|
|
Microsoft Security Bulletin MS08-067 Critical
Vulnerability in Server Service Could Allow Remote Code
Execution (958644)
Published: October 23, 2008
Version: 1.0
Executive Summary
This security update resolves a privately reported vulnerability in the
Server service. The vulnerability could allow remote code execution if an
affected system received a specially crafted RPC request. On Microsoft
Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker
could exploit this vulnerability without authentication to run arbitrary
code. It is possible that this vulnerability could be used in the crafting
of a wormable exploit. Firewall best practices and standard default
firewall configurations can help protect network resources from attacks
that originate outside the enterprise perimeter.
This security update is rated Critical for all supported editions of
Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated
Important for all supported editions of Windows Vista and Windows Server
2008. For more information, see the subsection, Affected and
Non-Affected Software, in this section.
The security update addresses the vulnerability by correcting the way
that the Server service handles RPC requests. For more information about
the vulnerability, see the Frequently Asked Questions (FAQ) subsection for
the specific vulnerability entry under the next section, Vulnerability
Information.
Recommendation. Microsoft recommends that customers apply
the update immediately.
Known Issues. None
Affected and Non-Affected Software
The following software have been tested to determine which versions or
editions are affected. Other versions or editions are either past their
support life cycle or are not affected. To determine the support life
cycle for your software version or edition, visit Microsoft Support
Lifecycle.
Affected Software
*Windows Server 2008 server core installation affected. For
supported editions of Windows Server 2008, this update applies, with the
same severity rating, whether or not Windows Server 2008 was installed
using the Server Core installation option. For more information on this
installation option, see Server
Core. Note that the Server Core installation option does not apply to
certain editions of Windows Server 2008; see Compare
Server Core Installation Options.
|
|
Frequently Asked Questions (FAQ) Related to This Security
Update
|
Where are the file information details?
The file
information details can be found in Microsoft Knowledge Base
Article 958644.
Is the Windows 7 Pre-Beta release affected by this
vulnerability?
Yes. This vulnerability was reported after the
release of Windows 7 Pre-Beta. Customers running Windows 7 Pre-Beta are
encouraged to download and apply the update to their systems. On Windows 7
Pre-Beta systems, the vulnerable code path is only accessible to
authenticated users. This vulnerability is not liable to be triggered if
the attacker is not authenticated, and therefore would be rated Important.
Security updates are available from Microsoft Update,
Windows Update,
and Office
Update. Security updates are also available from the Microsoft Download
Center. You can find them most easily by doing a keyword search for
"security update."
I am using an older release of the software discussed in this
security bulletin. What should I do?
The affected software
listed in this bulletin have been tested to determine which releases are
affected. Other releases are past their support life cycle. To determine
the support life cycle for your software release, visit Microsoft Support
Lifecycle.
It should be a priority for customers who have older releases of the
software to migrate to supported releases to prevent potential exposure to
vulnerabilities. For more information about the Windows Product Lifecycle,
visit Microsoft
Support Lifecycle. For more information about the extended security
update support period for these software versions or editions, visit Microsoft Product
Support Services.
Customers who require custom support for older releases must contact
their Microsoft account team representative, their Technical Account
Manager, or the appropriate Microsoft partner representative for custom
support options. Customers without an Alliance, Premier, or Authorized
Contract can contact their local Microsoft sales office. For contact
information, visit Microsoft Worldwide
Information, select the country, and then click Go to see a
list of telephone numbers. When you call, ask to speak with the local
Premier Support sales manager. For more information, see the Windows Operating
System Product Support Lifecycle FAQ.
|
|
Severity Ratings and Vulnerability Identifiers
|
|
Microsoft Windows 2000 Service Pack 4 |
Critical
Remote Code Execution |
Critical |
|
Windows XP Service Pack 2 and Windows XP Service
Pack 3 |
Critical
Remote Code Execution |
Critical |
|
Windows XP Professional x64 Edition and Windows
XP Professional x64 Edition Service Pack 2 |
Critical
Remote Code Execution |
Critical |
|
Windows Server 2003 Service Pack 1 and Windows
Server 2003 Service Pack 2 |
Critical
Remote Code Execution |
Critical |
|
Windows Server 2003 x64 Edition and Windows
Server 2003 x64 Edition Service Pack 2 |
Critical
Remote Code Execution |
Critical |
|
Windows Server 2003 with SP1 for Itanium-based
Systems and Windows Server 2003 with SP2 for Itanium-based
Systems |
Critical
Remote Code Execution |
Critical |
|
Windows Vista and Windows Vista Service Pack
1 |
Important
Remote Code Execution |
Important |
|
Windows Vista x64 Edition and Windows Vista x64
Edition Service Pack 1 |
Important
Remote Code Execution |
Important |
|
Windows Server 2008 for 32-bit Systems* |
Important
Remote Code Execution |
Important |
|
Windows Server 2008 for x64-based
Systems* |
Important
Remote Code Execution |
Important |
|
Windows Server 2008 for Itanium-based
Systems |
Important
Remote Code Execution |
Important |
*Windows Server 2008 server core installation affected. For
supported editions of Windows Server 2008, this update applies, with the
same severity rating, whether or not Windows Server 2008 was installed
using the Server Core installation option. For more information on this
installation option, see Server
Core. Note that the Server Core installation option does not apply to
certain editions of Windows Server 2008; see Compare
Server Core Installation Options.
|
|
Server Service Vulnerability - CVE-2008-4250
|
A remote code execution vulnerability exists in the Server service on
Windows systems. The vulnerability is due to the service not properly
handling specially crafted RPC requests. An attacker who successfully
exploited this vulnerability could take complete control of an affected
system.
