4.
Uncheck ?Show home page by default for this folder?
5.
Repeat for all other ?Folder List? items labeled ?Outlook Today? or ?Mailbox ? [User Name]?
Impact of Workaround:
The "Outlook Today" folder home page would no longer be available.
If you are using Outlook 2002 or Outlook Express 6.0 SP1 or later, read e-mail messages in plain text format to help protect yourself from the HTML e-mail attack vector
Microsoft Outlook 2002 users who have applied Service Pack 1 or later and Outlook Express 6.0 users who have applied Service Pack 1 or later can enable a feature that will enable them to view all non-digitally-signed e-mail messages or non-encrypted e-mail messages in plain text only.
Digitally-signed e-mail messages and encrypted e-mail messages are not affected by the setting and may be read in their original formats.
See Microsoft Knowledge Base Article 307594 for information about how to enable this setting in Outlook 2002.
See Microsoft Knowledge Base Article 291387for information about how to enable this setting in Outlook Express 6.0
Impact of Workaround:
E-mail that is viewed in plain text format cannot contain pictures, specialized fonts, animations, or other rich content. Additionally:
? The changes are applied to the preview pane and to open messages.
? Pictures become attachments to avoid loss of message content.
? Because the message is still in Rich Text Format or in HTML format in the store, the object model (custom code solutions) may behave unexpectedly because the message is still in Rich Text Format or in HTML format in the mail store.
Frequently asked questions
Why is Microsoft re-issuing this bulletin
Subsequent to the release of this bulletin, it was determined that this vulnerability could also affect users who do not have the ?Outlook Today? folder home page as their default home page in Outlook 2002. As a result, Microsoft has re-released this bulletin with a new severity rating of ?critical? to reflect the expanded attack vector. The update released with the original version of this security bulletin is effective in protecting from the vulnerability and users who have applied the update or have installed Office XP Service Pack 3 do not need to take additional action.
In addition, Microsoft is making available an additional ?client update? for customers on the Microsoft Download Center. This additional update does not contain new fixes or functionality, but is instead an additional offering of the update that provides an alternative for customers. More information on the client update is available in the Security Update Information section.
What is the scope of the vulnerability?
A privilege elevation vulnerability exists within Outlook 2002, and its handling of mailto URLs, that could allow Internet Explorer to execute script in the Local Machine Zone on an affected system. Outlook 2002 is available as a separate product and is also included as part of Office XP. An attacker who successfully exploited this vulnerability could access files on a user's system or run arbitrary code on a user's system.
What causes the vulnerability?
The vulnerability is caused by the way a mailto URL is interpreted by Outlook 2002. By creating a specially formatted mailto URL it is possible to get Outlook 2002 to interpret the URL in a manner that could allow code execution.
What is a mailto URL?
The mailto URL scheme is defined in RFC 2368. The RFC states that "The mailto URL scheme is used to designate the Internet mailing address of an individual or service. In its simplest form, a mailto URL contains an Internet mail address. For greater functionality, because interaction with some resources may require message headers or message bodies to be specified as well as the mail address, the mailto URL scheme is extended to allow setting mail header fields and the message body."
What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could cause Internet Explorer to execute script in the Local Machine Zone on an affected system. An attacker who exploited this vulnerability could access files on a user's system or run arbitrary code on a user's system.
How could an attacker exploit this vulnerability?
To exploit this vulnerability, an attacker would have to host a malicious Web site that contained a Web page designed to exploit the vulnerability and then persuade a user to view the Web page. The attacker could also create an HTML e-mail message designed to exploit the vulnerability and persuade the user to view the HTML e-mail message.
What systems are primarily at risk from the vulnerability?
Users who use Outlook 2002 as their default e-mail client are primarily at risk from this vulnerability.
Is Office 2000 or Office 2003 affected by this vulnerability?
No. These versions have tested and have been found to not be affected by this vulnerability.
Are any versions of Outlook Express affected by this vulnerability?
No. However, if Outlook 2002 is configured as the default e-mail reader on that system, reading a malicious HTML e-mail message with any version of Outlook Express could allow the malformed mailto URL to be passed to Outlook 2002. For Outlook Express 6 Service Pack 1 or greater, reading e-mail message in plain text can be used as a work around for this type of attack. For more information please see the Workarounds section in this document.
What does the update do?
The update modifies the way that the mailto URL is processed by Outlook 2002.
Security Update Information
Installation Platforms and Prerequisites:
For information about the specific security update for your platform, click the appropriate link:
Outlook 2002 available separately and as a component of Office XP
Note This update as well as many other updates to Office XP is included in Office XP Service Pack 3. Customers are encouraged to install Office XP Service Pack 3 at the earliest available opportunity.
Prerequisites Client Update
Important Before you install this update, make sure that the following requirements have been met:
? Microsoft Windows Installer 2.0
? Before you install this update, you must install Windows Installer 2.0 or later. For additional information about this requirement, see the "Windows Installer Update Requirements" section of this bulletin.
? Office XP Service Pack 2 (SP-2)
? Before you install this update, install Office XP SP-2. For additional information about how to install Office XP Service Pack 2, click the following article number to view the article in the Microsoft Knowledge Base:
325671 OFFXP: Overview of the Office XP Service Pack 2
Inclusion in service packs:
This update issue is included in Office XP Service Pack 3.
Installation Information Client
This security update supports the following Setup switches:
These switches do not work with all update files. If a switch does not work, the functionality is necessary for that package.
/q Specifies quiet mode, or suppresses prompts, when files are being extracted.
/q:u Specifies user-quiet mode, which presents some dialog boxes to the user.
/q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user.
/t:path Specifies the target folder for extracting files.
/c Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder.