To view this vulnerability as a standard entry in the Common
Vulnerabilities and Exposures list, see CVE-2008-4250.
|
|
Mitigating Factors for Server Service Vulnerability -
CVE-2008-4250
|
Mitigation refers to a setting, common configuration, or general
best-practice, existing in a default state, that could reduce the severity
of exploitation of a vulnerability. The following mitigating factors may
be helpful in your situation:
| |
Firewall best practices and standard default firewall
configurations can help protect network resources from attacks that
originate outside the enterprise perimeter. Best practices recommend
that systems that are connected to the Internet have a minimal
number of ports exposed. |
| |
On Windows Vista and Windows Server 2008, the vulnerable code
path is only accessible to authenticated users. This vulnerability
is not liable to be triggered if the attacker is not
authenticated. |
|
|
Workarounds for Server Service Vulnerability -
CVE-2008-4250
|
Workaround refers to a setting or configuration change that does not
correct the underlying vulnerability but would help block known attack
vectors before you apply the update. Microsoft has tested the following
workarounds and states in the discussion whether a workaround reduces
functionality:
| |
Disable the Server and Computer Browser services
Disabling the Computer Browser and Server service on the affected
systems will help protect systems from remote attempts to exploit
this vulnerability.
You can disable these services by using the following steps:
|
1. |
Click Start, and then click Control Panel (or
point to Settings and then click Control
Panel). |
|
2. |
Double-click Administrative Tools. |
|
3. |
Double-click Services. |
|
4. |
Double-click Computer Browser Service. |
|
5. |
In the Startup type list, click Disabled. |
|
6. |
Click Stop, and then click OK. |
|
7. |
Repeat steps 4-6 for the Server
service |
Impact of Workaround. If the Computer Browser service is
disabled, any services that explicitly depend on the Computer
Browser service may log an error message in the system event log.
For more information about the Computer Browser service, see Microsoft Knowledge
Base Article 188001. If the Server service is disabled, you will
not be able to share files or printers from your computer. However,
you will still be able to view and use file shares and printer
resources on other systems.
How to undo the workaround. You can enable these services
by using the following steps:
|
1. |
Click Start, and then click Control Panel (or
point to Settings, and then click Control
Panel). |
|
2. |
Double-click Administrative Tools. |
|
3. |
Double-click Services. |
|
4. |
Double-click Computer Browser Service. |
|
5. |
In the Startup type list, click Automatic. |
|
6. |
Click Start, and then click OK. |
|
7. |
Repeat steps 4-6 for the Server
service | |
| |
On Windows Vista and Windows Server 2008, filter
the affected RPC identifier
In addition to blocking ports with the Windows Firewall, the
Windows Vista and Windows Server 2008 editions can selectively
filter RPC Universally Unique Identifiers (UUID). To prevent this
vulnerability, add a rule that blocks all RPC requests with the UUID
equal to 4b324fc8-1670-01d3-1278-5a47bf6ee188. This is accomplished
through the network shell. To access the network shell, run the
following command from an elevated command prompt: netsh
Once in the netsh environment, enter the following commands: netsh>rpc
netsh rpc>filter
netsh rpc filter>add rule layer=um actiontype=block
netsh rpc filter>add condition field=if_uuid matchtype=equal data=4b324fc8-1670-01d3-1278-5a47bf6ee188
netsh rpc filter>add filter
netsh rpc filter>quit
The Filter Key is a randomly generated UUID specific to each
system. To confirm the filter is in place, run the following command
from an elevated command prompt: netsh rpc filter show filter
If the commands are successful, the system displays the following
information:
Listing all RPC Filters.
---------------------------------
filterKey: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
displayData.name: RPCFilter
displayData.description: RPC Filter
filterId: 0x12f79
layerKey: um
weight: Type: FWP_EMPTY Value: Empty
action.type: block
numFilterConditions: 1
Where filterKey:
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx equates
to the randomly generated UUID relevant to your system.
Impact of workaround. Certain applications that rely on
the Microsoft Server Message Block (SMB) Protocol may not function
as intended. However, you will still be able to view and use file
shares and printer resources on other systems.
How to undo the workaround. Run the following command from
an elevated command prompt: netsh rpc filter delete filter xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Where filterKey:
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx equates
to the randomly generated UUID relevant to your system. |
| |
Block TCP ports 139 and 445 at the firewall
These ports are used to initiate a connection with the affected
component. Blocking TCP ports 139 and 445 at the firewall will help
protect systems that are behind that firewall from attempts to
exploit this vulnerability. Microsoft recommends that you block all
unsolicited inbound communication from the Internet to help prevent
attacks that may use other ports. For more information about ports,
see TCP and
UDP Port Assignments.
Impact of workaround. Several Windows services use the
affected ports. Blocking connectivity to the ports may cause various
applications or services to not function. Some of the applications
or services that could be impacted are listed below:
| |
Applications that use SMB (CIFS) |
| |
Applications that use mailslots or named pipes (RPC over
SMB) |
| |
Server (File and Print Sharing) |
| |
Group Policy |
| |
Net Logon |
| |
Distributed File System (DFS) |
| |
Terminal Server Licensing |
| |
Print Spooler |
| |
Computer Browser |
| |
Remote Procedure Call Locator |
| |
Fax Service |
| |
Indexing Service |
| |
Performance Logs and Alerts |
| |
Systems Management Server |
| |
License Logging Service | |
| |
To help protect from network-based attempts to exploit this
vulnerability, use a personal firewall, such as the Internet
Connection Firewall
All supported editions of Windows Vista come with Windows
Firewall, a two-way firewall that is automatically enabled.
For all supported editions of Windows XP and Windows Server 2003,
use the Internet Connection Firewall feature to help protect your
Internet connection by blocking unsolicited incoming traffic.
Microsoft recommends that you block all unsolicited incoming
communication from the Internet. In Windows XP Service Pack 2 and
Windows XP Service Pack 3, this feature is called the Windows
Firewall.
By default, the Windows Firewall feature in Windows XP helps
protect your Internet connection by blocking unsolicited incoming
traffic. We recommend that you block all unsolicited incoming
communication from the Internet.
To enable the Windows Firewall feature by using the Network Setup
Wizard, follow these steps:
|
1. |
Click Start, and then click Control
Panel. |
|
2. |
Double-click Network Connections and then click
Change Windows Firewall Settings. |
|
3. |
On the General tab, ensure that the On
(recommended) value is selected. This will enable the
Windows Firewall. |
|
4. |
Once the Windows Firewall is enabled, select Dont allow
exceptions to prohibit all incoming
traffic. |
For Windows Server 2003 systems, configure Internet Connection
Firewall manually for a connection using the following steps:
|
1. |
Click Start, and then click Control
Panel. |
|
2. |
In the default Category View, click Networking and
Internet Connections, and then click Network
Connections. |
|
3. |
Right-click the connection on which you want to enable
Internet Connection Firewall, and then click
Properties. |
|
4. |
Click the Advanced tab. |
|
5. |
Click to select the Protect my computer or network by
limiting or preventing access to this computer from the
Internet check box, and then click
OK. |
Note If you want to enable certain programs and services
to communicate through the firewall, click Settings on the
Advanced tab, and then select the programs, the protocols,
and the services that are required. |
|
|
FAQ for Server Service Vulnerability - CVE-2008-4250
|
What is the scope of the vulnerability?