/c:path Specifies the path and name of the Setup .inf or .exe file.
/r:n Never restarts the computer after installation.
/r:i Prompts the user to restart the computer if a restart is required, except when used with /q:a.
/r:a Always restarts the computer after installation.
/r:s Restarts the computer after installation without prompting the user.
/n:v No version checking - Install the program over any previous version.
Note The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.
For more information, see the Internet Explorer Administration Kit (IEAK).
If you installed Outlook or Office from a CD-ROM:
? Install only the Microsoft Outlook 2002 Security Update: KB828040 by following the steps described later in this bulletin.
Deployment Information
1.
Download the client version of the Outlook 2002 Security Update
2.
Click Save to save the officexp-kb828040-client-enu.exe file to the selected folder.
3.
In Windows Explorer, double-click officexp-kb828040-client-enu.exe.
4.
If you are prompted to install the update, click Yes.
5.
Click Yes to accept the License Agreement.
6.
Insert your Office XP CD-ROM when you are prompted to do so, and then click OK.
7.
When you receive a message that indicates the installation was successful, click OK.
Note After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove Office XP, and then install it again from the original CD-ROM.
Restart Requirement
No Restart required.
Removal Information
This security update can not be uninstalled.
How to Determine Whether the Update Is Installed
To determine the version of Outlook that is installed on your computer, follow these steps.
Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
1.
Click Start, and then click Search.
2.
In the Search Results pane, click All files and folders under Search Companion.
3.
In the All or part of the file name box, type Outlook.exe, and then click Search.
4.
In the list of files, right-click Outlook.exe, and then click Properties.
5.
On the Version tab, determine the version of Outlook that is installed on your computer.
The English version of the update contains the following files:
File Name Size Date File Version
DLGSETP.DLL
80,440
9/12/2003
10.00.5626.0000
ENVELOPE.DLL
109,128
9/12/2003
10.00.4817.0000
EXCHCSP.DLL
253,952
9/12/2003
10.00.5328.0000
EXSEC32.DLL
346,696
9/12/2003
10.00.4907.0000
IMPMAIL.DLL
137,800
9/12/2003
10.00.4406.0000
OUTLCM.DLL
543,288
9/12/2003
10.00.5424.0000
OUTLCTL.DLL
100,936
9/12/2003
10.00.5112.0000
OUTLLIB.DLL
6,322,744
9/12/2003
10.00.5709.0000
OUTLMIME.DLL
92,744
9/12/2003
10.00.4608.0000
OUTLOOK.EXE
47,672
9/12/2003
10.00.5709.0000
OUTLPH.DLL
121,400
9/12/2003
10.00.5703.0000
RECALL.DLL
47,688
9/12/2003
10.00.4721.0000
Prerequisites Administrative Update
Windows Installer Update Requirements
To install the update that is described in this bulletin requires Windows Installer 2.0 or later. Both Microsoft Windows XP and Microsoft Windows 2000 Service Pack 3 (SP3) include Windows Installer 2.0 or later. To install the latest version of the Windows Installer, visit one of the following Microsoft Web sites.
? Windows Installer for Microsoft Windows 95, Microsoft Windows 98, and Microsoft Windows Millennium Edition (Me)
? Windows Installer for Microsoft Windows NT 4.0 and Windows 2000
Inclusion in service packs:
This update issue is included in Office XP Service Pack 3.
Installation Information for the Update
If you installed your Office XP product from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.
1.
Download the administrative version of the Outlook 2002 Security Update.
2.
Click Save to save the officexp-kb828040-fullfile-enu.exe file to the selected folder.
3.
In Windows Explorer, double-click officexp-kb828040-fullfile-enu.exe.
4.
If you are prompted to install the update, click Yes.
5.
Click Yes to accept the License Agreement.
6.
In the Type the location where you want to place the extracted files box, type c:kb828040, and then click OK.
7.
Click Yes when you are prompted to create the folder.
8.
If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box
msiexec /a Admin PathMSI File /p C:kb828040MSP File SHORTFILENAMES=TRUE
where Admin Path is the path to your administrative installation point for Office XP (for example, C:OfficeXP), MSI File is the .msi database package for the Office XP product (for example, Proplus.msi), and MSP File is the name of the administrative update (for example, OUTLOOKff.msp).
Note: You can append /qb+ to the command line so that the Office XP Administrative Installation dialog box and the End User License Agreement dialog box do not appear.
Deployment Information
To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box
msiexec /i Admin PathMSI File REINSTALL=Feature List REINSTALLMODE=vomu
where Admin Path is the path to your administrative installation point for Office XP (for example, C:OfficeXP), MSI File is the MSI database package for the Office XP product (for example, Proplus.msi), and Feature List is the list of feature names (case sensitive) that have to be reinstalled for the update. To install all features, you can use REINSTALL=ALL, or you can install the following feature(s):
OUTLOOKNonBootFiles, OUTLOOKFiles
For additional information about how to update your administrative installation and deploy to client workstations, click the following article number to view the article in the Microsoft Knowledge Base:
301348 OFFXP: How to Install a Public Update to an Administrative Installation
Restart Requirement
No Restart required.
Removal Information
This security update can not be uninstalled.
File Information
The English version of this update has the file attributes (or later) that are listed in the following table.
File Name Size Date File Version
DLGSETP.DLL
80,440
9/12/2003
10.00.5626.0000
ENVELOPE.DLL
109,128
9/12/2003
10.00.4817.0000
EXCHCSP.DLL
253,952
9/12/2003
10.00.5328.0000
EXSEC32.DLL
346,696
9/12/2003
10.00.4907.0000
IMPMAIL.DLL
137,800
9/12/2003
10.00.4406.0000
OUTLCM.DLL
543,288
9/12/2003
10.00.5424.0000
OUTLCTL.DLL
100,936
9/12/2003
10.00.5112.0000
OUTLLIB.DLL
6,322,744
9/12/2003
10.00.5709.0000
OUTLMIME.DLL
92,744
9/12/2003
10.00.4608.0000
OUTLOOK.EXE
47,672
9/12/2003
10.00.5709.0000
OUTLPH.DLL
121,400
9/12/2003
10.00.5703.0000
RECALL.DLL
47,688
9/12/2003
10.00.4721.0000
To determine the version of Outlook that is installed on your computer, follow these steps.
Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
1.
Click Start, and then click Search.
2.
In the Search Results pane, click All files and folders under Search Companion.
3.
In the All or part of the file name box, type Outlook.exe, and then click Search.
4.
In the list of files, right-click Outlook.exe, and then click Properties.
5.
On the Version tab, determine the version of Outlook that is installed on your computer.
For additional information about how to determine the version of Outlook 2002 on your computer, click the following article number to view the article in the Microsoft Knowledge Base:
291331 HOW TO: Check the Version of Office XP
Note: If the Outlook 2002 Security Update: KB828040 is already installed on your computer, you receive the following error message when you try to install Outlook 2002 Security Update: KB828040:
This update has already been applied or is included in an update that has already been applied.
Ihr WinTipps 2001 - Team
|
|
|
|
|
|
Bulletin
MS04-008
Datum:
09.03.2004
|
Vulnerability in Windows Media Services Could Allow a Denial of Service (832359)
Version: 1.0
Summary
Who Should Read This Document:
Customers who are using Microsoft® Windows® 2000
Impact of Vulnerability:
Denial of Service
Maximum Severity Rating:
Moderate
Recommendation:
Systems administrators should consider applying the security update to systems that are running Windows 2000 Server and that have Windows Media Services 4.1 installed.
Security Update Replacement:
None
Caveats:
None
Tested Software and Security Update Download Locations:
Affected Software
? Microsoft Windows 2000 Server Service Pack 2, Microsoft Windows 2000 Server Service Pack 3, Microsoft Windows 2000 Server Service Pack 4
Non Affected Software
? Microsoft Windows NT® Workstation 4.0 Service Pack 6a
? Microsoft Windows NT Server 4.0 Service Pack 6a
? Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
? Microsoft Windows 2000 Professional Service Pack 2, Microsoft Windows 2000 Professional Service Pack 3, Microsoft 2000 Professional Service Pack 4
? Microsoft Windows XP, Microsoft Windows XP Service Pack 1
? Microsoft Windows XP 64-Bit Edition Service Pack 1
? Microsoft Windows XP 64-Bit Edition Version 2003
? Microsoft Windows Server? 2003
? Microsoft Windows Server 2003 64-Bit Edition
Tested Microsoft Windows Components:
Affected Components:
? Windows Media Services 4.1 (included with Microsoft Windows 2000 Server)
Non Affected Components:
? Windows Media Services 9.0 Series (included with Microsoft Windows Server 2003)
? Windows Media Services 4.1 (available for download for Windows NT4 Server)
The software listed above has been tested to determine if the versions are affected. Other versions either no longer include security patch support or may not be affected. Please review the Microsoft Support Lifecycle Web site to determine the support lifecycle for your product and version.
General Information
Technical Details
Technical description:
A vulnerability exists because of the way that Windows Media Station Service and Windows Media Monitor Service, components of Windows Media Services, handle TCP/IP connections. If a remote user were to send a specially-crafted sequence of TCP/IP packets to the listening port of either of these services, the service could stop responding to requests and no additional connections could be made. The service must be restarted to regain its functionality.
Windows Media Services is made up of Windows Media Services Administrator and four Windows Media Services components running on a single computer:
By using Windows Media Unicast Service, Windows Media content can be streamed over unicast, using either TCP or UDP as a transport, to Microsoft Windows Media Player or to another Windows Media server.
Windows Media Station Service performs three key functions:
? It arranges one or more streams of content (also known as a "playlist" or "program") for subsequent streaming.
? It multicasts the playlist or program to Windows Media Player or to another Windows Media server.
? It distributes the playlist or program locally to Windows Media Unicast Service for subsequent unicasting to Windows Media Player or to another Windows Media server.
Windows Media Program Service is a dependent service of Windows Media Station Service. Windows Media Program Service helps the server administrator build playlists of Windows Media content using Windows Media Services Administrator and persist those playlists for future use.
Windows Media Monitor Service is the administrative console of Windows Media Services.
Note Windows Media Unicast Service may also be affected by a successful attack against Windows Media Station Service if Windows Media Unicast Service is sourcing a playlist from Windows Media Station Service. In this case, Windows Media Unicast Service could stop functioning when it encounters the next item in the playlist. An administrator can stream media by using Windows Media Unicast Service without a playlist.
Mitigating factors:
? The Windows Media Services component is not installed by default.
? Windows Media Services can be configured to offer streaming media over unicast only and would then not be affected by this vulnerability. This configuration would mean that different media streams from the same server could not be added into a playlist.
? Microsoft recommends that customers enable Windows Media Unicast Service only on Internet-facing sockets and ports and not the other components of Windows Media Services. If this practice is followed, the attack surface would not be exposed to the Internet.
? Customers who administer their Windows Media Services servers directly from the console or through a Terminal Services session are not affected by any successful Denial of Service attempts against Windows Media Monitor Service. Windows Media Monitor Service would not be accessible remotely, only locally.
? If you have disabled Windows Media Station Service and Windows Media Monitor Service, you are not affected by this vulnerability.
Severity Rating:
Microsoft Windows 2000 Server
Moderate
The above assessment is based on the types of systems that are affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them.