This is a
remote code execution vulnerability. An attacker who successfully
exploited this vulnerability could take complete control of an affected
system remotely. On Microsoft Windows 2000, Windows XP, and Windows Server
2003 systems, an attacker could exploit this vulnerability over RPC
without authentication to run arbitrary code. It is possible that this
vulnerability could be used in the crafting of a wormable exploit. If
successfully exploited, an attacker could then install programs or view,
change, or delete data; or create new accounts with full user rights.
What causes the vulnerability?
The vulnerability is
caused by the Windows Server service not properly handling specially
crafted RPC requests.
What is the Server service?
The Server service provides
RPC support, file and print support, and named pipe sharing over the
network. The Server service allows the sharing of your local resources
(such as disks and printers) so that other users on the network can access
them. It also allows named pipe communication between applications running
on other computers and your computer, which is used for RPC.
What is RPC?
Remote Procedure Call (RPC) is a protocol
that a program can use to request a service from a program located on
another computer in a network. RPC helps with interoperability because the
program using RPC does not have to understand the network protocols that
are supporting communication. In RPC, the requesting program is the client
and the service-providing program is the server.
What might an attacker use the vulnerability to do?
An
attacker who successfully exploited this vulnerability could take complete
control of the affected system.
How could an attacker exploit the vulnerability?
An
attacker could try to exploit the vulnerability by sending a specially
crafted message to an affected system. On Microsoft Windows 2000, Windows
XP, and Windows Server 2003 systems, any anonymous user with access to the
target network could deliver a specially crafted network packet to the
affected system in order to exploit this vulnerability. On Windows Vista
and Windows Server 2008 systems, however, only an authenticated user with
access to the target network could deliver a specially crafted network
packet to the affected system in order to exploit this vulnerability.
What systems are primarily at risk from the
vulnerability?
While all workstations and servers are at risk
regarding this issue, systems running Microsoft Windows 2000, Windows XP,
or Windows Server 2003 are primarily at risk due to the unique
characteristics of the vulnerability and affected code path.
What does the update do?
The update addresses the
vulnerability by correcting the manner in which the Server service handles
RPC requests.
When this security bulletin was issued, had Microsoft received any
reports that this vulnerability was being exploited?
Yes.
Microsoft is aware of limited, targeted attacks attempting to exploit the
vulnerability. However, when the security bulletin was released, Microsoft
had not seen any examples of proof of concept code published.
Does applying this security update help protect customers from the
code that attempts to exploit this vulnerability?
Yes. This
security update addresses the vulnerability that is currently being
exploited. The vulnerability that has been addressed has been assigned the
Common Vulnerability and Exposure number CVE-2008-4250.
|
|
Detection and Deployment Tools and Guidance
|
Manage the software and security updates you need to deploy to the
servers, desktop, and mobile systems in your organization. For more
information see the TechNet Update
Management Center. The Microsoft TechNet
Security Web site provides additional information about security in
Microsoft products.
Security updates are available from Microsoft Update,
Windows Update,
and Office
Update. Security updates are also available from the Microsoft Download
Center. You can find them most easily by doing a keyword search for
"security update."
Finally, security updates can be downloaded from the Microsoft Update
Catalog. The Microsoft Update Catalog provides a searchable catalog of
content made available through Windows Update and Microsoft Update,
including security updates, drivers and service packs. By searching using
the security bulletin number (such as, MS07-036), you can add all of the
applicable updates to your basket (including different languages for an
update), and download to the folder of your choosing. For more information
about the Microsoft Update Catalog, see the Microsoft Update
Catalog FAQ.
Detection and Deployment Guidance
Microsoft has provided detection and deployment guidance for this
months security updates. This guidance will also help IT professionals
understand how they can use various tools to help deploy the security
update, such as Windows Update, Microsoft Update, Office Update, the
Microsoft Baseline Security Analyzer (MBSA), the Office Detection Tool,
Microsoft Systems Management Server (SMS), and the Extended Security
Update Inventory Tool. For more information, see Microsoft Knowledge Base
Article 910723.
Microsoft Baseline Security Analyzer
Microsoft Baseline Security Analyzer (MBSA) allows administrators to
scan local and remote systems for missing security updates as well as
common security misconfigurations. For more information about MBSA, visit
Microsoft
Baseline Security Analyzer.
The following table provides the MBSA detection summary for this
security update.
|
Microsoft Windows 2000 Service Pack 4 |
Yes |
|
Windows XP Service Pack 2 and Windows XP Service
Pack 3 |
Yes |
|
Windows XP Professional x64 Edition and Windows
XP Professional x64 Edition Service Pack 2 |
Yes |
|
Windows Server 2003 Service Pack 1 and Windows
Server 2003 Service Pack 2 |
Yes |
|
Windows Server 2003 x64 Edition and Windows
Server 2003 x64 Edition Service Pack 2 |
Yes |
|
Windows Server 2003 with SP1 for Itanium-based
Systems and Windows Server 2003 with SP2 for Itanium-based
Systems |
Yes |
|
Windows Vista and Windows Vista Service Pack
1 |
Yes |
|
Windows Vista x64 Edition and Windows Vista x64
Edition Service Pack 1 |
Yes |
|
Windows Server 2008 for 32-bit Systems |
Yes |
|
Windows Server 2008 for x64-based Systems |
Yes |
|
Windows Server 2008 for Itanium-based
Systems |
Yes |
For more information about MBSA 2.1, see MBSA
2.1 Frequently Asked Questions.
Windows Server Update Services
By using Windows Server Update Services (WSUS), administrators can
deploy the latest critical updates and security updates for Microsoft
Windows 2000 operating systems and later, Office XP and later, Exchange
Server 2003, and SQL Server 2000. For more information about how to deploy
this security update using Windows Server Update Services, visit the Windows Server Update
Services Web site.
Systems Management Server
The following table provides the SMS detection and deployment summary
for this security update.
|
Microsoft Windows 2000 Service Pack 4 |
Yes |
Yes |
Yes |
Yes |
|
Windows XP Service Pack 2 and Windows XP Service
Pack 3 |
Yes |
Yes |
Yes |
Yes |
|
Windows XP Professional x64 Edition and Windows
XP Professional x64 Edition Service Pack 2 |
No |
No |
Yes |
Yes |
|
Windows Server 2003 Service Pack 1 and Windows
Server 2003 Service Pack 2 |
Yes |
Yes |
Yes |
Yes |
|
Windows Server 2003 x64 Edition and Windows
Server 2003 x64 Edition Service Pack 2 |
No |
No |
Yes |
Yes |
|
Windows Server 2003 with SP1 for Itanium-based
Systems and Windows Server 2003 with SP2 for Itanium-based
Systems |
No |
No |
Yes |
Yes |
|
Windows Vista and Windows Vista Service Pack
1 |
No |
No |
See Note for Windows Vista and
Windows Server 2008 below |
Yes |
|
Windows Vista x64 Edition and Windows Vista x64
Edition Service Pack 1 |
No |
No |
See Note for Windows Vista and
Windows Server 2008 below |
Yes |
|
Windows Server 2008 for 32-bit Systems |
No |
No |
See Note for Windows Vista and
Windows Server 2008 below |
Yes |
|
Windows Server 2008 for x64-based Systems |
No |
No |
See Note for Windows Vista and
Windows Server 2008 below |
Yes |
|
Windows Server 2008 for Itanium-based
Systems |
No |
No |
See Note for Windows Vista and
Windows Server 2008 below |
Yes |
For SMS 2.0 and SMS 2003, the SMS SUS Feature Pack (SUSFP), which
includes the Security Update Inventory Tool (SUIT), can be used by SMS to
detect security updates. See also Downloads for
Systems Management Server 2.0.
For SMS 2003, the SMS 2003 Inventory Tool for Microsoft Updates (ITMU)
can be used by SMS to detect security updates that are offered by Microsoft Update
and that are supported by Windows Server Update
Services. For more information about the SMS 2003 ITMU, see SMS 2003
Inventory Tool for Microsoft Updates. SMS 2003 can also use the
Microsoft Office Inventory Tool to detect required updates for Microsoft
Office applications. For more information about the Office Inventory Tool
and other scanning tools, see SMS 2003
Software Update Scanning Tools. See also Downloads for
Systems Management Server 2003.
System Center Configuration Manager 2007 uses WSUS 3.0 for detection of
updates. For more information about Configuration Manager 2007 Software
Update Management, visit System
Center Configuration Manager 2007.
Note for Windows Vista and Windows Server
2008 Microsoft Systems Management Server 2003 with Service Pack 3
includes support for Windows Vista and Windows Server 2008
manageability.
For more information about SMS, visit the SMS Web site.
For more detailed information, see Microsoft Knowledge Base
Article 910723: Summary list of monthly detection and deployment
guidance articles.
Update Compatibility Evaluator and Application Compatibility
Toolkit
Updates often write to the same files and registry settings required
for your applications to run. This can trigger incompatibilities and
increase the time it takes to deploy security updates. You can streamline
testing and validating Windows updates against installed applications with
the Update
Compatibility Evaluator components included with Application
Compatibility Toolkit 5.0.
The Application Compatibility Toolkit (ACT) contains the necessary
tools and documentation to evaluate and mitigate application compatibility
issues before deploying Microsoft Windows Vista, a Windows Update, a
Microsoft Security Update, or a new version of Windows Internet Explorer
in your environment.
|
|
Security Update Deployment
|
Affected Software
For information about the specific security update for your affected
software, click the appropriate link:
|
|
Windows 2000 (all editions)
|
Reference Table
The following table contains the security update information for this
software. You can find additional information in the subsection,
Deployment Information, in this section.
|
Inclusion in Future Service Packs |
The update for this issue may be included in a
future update rollup |
|
Deployment |
|
|
Installing without user intervention |
Microsoft Windows 2000 Service Pack
4:
Windows2000-kb958644-x86-enu /quiet |
|
Installing without restarting |
Microsoft Windows 2000 Service Pack
4:
Windows2000-kb958644-x86-enu /norestart |
|
Update log file |
Microsoft Windows 2000 Service Pack
4:
kb958644.log |
|
Further information |
See the subsection, Detection and Deployment
Tools and Guidance |
|
Restart Requirement |
|
|
Restart required? |
Yes, you must restart your system after you
apply this security update |
|
HotPatching |
Not applicable |
|
Removal Information |
Microsoft Windows 2000 Service Pack 4:
Use
Add or Remove Programs tool in Control Panel or the Spuninst.exe
utility located in the %Windir%\$NTUninstallKB958644$\Spuninst
folder |
|
File Information |
See Microsoft Knowledge
Base Article 958644 |
|
Registry Key Verification |
Microsoft Windows 2000 Service Pack 4:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
2000\SP5\KB958644\Filelist |
Installing the Update
When you install this security update, the installer checks whether one
or more of the files that are being updated on your system have previously
been updated by a Microsoft hotfix.
If you have previously installed a hotfix to update one of these files,
the installer copies the RTMQFE, SP1QFE, or SP2QFE files to your system.
Otherwise, the installer copies the RTMGDR, SP1GDR, or SP2GDR files to
your system. Security updates may not contain all variations of these
files. For more information about this behavior, see Microsoft Knowledge Base
Article 824994.
For more information about the installer, visit the Microsoft TechNet Web
site.
For more information about the terminology that appears in this
bulletin, such as hotfix, see Microsoft Knowledge Base
Article 824684.