Workarounds
Microsoft has tested the following workarounds. These workarounds will not correct the underlying vulnerability. However, they help block known attack vectors. Workarounds may reduce functionality in some cases; in such cases, the reduction in functionality is identified below.
? Block ports 7007 and 7778 at your firewall.
If you do not stream media over TCP to the Internet, you can block TCP port 7007. Also, block port 7778, which is used to administer Windows Media Services through Windows Media Monitor Service. Windows Media Services uses these ports. By blocking these ports at the firewall, you can help prevent systems that are behind the firewall from being attacked by attempts to exploit this vulnerability.
Impact of Workaround: If you block port 7007, you will prevent multicast streams and the enabling of playlists from functioning across the firewall. If you block port 7778, you will prevent administrative functions from functioning across the firewall.
? Administer your Windows Media Services from the console or through a Terminal Services session.
Administer your Windows Media Services servers directly from the console or through a Terminal Services session. If you do this, you will not be affected by any successful denial of service attempts against Windows Media Monitor Service. The reason for this is that the service can still be accessed and used from the desktop of the system that is hosting Windows Media Services even after a successful denial of service attack has been taken place.
Impact of Workaround: None.
? Stop, disable, or remove Windows Media Station Service.
Stop, disable, or remove Windows Media Station Service.
Impact of Workaround: Stopping, disabling, or removing Windows Media Station Service will cause multicast streams or the enabling of playlists to not function.
? Disable or remove Windows Media Monitor Service.
Disable or remove Windows Media Monitor Service.
Impact of Workaround: Disabling or removing Windows Media Monitor Service will prevent the possibility of administering Windows Media Services.
Frequently asked questions
What's the scope of the vulnerability?
This is a denial of service vulnerability. An attacker who successfully exploited the vulnerability could cause Windows Media Station Service or Windows Media Monitor Service running on a system that is running Windows 2000 Server to stop responding to new requests. For Windows Media Station Service, the result would be that the service would not accept any new TCP connections. New requests for media would not be serviced, nor would subsequent items in a playlist be serviced. For of Windows Media Monitor Service, the result would be that the service would not accept any new TCP connections; however, the server administrator could use Terminal Services to log on remotely and administer Windows Media Services.
What causes the vulnerability?
The vulnerability exists because the process by which Windows Media Station Service and Windows Media Monitor Service validate TCP requests could cause both services to stop accepting new connection requests.
What is Windows Media Services?
Windows Media Services is a Windows server component that enables content to be streamed from a Windows Media server to Windows Media clients over the Internet or over an intranet. Clients who receive the content can render, as in play or display, it as it is being received without first downloading the content.
What components are installed on my system when I install Windows Media Services?
Windows Media Services is made up of four Windows services:
? Windows Media Unicast Service. This service provides unicast streaming over the Internet or over an intranet.
? Windows Media Station Service. This service provides multicast streaming. To be able to use multicast streaming, all routers between the server and the client must have multicast enabled.
? Windows Media Program Service. This service provides a sequential program, or playlist, to Windows Media Station Service. Playlists can also be used by Windows Media Unicast Service, which uses features in Windows Media Station Service and Windows Media Program Service to operate.
? Windows Media Monitor Service. This is a helper service to Windows Media Services; it monitors client and server connections and is the service through which Windows Media Services is administered.
What are the unicast and multicast methods of media streaming?
Unicast and multicast media streaming are methods of delivering media content to clients across a network.
Unicast is a file transfer process where a separate copy of the data is sent from the server to each client that requests it.
Multicast is a file transfer process where a single copy of the data is sent, but all clients access that single stream in progress. Multiple copies of data are not sent across the network. For more information about multicast media streaming, see the Multicast Streaming with Windows Media Services 4.1 Web site.
What might the vulnerability allow an attacker to do?
An unauthenticated attacker could send a specially-crafted sequence of TCP/IP packets to the server, which could cause Windows Media Station Service to stop accepting new requests. Windows Media Station Service would still be able to stream media on TCP connections that have already been made, but it would not accept new requests. New requests for media would not be serviced. Requests for the next item in a playlist would also not be serviced because they are essentially new requests.
To recover from this state, an administrator would have to restart the service.
Who could exploit the vulnerability?
An unauthenticated attacker who could connect to Windows Media Station Service or to Windows Media Monitor Service could exploit this vulnerability by causing the services to stop responding to new requests.
What systems are primarily at risk from the vulnerability?
Apply this update to systems that have Windows Media Center Services for Windows 2000 Server installed.
I am running Windows Media Services 4.1 on Windows NT4 Server. Am I affected by this vulnerability?
No. Windows Media Services 4.1 (available for download for Windows NT4 Server) is not affected by this vulnerability.
What does the update do?
The update makes sure that Windows Media Station Service and Windows Media Monitor Service correctly validate TCP requests.
Security Update Information
Installation Platforms and Prerequisites:
For information about the specific security update for your platform, click the appropriate link:
Windows 2000 Server (all versions)
Prerequisites
For Windows 2000 Server, this security update requires Service Pack 2 (SP2), Service Pack 3 (SP3), or Service Pack 4 (SP4).
The software listed above has been tested to determine if the versions are affected. Other versions either no longer include security patch support or may not be affected. Please review the Microsoft Support Lifecycle Web site to determine the support lifecycle for your product and version.
For additional information, click the following article number to view the article in the Microsoft Knowledge Base: 260910 How to Obtain the Latest Windows 2000 Service Pack
Inclusion in Future Service Packs:
The fix for this issue will be included in Windows 2000 Service Pack 5.
Installation Information
This security update supports the following Setup switches:
/help Displays the command line options
Setup Modes
/quiet Use Quiet mode (no user interaction or display)
/passive Unattended mode (progress bar only)
/uninstall Uninstalls the package
Restart Options
/norestart Do not restart when installation is complete
/forcerestart Restart after installation
Special Options
/l Lists installed Windows hotfixes or update packages
/o Overwrite OEM files without prompting
/n Do not backup files needed for uninstall
/f Force other programs to close when the computer shuts down
Note: You can combine these switches into one command. For backwards compatibility, the security update also supports the Setup switches that are used by the previous version of the setup utility. For additional information about the supported installation switches, please review Knowledge Base Article 262841.
Deployment Information
To install the security update without any user intervention, use the following command at a command prompt for Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, or Windows 2000 Service Pack 4:
WindowsMedia41-KB832359-ENU /passive /quiet
To install the security update without forcing the computer to restart, use the following command at a command prompt for Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, or Windows 2000 Service Pack 4:
WindowsMedia41-KB832359-ENU /norestart
For information about how to deploy this security update with Software Update Services, visit the Software Update Services Web site.
Restart Requirement
In some cases, this update does not require a reboot. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are in use, this update will require a reboot. If this occurs, a message appears that advises you to reboot.
Removal Information
To remove this security update, use the Add/Remove Programs tool in Control Panel.
System administrators can use the Spuninst.exe utility to remove this security update. The Spuninst.exe utility is located in the %Windir%$NTUninstallKB832359$Spuninst folder. The Spuninst.exe utility supports the following Setup switches:
/?: Show the list of installation switches.
/u: Use unattended mode.
/f: Force other programs to quit when the computer shuts down.
/z: Do not restart when the installation is complete.
/q: Use Quiet mode (no user interaction).
File Information
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4
Date Time Version Size File name
------------------------------------------------------
15-Jan-2004 02:51 4.1.0.3934 222,384 Nscm.exe
15-Jan-2004 02:48 4.1.0.3934 31,808 Nspmon.exe
Verifying Update Installation
To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. The Microsoft Baseline Security Analyzer (MBSA) allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations. For additional information about MBSA, please visit the Microsoft Baseline Security Analyzer Web site.
You may also be able to verify the files that this security update installed by reviewing the following registry key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftUpdatesWindows Media ServicesKB832359FileList
Note This registry key may not be not created properly when an administrator or an OEM integrates or slipstreams the 832359 security update into the Windows installation source files.
Ihr WinTipps 2001 - Team
|
|
|
|
|
|
Bulletin
MS04-007
Datum:
10.02.2004
|
ASN.1 Vulnerability Could Allow Code Execution (828028)
Version Number: 1.0
Summary
Who should read this document: Customers who are using Microsoft® Windows®
Impact of vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Systems administrators should apply the update immediately.
Security Update Replacement: None
Caveats: Windows NT 4.0 (Workstation, Server, and Terminal Server Edition) does not install the affected file by default. This file is installed as part of the MS03-041 Windows NT 4.0 security update and other possible non-security-related hotfixes. If the Windows NT 4.0 security update for MS03-041 is not installed, this may not be a required update. To verify if the affected file is installed, search for the file named Msasn1.dll. If this file is present, this security update is required. Windows Update, Software Update Services, and the Microsoft Security Baseline Analyzer will also correctly detect if this update is required.
Tested Software and Security Update Download Locations:
Affected Software:
Microsoft Windows NT® Workstation 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server? 2003
Microsoft Windows Server 2003 64-Bit Edition
Tested Microsoft Windows Components:
Affected Components:
Microsoft ASN.1 Library
The software listed above has been tested to determine if the versions are affected. Other versions either no longer include security update support or may not be affected. Please review the Microsoft Support Lifecycle Web site to determine the support lifecycle for your product and version.
Technical Details
A security vulnerability exists in the Microsoft ASN.1 Library that could allow code execution on an affected system. The vulnerability is caused by an unchecked buffer in the Microsoft ASN.1 Library, which could result in a buffer overflow.
An attacker who successfully exploited this buffer overflow vulnerability could execute code with system privileges on an affected system. The attacker could then take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts with full privileges.
Abstract Syntax Notation 1 (ASN.1) is a data standard that is used by many applications and devices in the technology industry for allowing the normalization and understanding of data across various platforms. More information about ASN.1 can be found in Microsoft Knowledge Base Article 252648.
Mitigating factors:
In the most likely exploitable scenario, an attacker would have to have direct access to the user's network.
Severity Rating:
Microsoft Windows NT 4.0 Critical
Microsoft Windows NT Server 4.0 Terminal Server Edition Critical
Microsoft Windows 2000 Critical
Microsoft Windows XP Critical
Microsoft Windows Server 2003 Critical
The above assessment is based on the types of systems that are affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them.
Vulnerability identifier: CAN-2003-0818
Workarounds
None
Frequently Asked Questions
What is the scope of the vulnerability?
This is a buffer overrun vulnerability. An attacker who successfully exploited this vulnerability could gain complete control over an affected system. An attacker could take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts with full privileges.
What causes the vulnerability?
The vulnerability is caused by an unchecked buffer in the Microsoft ASN.1 Library. If exploited, an attacker could gain system privileges on an affected system.
What is ASN.1?
Abstract Syntax Notation 1 (ASN.1) is a data standard that is used by many applications and devices in the technology industry for allowing the normalization and understanding of data across various platforms. ASN.1 has no direct relationship to any specific standard, encoding method, programming language, or hardware platform. It is simply a language for defining standards. Or in other words, standards are written in ASN.1.
A vulnerability exists in Microsoft's ASN.1 implementation that, if exploited, could allow an attacker to cause code to execute remotely with system privileges on an affected system. More information about ASN.1 can be found in Microsoft Knowledge Base Article 252648.