This security update supports the following setup switches.
|
/help |
Displays the command-line options. |
|
/passive |
Unattended Setup mode. No user interaction is
required, but installation status is displayed. If a restart is
required at the end of Setup, a dialog box will be presented to the
user with a timer warning that the computer will restart in 30
seconds. |
|
/quiet |
Quiet mode. This is the same as unattended mode,
but no status or error messages are displayed. |
|
/norestart |
Does not restart when installation has
completed. |
|
/forcerestart |
Restarts the computer after installation and
force other applications to close at shutdown without saving open
files first. |
|
/warnrestart[:x] |
Presents a dialog box with a timer warning the
user that the computer will restart in x seconds. (The
default setting is 30 seconds.) Intended for use with the
/quiet switch or the /passive switch. |
|
/promptrestart |
Displays a dialog box prompting the local user
to allow a restart. |
|
/overwriteoem |
Overwrites OEM files without
prompting. |
|
/nobackup |
Does not back up files needed for
uninstall. |
|
/forceappsclose |
Forces other programs to close when the computer
shuts down. |
|
/log:path |
Allows the redirection of installation log
files. |
|
/extract[:path] |
Extracts files without starting the Setup
program. |
|
/ER |
Enables extended error reporting. |
|
/verbose |
Enables verbose logging. During installation,
creates %Windir%\CabBuild.log. This log details the files that are
copied. Using this switch may cause the installation to proceed more
slowly. |
Note You can combine these switches into one command. For
backward compatibility, the security update also supports the setup
switches that the earlier version of the Setup program uses. For more
information about the supported installation switches, see Microsoft Knowledge Base
Article 262841.
Removing the Update
This security update supports the following setup switches.
|
/help |
Displays the command-line options. |
|
/passive |
Unattended Setup mode. No user interaction is
required, but installation status is displayed. If a restart is
required at the end of Setup, a dialog box will be presented to the
user with a timer warning that the computer will restart in 30
seconds. |
|
/quiet |
Quiet mode. This is the same as unattended mode,
but no status or error messages are displayed. |
|
/norestart |
Does not restart when installation has
completed. |
|
/forcerestart |
Restarts the computer after installation and
force other applications to close at shutdown without saving open
files first. |
|
/warnrestart[:x] |
Presents a dialog box with a timer warning the
user that the computer will restart in x seconds. (The
default setting is 30 seconds.) Intended for use with the
/quiet switch or the /passive switch. |
|
/promptrestart |
Displays a dialog box prompting the local user
to allow a restart. |
|
/forceappsclose |
Forces other programs to close when the computer
shuts down. |
|
/log:path |
Allows the redirection of installation log
files. |
Verifying That the Update Has Been Applied
| |
Microsoft Baseline Security Analyzer
To verify that a security update has been applied to an affected
system, you may be able to use the Microsoft Baseline Security
Analyzer (MBSA) tool. See the section, Detection and Deployment
Tools and Guidance, earlier in this bulletin for more
information. |
| |
File Version Verification
Because there are several editions of Microsoft Windows, the
following steps may be different on your system. If they are, see
your product documentation to complete these steps.
|
1. |
Click Start, and then click Search. |
|
2. |
In the Search Results pane, click All files and
folders under Search Companion. |
|
3. |
In the All or part of the file name box, type a file
name from the appropriate file information table, and then
click Search. |
|
4. |
In the list of files, right-click a file name from the
appropriate file information table, and then click
Properties.
Note Depending on the edition
of the operating system, or the programs that are installed on
your system, some of the files that are listed in the file
information table may not be installed. |
|
5. |
On the Version tab, determine the version of the
file that is installed on your system by comparing it to the
version that is documented in the appropriate file information
table.
Note Attributes other than the file
version may change during installation. Comparing other file
attributes to the information in the file information table is
not a supported method of verifying that the update has been
applied. Also, in certain cases, files may be renamed during
installation. If the file or version information is not
present, use one of the other available methods to verify
update
installation. | |
| |
Registry Key Verification
You may also be able to verify the files that this security
update has installed by reviewing the registry keys listed in the
Reference Table in this section.
These registry keys may not contain a complete list of installed
files. Also, these registry keys may not be created correctly when
an administrator or an OEM integrates or slipstreams this security
update into the Windows installation source
files. |
|
|
Windows XP (all editions)
|
Reference Table
The following table contains the security update information for this
software. You can find additional information in the subsection,
Deployment Information, in this section.
|
Inclusion in Future Service Packs |
The update for this issue will be included in a
future service pack or update rollup |
|
Deployment |
|
|
Installing without user intervention |
Windows XP Service Pack 2 and Windows XP Service
Pack 3:
Windowsxp-kb958644-x86-enu /quiet |
|
|
Windows XP Professional x64 Edition and Windows
XP Professional x64 Edition Service Pack
2:
WindowsServer2003.WindowsXP-kb958644-x64-enu /quiet |
|
Installing without restarting |
Windows XP Service Pack 2 and Windows XP Service
Pack 3:
Windowsxp-kb958644-x86-enu /norestart |
|
|
Windows XP Professional x64 Edition and Windows
XP Professional x64 Edition Service Pack
2:
WindowsServer2003.WindowsXP-kb958644-x64-enu
/norestart |
|
Update log file |
KB958644.log |
|
Further information |
See the subsection, Detection and Deployment
Tools and Guidance |
|
Restart Requirement |
|
|
Restart required? |
Yes, you must restart your system after you
apply this security update |
|
HotPatching |
Not applicable |
|
Removal Information |
Use Add or Remove Programs tool in Control Panel
or the Spuninst.exe utility located in the
%Windir%\$NTUninstallKB958644$\Spuninst folder |
|
File Information |
See Microsoft Knowledge
Base Article 958644 |
|
Registry Key Verification |
Windows XP Service Pack 2 and Windows XP Service
Pack 3:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
XP\SP4\KB958644\Filelist |
|
|
Windows XP Professional x64 Edition and Windows
XP Professional x64 Edition Service Pack
2:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP
Version 2003\SP3\KB958644\Filelist |
Note For supported versions of Windows XP Professional x64
Edition, this security update is the same as supported versions of the
Windows Server 2003 x64 Edition security update.
Installing the Update
When you install this security update, the installer checks whether one
or more of the files that are being updated on your system have previously
been updated by a Microsoft hotfix.
If you have previously installed a hotfix to update one of these files,
the installer copies the RTMQFE, SP1QFE, or SP2QFE files to your system.
Otherwise, the installer copies the RTMGDR, SP1GDR, or SP2GDR files to
your system. Security updates may not contain all variations of these
files. For more information about this behavior, see Microsoft Knowledge Base
Article 824994.