What might an attacker use the vulnerability to do?
If successfully exploited, the attacker could be able to take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts with full privileges.
How could an attacker exploit this vulnerability?
Because ASN.1 is a standard for many applications and devices, there are many potential attack vectors. To successfully exploit this vulnerability, an attacker must force a computer to decode malformed ASN.1 data. For example, when using authentication protocols based on ASN.1 it could be possible to construct a malformed authentication request that could expose this vulnerability.
What systems are primarily at risk from this vulnerability?
Server systems are at greater risk than client computers because they are more likely to have a server process running that decodes ASN.1 data.
I'm using Windows NT 4.0. How do I know if I need this update?
Windows NT 4.0 (Workstation, Server, and Terminal Server Edition) does not install the affected file by default. This file is installed as part of the MS03-041 Windows NT 4.0 security update and other possible non-security-related hotfixes. If the Windows NT 4.0 security update for MS03-041 is not installed, this may not be a required update. To verify if the affected file is installed, search for the file named Msasn1.dll. If this file is present, this security update is required. Windows Update, Software Update Services, and the Microsoft Security Baseline Analyzer will also correctly detect if this update is required.
What does the update do?
The update removes the vulnerability by modifying the handling of malformed data by the ASN.1 Library.
Security Update Information
Installation Platforms and Prerequisites:
For information about the specific security update for your platform, click the appropriate link.
Windows Server 2003 (all versions)
Prerequisites
This security update requires a released version of Windows Server 2003.
Inclusion in Future Service Packs:
The fix for this issue will be included in Windows Server 2003 Service Pack 1.
Installation Information
This security update supports the following Setup switches:
/help Displays the command line options
Setup Modes
/quiet Quiet mode (no user interaction or display)
/passive Unattended mode (progress bar only)
/uninstall Uninstalls the package
Restart Options
/norestart Do not restart when installation is complete
/forcerestart Restart after installation
Special Options
/l Lists installed Windows hotfixes or update packages
/o Overwrite OEM files without prompting
/n Do not backup files needed for uninstall
/f Force other programs to close when the computer shuts down
Note: You can combine these switches into one command. For backwards compatibility, the security update also supports the Setup switches that are used by the previous version of the setup utility.
Deployment Information
To install the security update without any user intervention, use the following command at a command prompt for Windows Server 2003:
Windowsserver2003-kb828028-x86-enu /passive /quiet
To install the security update without forcing the computer to restart, use the following command at a command prompt for Windows Server 2003:
Windowsserver2003-kb828028-x86-enu /norestart
For information about how to deploy this security update with Software Update Services, visit the Software Update Services Web site.
Restart Requirement
You must restart your computer after you apply this security update.
Removal Information
To remove this update, use the Add or Remove Programs tool in Control Panel.
System administrators can use the Spuninst.exe utility to remove this security update. The Spuninst.exe utility is located in the %Windir%$NTUninstallKB828028$Spuninst folder. The Spuninst.exe utility supports the following Setup switches:
/?: Show the list of installation switches.
/u: Use Unattended mode.
/f: Force other programs to quit when the computer shuts down.
/z: Do not restart when the installation is complete.
/q: Use Quiet mode (no user interaction).
File Information
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, and Windows Server 2003, Datacenter Edition:
Date Time Version Size File Name Folder
23-Oct-2003 00:52 5.2.3790.88 60,928 Msasn1.dll RTMGDR
23-Oct-2003 00:43 5.2.3790.88 60,928 Msasn1.dll RTMQFE
Windows Server 2003, 64-Bit Enterprise Edition and Windows Server 2003, 64-Bit Datacenter Edition:
Date Time Version Size File Name Platform Folder
23-Oct-2003 00:52 5.2.3790.88 160,256 Msasn1.dll IA64 RTMGDR
23-Oct-2003 00:52 5.2.3790.88 60,928 Wmsasn1.dll X86 RTMGDRWOW
23-Oct-2003 00:52 5.2.3790.83 29,696 Wmspatcha.dll X86 RTMGDRWOW
23-Oct-2003 00:51 5.2.3790.88 160,256 Msasn1.dll IA64 RTMQFE
23-Oct-2003 00:43 5.2.3790.88 60,928 Wmsasn1.dll X86 RTMQFEWOW
23-Oct-2003 00:43 5.2.3790.83 29,696 Wmspatcha.dll X86 RTMQFEWOW
Note: When you install this security update on a Windows Server 2003-based computer or on a Windows XP 64-Bit Edition Version 2003-based computer, the installer checks to see if any of the files that are being updated on your computer have previously been updated by a Microsoft hotfix. If you have previously installed a hotfix to update one of these files, the installer copies the RTMQFE files to your computer. Otherwise, the installer copies the RTMGDR files to your computer. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
824994 Description of the Contents of a Windows Server 2003 Product Update Package
Verifying Update Installation
To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. The Microsoft Baseline Security Analyzer (MBSA) allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations. For additional information about MBSA, please visit the Microsoft Baseline Security Analyzer Web site.
You may also be able to verify the files that this security update installed by reviewing the following registry key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftUpdatesWindows Server 2003SP1KB828028Filelist
Note: This registry key may not be not created properly when an administrator or an OEM integrates or slipstreams the 828028 security update into the Windows installation source files.
Windows XP (all versions)
Note: For Windows XP 64-Bit Edition, Version 2003, this security update is the same as the security update for 64-bit versions of Windows Server 2003.
Prerequisites
This security update requires the released version of Windows XP or Windows XP Service Pack 1 (SP1). For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
322389 How to Obtain the Latest Windows XP Service Pack
Inclusion in Future Service Packs:
The fix for this issue will be included in Windows XP Service Pack 2.