For more information about the installer, visit the Microsoft TechNet Web
site.
For more information about the terminology that appears in this
bulletin, such as hotfix, see Microsoft Knowledge Base
Article 824684.
This security update supports the following setup switches.
|
/help |
Displays the command-line options. |
|
/passive |
Unattended Setup mode. No user interaction is
required, but installation status is displayed. If a restart is
required at the end of Setup, a dialog box will be presented to the
user with a timer warning that the computer will restart in 30
seconds. |
|
/quiet |
Quiet mode. This is the same as unattended mode,
but no status or error messages are displayed. |
|
/norestart |
Does not restart when installation has
completed. |
|
/forcerestart |
Restarts the computer after installation and
force other applications to close at shutdown without saving open
files first. |
|
/warnrestart[:x] |
Presents a dialog box with a timer warning the
user that the computer will restart in x seconds. (The
default setting is 30 seconds.) Intended for use with the
/quiet switch or the /passive switch. |
|
/promptrestart |
Displays a dialog box prompting the local user
to allow a restart. |
|
/overwriteoem |
Overwrites OEM files without
prompting. |
|
/nobackup |
Does not back up files needed for
uninstall. |
|
/forceappsclose |
Forces other programs to close when the computer
shuts down. |
|
/log:path |
Allows the redirection of installation log
files. |
|
/integrate:path |
Integrates the update into the Windows source
files. These files are located at the path that is specified in the
switch. |
|
/extract[:path] |
Extracts files without starting the Setup
program. |
|
/ER |
Enables extended error reporting. |
|
/verbose |
Enables verbose logging. During installation,
creates %Windir%\CabBuild.log. This log details the files that are
copied. Using this switch may cause the installation to proceed more
slowly. |
Note You can combine these switches into one command. For
backward compatibility, the security update also supports the setup
switches that the earlier version of the Setup program uses. For more
information about the supported installation switches, see Microsoft Knowledge Base
Article 262841.
Removing the Update
This security update supports the following setup switches.
|
/help |
Displays the command-line options. |
|
/passive |
Unattended Setup mode. No user interaction is
required, but installation status is displayed. If a restart is
required at the end of Setup, a dialog box will be presented to the
user with a timer warning that the computer will restart in 30
seconds. |
|
/quiet |
Quiet mode. This is the same as unattended mode,
but no status or error messages are displayed. |
|
/norestart |
Does not restart when installation has
completed |
|
/forcerestart |
Restarts the computer after installation and
force other applications to close at shutdown without saving open
files first. |
|
/warnrestart[:x] |
Presents a dialog box with a timer warning the
user that the computer will restart in x seconds. (The
default setting is 30 seconds.) Intended for use with the
/quiet switch or the /passive switch. |
|
/promptrestart |
Displays a dialog box prompting the local user
to allow a restart. |
|
/forceappsclose |
Forces other programs to close when the computer
shuts down. |
|
/log:path |
Allows the redirection of installation log
files. |
Verifying That the Update Has Been Applied
| |
Microsoft Baseline Security Analyzer
To verify that a security update has been applied to an affected
system, you may be able to use the Microsoft Baseline Security
Analyzer (MBSA) tool. See the section, Detection and Deployment
Tools and Guidance, earlier in this bulletin for more
information. |
| |
File Version Verification
Because there are several editions of Microsoft Windows, the
following steps may be different on your system. If they are, see
your product documentation to complete these steps.
|
1. |
Click Start, and then click Search. |
|
2. |
In the Search Results pane, click All files and
folders under Search Companion. |
|
3. |
In the All or part of the file name box, type a file
name from the appropriate file information table, and then
click Search. |
|
4. |
In the list of files, right-click a file name from the
appropriate file information table, and then click
Properties.
Note Depending on the edition
of the operating system, or the programs that are installed on
your system, some of the files that are listed in the file
information table may not be installed. |
|
5. |
On the Version tab, determine the version of the
file that is installed on your system by comparing it to the
version that is documented in the appropriate file information
table.
Note Attributes other than the file
version may change during installation. Comparing other file
attributes to the information in the file information table is
not a supported method of verifying that the update has been
applied. Also, in certain cases, files may be renamed during
installation. If the file or version information is not
present, use one of the other available methods to verify
update
installation. | |
| |
Registry Key Verification
You may also be able to verify the files that this security
update has installed by reviewing the registry keys listed in the
Reference Table in this section.
These registry keys may not contain a complete list of installed
files. Also, these registry keys may not be created correctly when
an administrator or an OEM integrates or slipstreams this security
update into the Windows installation source
files. |
|
|
Windows Server 2003 (all editions)
|
Reference Table
The following table contains the security update information for this
software. You can find additional information in the subsection,
Deployment Information, in this section.
|
Inclusion in Future Service Packs |
The update for this issue will be included in a
future service pack or update rollup |
|
Deployment |
|
|
Installing without user intervention |
For all supported 32-bit editions of Windows
Server 2003:
Windowsserver2003-kb958644-x86-enu /quiet |
|
|
For all supported x64-based editions of Windows
Server 2003:
Windowsserver2003.WindowsXP-KB958644-x64-enu
/quiet |
|
|
For all supported Itanium-based editions of
Windows Server 2003:
Windowsserver2003-KB958644-ia64-enu
/quiet |
|
Installing without restarting |
For all supported 32-bit editions of Windows
Server 2003:
Windowsserver2003-kb958644-x86-enu
/norestart |
|
|
For all supported x64-based editions of Windows
Server 2003:
Windowsserver2003.WindowsXP-KB958644-x64-enu
/norestart |
|
|
For all supported Itanium-based editions of
Windows Server 2003:
Windowsserver2003-KB958644-ia64-enu
/norestart |
|
Update log file |
KB958644.log |
|
Further information |
See the subsection, Detection and Deployment
Tools and Guidance |
|
Restart Requirement |
|
|
Restart required? |
Yes, you must restart your system after you
apply this security update. |
|
HotPatching |
This security update does not support
HotPatching. For more information about HotPatching, see Microsoft Knowledge
Base Article 897341. |
|
Removal Information |
Use Add or Remove Programs tool in
Control Panel or the Spuninst.exe utility located in the
%Windir%\$NTUninstallKB958644$\Spuninst folder |
|
File Information |
See Microsoft Knowledge
Base Article 958644 |
|
Registry Key Verification |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
Server 2003\SP3\KB958644\Filelist |
Installing the Update
When you install this security update, the installer checks to see if
one or more of the files that are being updated on your system have
previously been updated by a Microsoft hotfix.