Installation Information
This security update supports the following Setup switches:
/help Displays the command line options
Setup Modes
/quiet Quiet mode (no user interaction or display)
/passive Unattended mode (progress bar only)
/uninstall Uninstalls the package
Restart Options
/norestart Do not restart when installation is complete
/forcerestart Restart after installation
Special Options
/l Lists installed Windows hotfixes or update packages
/o Overwrite OEM files without prompting
/n Do not backup files needed for uninstall
/f Force other programs to close when the computer shuts down
Note: You can combine these switches into one command. For backwards compatibility, the security update also supports the Setup switches that are used by the previous version of the setup utility.
Deployment Information
To install the security update without any user intervention, use the following command at a command prompt for Windows XP:
Windowsxp-kb828028-x86-enu /passive /quiet
To install the security update without forcing the computer to restart, use the following command at a command prompt for Windows XP:
Windowsxp-kb828028-x86-enu /norestart
For information about how to deploy this security update with Software Update Services, visit the Software Update Services Web site.
Restart Requirement
You must restart your computer after you apply this security update.
Removal Information
To remove this update, use the Add or Remove Programs tool in Control Panel.
System administrators can use the Spuninst.exe utility to remove this security update. The Spuninst.exe utility is located in the %Windir%$NTUninstallKB828028$Spuninst folder. The Spuninst.exe utility supports the following Setup switches:
/?: Show the list of installation switches.
/u: Use Unattended mode.
/f: Force other programs to quit when the computer shuts down.
/z: Do not restart when the installation is complete.
/q: Use Quiet mode (no user interaction).
File Information
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Windows XP Home Edition, Windows XP Professional, Windows XP Tablet PC Edition, and Windows XP Media Center Edition:
Date Time Version Size File Name Folder
19-Sep-2003 21:21 5.1.2600.119 51,712 Msasn1.dll (pre-sp1)
19-Sep-2003 17:37 5.1.2600.1274 51,712 Msasn1.dll (with sp1)
Windows XP 64-Bit Edition:
Date Time Version Size File Name Platform Folder
19-Sep-2003 17:57 5.1.2600.119 179,200 Msasn1.dll IA64 (pre-sp1)
19-Sep-2003 17:37 5.1.2600.119 51,712 Wmsasn1.dll X86 (pre-sp1)
19-Sep-2003 17:57 5.1.2600.1274 179,200 Msasn1.dll IA64 (with sp1)
19-Sep-2003 17:37 5.1.2600.1274 51,712 Wmsasn1.dll X86 (with sp1)
Note: The Windows XP and Windows XP 64-Bit Edition versions of this security update are packaged as dual-mode packages. Dual-mode packages contain files for both the original version of Windows XP and Windows XP Service Pack 1 (SP1). For additional information about dual-mode packages, click the following article number to view the article in the Microsoft Knowledge Base:
328848 Description of Dual-Mode Hotfix Packages for Windows XP
Windows XP 64-Bit Edition Version 2003:
Date Time Version Size File Name Platform Folder
23-Oct-2003 00:52 5.2.3790.88 160,256 Msasn1.dll IA64 RTMGDR
23-Oct-2003 00:52 5.2.3790.88 60,928 Wmsasn1.dll X86 RTMGDRWOW
23-Oct-2003 00:52 5.2.3790.83 29,696 Wmspatcha.dll X86 RTMGDRWOW
23-Oct-2003 00:51 5.2.3790.88 160,256 Msasn1.dll IA64 RTMQFE
23-Oct-2003 00:43 5.2.3790.88 60,928 Wmsasn1.dll X86 RTMQFEWOW
23-Oct-2003 00:43 5.2.3790.83 29,696 Wmspatcha.dll X86 RTMQFEWOW
Note: When you install the Windows XP 64-Bit Edition Version 2003 security update, the installer checks to see if any of the files that are being updated on your computer have previously been updated by a Microsoft hotfix. If you have previously installed a hotfix to update one of these files, the installer copies the RTMQFE files to your computer. Otherwise, the installer copies the RTMGDR files to your computer. For additional information, click the following article number to view the article in the Microsoft Knowledge Base: 824994 Description of the Contents of a Windows Server 2003 Product Update Package
824994 Description of the Contents of a Windows Server 2003 Product Update Package
Verifying Update Installation
To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. The Microsoft Baseline Security Analyzer (MBSA) allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations. For additional information about MBSA, please visit the Microsoft Baseline Security Analyzer Web site.
You may also be able to verify the files that this security update installed by reviewing the following registry key:
For Windows XP Home Edition SP1; Windows XP Professional SP1; Windows XP 64-Bit Edition SP1; Windows XP Tablet PC Edition; Windows XP Media Center Edition:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftUpdatesWindows XPSP2KB828028Filelist
For Windows XP Home Edition; Windows XP Professional; Windows XP 64-Bit Edition:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftUpdatesWindows XPSP1KB828028Filelist
For Windows XP 64-Bit Edition, Version 2003:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftUpdatesWindows Server 2003SP1KB828028Filelist
Note: This registry key may not be not created properly when an administrator or an OEM integrates or slipstreams the 828028 security update into the Windows installation source files.
Windows 2000 (all versions)
Prerequisites
For Windows 2000 this security update requires Service Pack 2 (SP2), Service Pack 3 (SP3), or Service Pack 4 (SP4).
The software listed above has been tested to determine if the versions are affected. Other versions either no longer include security update support or may not be affected. Please review the Microsoft Support Lifecycle Web site to determine the support lifecycle for your product and version.
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
Inclusion in Future Service Packs:
The fix for this issue will be included in Windows 2000 Service Pack 5.