If you have previously installed a hotfix to update one of these files,
the installer copies the RTMQFE, SP1QFE, or SP2QFE files to your system.
Otherwise, the installer copies the RTMGDR, SP1GDR, or SP2GDR files to
your system. Security updates may not contain all variations of these
files. For more information about this behavior, see Microsoft Knowledge Base
Article 824994.
For more information about the installer, visit the Microsoft TechNet Web
site.
For more information about the terminology that appears in this
bulletin, such as hotfix, see Microsoft Knowledge Base
Article 824684.
This security update supports the following setup switches.
|
/help |
Displays the command-line options. |
|
/passive |
Unattended Setup mode. No user interaction is
required, but installation status is displayed. If a restart is
required at the end of Setup, a dialog box will be presented to the
user with a timer warning that the computer will restart in 30
seconds. |
|
/quiet |
Quiet mode. This is the same as unattended mode,
but no status or error messages are displayed. |
|
/norestart |
Does not restart when installation has
completed. |
|
/forcerestart |
Restarts the computer after installation and
force other applications to close at shutdown without saving open
files first. |
|
/warnrestart[:x] |
Presents a dialog box with a timer warning the
user that the computer will restart in x seconds. (The
default setting is 30 seconds.) Intended for use with the
/quiet switch or the /passive switch. |
|
/promptrestart |
Displays a dialog box prompting the local user
to allow a restart. |
|
/overwriteoem |
Overwrites OEM files without
prompting. |
|
/nobackup |
Does not back up files needed for
uninstall. |
|
/forceappsclose |
Forces other programs to close when the computer
shuts down. |
|
/log:path |
Allows the redirection of installation log
files. |
|
/integrate:path |
Integrates the update into the Windows source
files. These files are located at the path that is specified in the
switch. |
|
/extract[:path] |
Extracts files without starting the Setup
program. |
|
/ER |
Enables extended error reporting. |
|
/verbose |
Enables verbose logging. During installation,
creates %Windir%\CabBuild.log. This log details the files that are
copied. Using this switch may cause the installation to proceed more
slowly. |
Note You can combine these switches into one command. For
backward compatibility, the security update also supports many of the
setup switches that the earlier version of the Setup program uses. For
more information about the supported installation switches, see Microsoft Knowledge Base
Article 262841.
Removing the Update
This security update supports the following setup switches.
|
/help |
Displays the command-line options. |
|
/passive |
Unattended Setup mode. No user interaction is
required, but installation status is displayed. If a restart is
required at the end of Setup, a dialog box will be presented to the
user with a timer warning that the computer will restart in 30
seconds. |
|
/quiet |
Quiet mode. This is the same as unattended mode,
but no status or error messages are displayed. |
|
/norestart |
Does not restart when installation has
completed. |
|
/forcerestart |
Restarts the computer after installation and
force other applications to close at shutdown without saving open
files first. |
|
/warnrestart[:x] |
Presents a dialog box with a timer warning the
user that the computer will restart in x seconds. (The
default setting is 30 seconds.) Intended for use with the
/quiet switch or the /passive switch. |
|
/promptrestart |
Displays a dialog box prompting the local user
to allow a restart. |
|
/forceappsclose |
Forces other programs to close when the computer
shuts down. |
|
/log:path |
Allows the redirection of installation log
files. |
Verifying that the Update Has Been Applied
| |
Microsoft Baseline Security Analyzer
To verify that a security update has been applied to an affected
system, you may be able to use the Microsoft Baseline Security
Analyzer (MBSA) tool. See the section, Detection and Deployment
Tools and Guidance, earlier in this bulletin for more
information. |
| |
File Version Verification
Because there are several editions of Microsoft Windows, the
following steps may be different on your system. If they are, see
your product documentation to complete these steps.
|
1. |
Click Start, and then click Search. |
|
2. |
In the Search Results pane, click All files and
folders under Search Companion. |
|
3. |
In the All or part of the file name box, type a file
name from the appropriate file information table, and then
click Search. |
|
4. |
In the list of files, right-click a file name from the
appropriate file information table, and then click
Properties.
Note Depending on the edition
of the operating system, or the programs that are installed on
your system, some of the files that are listed in the file
information table may not be installed. |
|
5. |
On the Version tab, determine the version of the
file that is installed on your system by comparing it to the
version that is documented in the appropriate file information
table.
Note Attributes other than the file
version may change during installation. Comparing other file
attributes to the information in the file information table is
not a supported method of verifying that the update has been
applied. Also, in certain cases, files may be renamed during
installation. If the file or version information is not
present, use one of the other available methods to verify
update
installation. | |
| |
Registry Key Verification
You may also be able to verify the files that this security
update has installed by reviewing the registry keys listed in the
Reference Table in this section.
These registry keys may not contain a complete list of installed
files. Also, these registry keys may not be created correctly when
an administrator or an OEM integrates or slipstreams this security
update into the Windows installation source
files. |
|
|
Windows Vista (all editions)
|
Reference Table
The following table contains the security update information for this
software. You can find additional information in the subsection,
Deployment Information, in this section.
|
Inclusion in Future Service Packs |
The update for this issue will be included in a
future service pack or update rollup |
|
Deployment |
|
|
Installing without user intervention |
For all supported 32-bit editions of Windows
Vista:
Windows6.0-KB958644-x86 /quiet
For all supported
x64-based editions of Windows Vista:
Windows6.0-KB958644-x64
/quiet |
|
Installing without restarting |
For all supported 32-bit editions of Windows
Vista:
Windows6.0-KB958644-x86 /quiet /norestart
For all
supported x64-based editions of Windows
Vista:
Windows6.0-KB958644-x64 /quiet /norestart |
|
Further information |
See the subsection, Detection and Deployment
Tools and Guidance |
|
Restart Requirement |
|
|
Restart required? |
Yes, you must restart your system after you
apply this security update |
|
HotPatching |
Not applicable |
|
Removal Information |
WUSA.exe does not support uninstall of updates.