Installation Information
This security update supports the following Setup switches:
/help Displays the command line options
Setup Modes
/quiet Quiet mode (no user interaction or display)
/passive Unattended mode (progress bar only)
/uninstall Uninstalls the package
Restart Options
/norestart Do not restart when installation is complete
/forcerestart Restart after installation
Special Options
/l Lists installed Windows hotfixes or update packages
/o Overwrite OEM files without prompting
/n Do not backup files needed for uninstall
/f Force other programs to close when the computer shuts down
Note: You can combine these switches into one command. For backwards compatibility, the security update also supports the Setup switches that are used by the previous version of the setup utility.
Deployment Information
To install the security update without any user intervention, use the following command at a command prompt for Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4:
Windows2000-kb828028-x86-enu /passive /quiet
To install the security update without forcing the computer to restart, use the following command at a command line prompt for Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4:
Windows2000-kb828028-x86-enu /norestart
For information about how to deploy this security update with Software Update Services, visit the Software Update Services Web site.
Restart Requirement
You must restart your computer after you apply this security update.
Removal Information
To remove this update, use the Add or Remove Programs tool in Control Panel.
System administrators can use the Spuninst.exe utility to remove this security update. The Spuninst.exe utility is located in the %Windir%$NTUninstallKB828028$Spuninst folder. The Spuninst.exe utility supports the following Setup switches:
/?: Show the list of installation switches.
/u: Use Unattended mode.
/f: Force other programs to quit when the computer shuts down.
/z: Do not restart when the installation is complete.
/q: Use Quiet mode (no user interaction).
File Information
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4:
Date Time Version Size File Name
19-Sep-2003 20:05 5.0.2195.6823 53,520 Msasn1.dll
Verifying Update Installation
To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. The Microsoft Baseline Security Analyzer (MBSA) allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations. For additional information about MBSA, please visit the Microsoft Baseline Security Analyzer Web site.
You may also be able to verify the files that this security update installed by reviewing the following registry key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftUpdatesWindows 2000SP5KB828028Filelist
Note: This registry key may not be not created properly when an administrator or an OEM integrates or slipstreams the 828028 security update into the Windows installation source files.
Windows NT 4.0 (all versions)
Prerequisites
This security update requires Windows NT Workstation 4.0 Service Pack 6a (SP6a), Windows NT Server 4.0 Service Pack 6a (SP6a), or Windows NT Server 4.0 Terminal Server Edition Service Pack 6 (SP6).
The software listed above has been tested to determine if the versions are affected. Other versions either no longer include security update support or may not be affected. Please review the Microsoft Support Lifecycle Web site to determine the support lifecycle for your product and version.
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
152734 How to Obtain the Latest Windows NT 4.0 Service Pack
Installation Information
This security update supports the following Setup switches:
/y: Perform removal (only with /m or /q ).
/f: Force programs to quit during the shutdown process.
/n: Do not create an Uninstall folder.
/z: Do not restart when the update completes.
/q: Use Quiet or Unattended mode with no user interface (this switch is a superset of /m ).
/m: Use Unattended mode with a user interface.
/l: List the installed hotfixes.
/x: Extract the files without running Setup.
Note: You can combine these switches into one command.
Deployment Information
To install the security update without any user intervention, use the following command at a command prompt for Windows NT Server 4.0:
Windowsnt4server-kb828028-x86-enu /q
For Windows NT Server 4.0 Terminal Server Edition:
Windowsnt4terminalserver-kb828028-x86-enu /q
For Windows NT Workstation 4.0:
Windowsnt4workstation-kb828028-x86-enu /q
To install the security update without forcing the computer to restart, use the following command at a command prompt for Windows NT Server 4.0:
Windowsnt4server-kb828028-x86-enu /z
For Windows NT Server 4.0 Terminal Server Edition:
WindowsNT4TerminalServer-KB828028-x86-enu /z
For Windows NT Workstation 4.0:
Windowsnt4workstation-kb828028-x86-enu /z
For information about how to deploy this security update with Software Update Services, visit the Software Update Services Web site.
Restart Requirement
You must restart your computer after you apply this security update.
Removal Information
To remove this update, use the Add or Remove Programs tool in Control Panel.
System administrators can use the Spuninst.exe utility to remove this security update. The Spuninst.exe utility is located in the %Windir%$NTUninstallKB828028$Spuninst folder. The Spuninst.exe utility supports the following Setup switches:
/y: Perform removal (only with /m or /q ).
/f: Force programs to quit during the shutdown process.
/n: Do not create an Uninstall folder.
/z: Do not restart when the update completes.
/q: Use Quiet or Unattended mode with no user interface (this switch is a superset of /m ).
/m: Use Unattended mode with a user interface.
/l: List the installed hotfixes.
File Information
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Windows NT Workstation 4.0, Windows NT Server 4.0:
Date Time Version Size File Name
21-Sep-2003 01:05 5.0.2195.6824 53,520 Msasn1.dll
Windows NT Server 4.0 Terminal Server Edition:
Date Time Version Size File Name
21-Sep-2003 01:05 5.0.2195.6824 53,520 Msasn1.dll
Verifying Update Installation
To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. The Microsoft Baseline Security Analyzer (MBSA) allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations. For additional information about MBSA, please visit the Microsoft Baseline Security Analyzer Web site.
You may also be able to verify the files that this security update installed by reviewing the following registry key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionHotfixKB828028File 1
Note: This registry key may not be not created properly when an administrator or an OEM integrates or slipstreams the 828028 security update into the Windows installation source files.
Ihr WinTipps 2001 - Team
|
|
|
|
|
|
|
|
| |
.::
Security Bulletin-Übersicht
::.
|
|
Seitenanfang
|