To uninstall an update installed by WUSA, click Control
Panel, and then click Security. Under Windows Update,
click View installed updates and select from the list of
updates. |
|
File Information |
See Microsoft Knowledge
Base Article 958644 |
|
Registry Key Verification |
Note A registry key does not exist to
validate the presence of this update. |
Installing the Update
When you install this security update, the installer checks whether one
or more of the files that are being updated on your system have previously
been updated by a Microsoft hotfix.
For more information about the terminology that appears in this
bulletin, such as hotfix, see Microsoft Knowledge Base
Article 824684.
This security update supports the following setup switches.
|
/?, /h, /help |
Displays help on supported switches. |
|
/quiet |
Suppresses the display of status or error
messages. |
|
/norestart |
When combined with /quiet, the system
will not be restarted after installation even if a restart is
required to complete installation. |
Note For more information about the wusa.exe installer, see Microsoft Knowledge Base
Article 934307.
Verifying That the Update Has Been Applied
| |
Microsoft Baseline Security Analyzer
To verify that a security update has been applied to an affected
system, you may be able to use the Microsoft Baseline Security
Analyzer (MBSA) tool. See the section, Detection and Deployment
Tools and Guidance, earlier in this bulletin for more
information. |
| |
File Version Verification
Because there are several editions of Microsoft Windows, the
following steps may be different on your system. If they are, see
your product documentation to complete these steps.
|
1. |
Click Start and then enter an update file name in
Start Search. |
|
2. |
When the file appears under Programs, right-click on
the file name and click Properties. |
|
3. |
Under the General tab, compare the file size with
the file information tables provided in the bulletin KB
article. |
|
4. |
You may also click on the Details tab and compare
information, such as file version and date modified, with the
file information tables provided in the bulletin KB
article. |
|
5. |
Finally, you may also click on the Previous Versions
tab and compare file information for the previous version of
the file with the file information for the new, or updated,
version of the
file. | |
|
|
Windows Server 2008 (all editions)
|
Reference Table
The following table contains the security update information for this
software. You can find additional information in the subsection,
Deployment Information, in this section.
|
Inclusion in Future Service Packs |
The update for this issue will be included in a
future service pack or update rollup |
|
Deployment |
|
|
Installing without user intervention |
For all supported 32-bit editions of Windows
Server 2008:
Windows6.0-KB958644-x86 /quiet
For all
supported x64-based editions of Windows Server
2008:
Windows6.0-KB958644-x64 /quiet
For all supported
Itanium-based editions of Windows Server
2008:
Windows6.0-KB958644-ia64 /quiet |
|
Installing without restarting |
For all supported 32-bit editions of Windows
Server 2008:
Windows6.0-KB958644-x86 /quiet /norestart
For
all supported x64-based editions of Windows Server
2008:
Windows6.0-KB958644-x64 /quiet /norestart
For all
supported Itanium-based editions of Windows Server
2008:
Windows6.0-KB958644-ia64 /quiet /norestart |
|
Further information |
See the subsection, Detection and Deployment
Tools and Guidance |
|
Restart Requirement |
|
|
Restart required? |
Yes, you must restart your system after you
apply this security update |
|
HotPatching |
Not applicable |
|
Removal Information |
WUSA.exe does not support uninstall of updates.
To uninstall an update installed by WUSA, click Control
Panel, and then click Security. Under Windows Update,
click View installed updates and select from the list of
updates. |
|
File Information |
See Microsoft Knowledge
Base Article 958644 |
|
Registry Key Verification |
Note A registry key does not exist to
validate the presence of this update. |
Installing the Update
When you install this security update, the installer checks whether one
or more of the files that are being updated on your system have previously
been updated by a Microsoft hotfix.
For more information about the terminology that appears in this
bulletin, such as hotfix, see Microsoft Knowledge Base
Article 824684.
This security update supports the following setup switches.
|
/?, /h, /help |
Displays help on supported switches. |
|
/quiet |
Suppresses the display of status or error
messages. |
|
/norestart |
When combined with /quiet, the system
will not be restarted after installation even if a restart is
required to complete installation. |
Note For more information about the wusa.exe installer, see Microsoft Knowledge Base
Article 934307.
Verifying That the Update Has Been Applied
| |
Microsoft Baseline Security Analyzer
To verify that a security update has been applied to an affected
system, you may be able to use the Microsoft Baseline Security
Analyzer (MBSA) tool. See the section, Detection and Deployment
Tools and Guidance, earlier in this bulletin for more
information. |
| |
File Version Verification
Because there are several editions of Microsoft Windows, the
following steps may be different on your system. If they are, see
your product documentation to complete these steps.
|
1. |
Click Start and then enter an update file name in
Start Search. |
|
2. |
When the file appears under Programs, right-click on
the file name and click Properties. |
|
3. |
Under the General tab, compare the file size with
the file information tables provided in the bulletin KB
article. |
|
4. |
You may also click on the Details tab and compare
information, such as file version and date modified, with the
file information tables provided in the bulletin KB
article. |
|
5. |
Finally, you may also click on the Previous Versions
tab and compare file information for the previous version of
the file with the file information for the new, or updated,
version of the
file. | |
Support
| |
Customers in the U.S. and Canada can receive technical support
from Microsoft
Product Support Services at 1-866-PCSAFETY. There is no charge
for support calls that are associated with security
updates. |
| |
International customers can receive support from their local
Microsoft subsidiaries. There is no charge for support that is
associated with security updates. For more information about how to
contact Microsoft for support issues, visit the International
Support Web site. |
Disclaimer
The information provided in the Microsoft Knowledge Base is provided
"as is" without warranty of any kind. Microsoft disclaims all warranties,
either express or implied, including the warranties of merchantability and
fitness for a particular purpose. In no event shall Microsoft Corporation
or its suppliers be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special
damages, even if Microsoft Corporation or its suppliers have been advised
of the possibility of such damages. Some states do not allow the exclusion
or limitation of liability for consequential or incidental damages so the
foregoing limitation may not apply.
Revisions
| |
V1.0 (October 23, 2008): Bulletin
published. |
|
