荔园在线
荔园之美,在春之萌芽,在夏之绽放,在秋之收获,在冬之沉淀
[回到开始]
[上一篇][下一篇]
发信人: GyeaonWoo (醉了的小蜗牛), 信区: Microsoft
标 题: Microsoft昨天发布一严重新漏洞报告MS04-015[转载]
发信站: 荔园晨风BBS站 (Wed May 12 12:48:21 2004), 转信
【 以下文字转载自 Security 讨论区 】
【 原文由 GyeaonWoo 所发表 】
受影响系统:
Windows XP/2003
不受影响系统:
Windows 2000/98/NT
相关补丁下载:
http://www.microsoft.com/technet/security/bulletin/ms04-015.mspx
官方报告原文如下
Microsoft Security Bulletin MS04-015
Vulnerability in Help and Support Center Could Allow Remote Code
Execution (840374)
Issued: May 11, 2004
Updated: May 11, 2004
Version: 1.1
Summary
Who should read this document: Customers who use Microsoft? Windows?
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Recommendation: Customers should install the update at the earliest
opportunity.
Security Update Replacement: None
Caveats: Microsoft Knowledge Base Article 841996 documents a known issue
that customers may experience when they install this security update on
a system where the Help and Support Center service is disabled. For the
installation of this security update to be successful, the Help and
Support Center service cannot be disabled. The article also documents
recommended solutions for this issue. For more information, see
Microsoft Knowledge Base Article 841996.
Tested Software and Security Update Download Locations:
Affected Software:
? Microsoft Windows XP and Microsoft Windows XP Service Pack 1 –
Download the update
? Microsoft Windows XP 64-Bit Edition Service Pack 1 – Download the
update
? Microsoft Windows XP 64-Bit Edition Version 2003 – Download the
update
? Microsoft Windows Server? 2003 – Download the update
? Microsoft Windows Server 2003 64-Bit Edition – Download the update
Non-Affected Software:
? Microsoft Windows NT? Workstation 4.0 Service Pack 6a
? Microsoft Windows NT Server 4.0 Service Pack 6a
? Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack
6
? Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000
Service Pack 3, Microsoft Windows 2000 Service Pack 4
? Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (ME)
The software in this list has been tested to determine if the versions
are affected. Other versions either no longer include security update
support or may not be affected. To determine the support lifecycle for
your product and version, visit the following Microsoft Support
Lifecycle Web site.
Top of section
General Information
Executive Summary
Executive Summary:
This update resolves a newly-discovered vulnerability. A remote code
execution vulnerability exists in the Help and Support Center because of
the way that it handles HCP URL validation. The vulnerability is
documented in the Vulnerability Details section of this bulletin.
If a user is logged on with administrative privileges, an attacker who
successfully exploited this vulnerability could take complete control of
an affected system, including installing programs; viewing, changing,
or deleting data; or creating new accounts with full privileges. Users
whose accounts are configured to have fewer privileges on the system
would be at less risk than users who operate with administrative
privileges.
Microsoft recommends that customers install the update at the earliest
opportunity.
Severity Ratings and Vulnerability Identifiers:
Vulnerability Identifiers Impact of Vulnerability Windows XP Windows
Server 2003
Help and Support Center Vulnerability - CAN-2004-0199
Remote Code Execution
Important
Important
Aggregate Severity of All Vulnerabilities
Important
Important
This assessment is based on the types of systems that are affected by
the vulnerability, their typical deployment patterns, and the effect
that exploiting the vulnerability would have on them.
Top of section
Frequently asked questions (FAQ) related to this security update
Does this update contain any other changes to functionality?
Yes. In addition to the changes that are listed in the Vulnerability
Details section of this bulletin, this update includes the following
changes in functionality:
? Windows XP supports a feature that allows it to automatically offer
a user an option to upgrade a DVD decoder. This feature has been removed
to provide greater security and to prevent potential malicious use.
Microsoft considers this to be a defense in depth measure that we are
taking to provide additional protection against malicious use. Users who
try to use this feature after they install the update will receive an
error message that indicates that the system "Cannot display this page."
Microsoft currently has plans to provide an improved version of this
feature in a future service pack.
? Microsoft has also made another defense in depth change that will have
an affect on the Found New Hardware Wizard. The Help and Support Center
has a feature that sometimes prompts users to send hardware profile
information after they run the Found New Hardware Wizard. This feature
has been removed. After users install the update, when the Found New
Hardware Wizard finishes in these cases, they will receive an error
message that indicates that the system "Cannot display this page."
Can I use the Microsoft Baseline Security Analyzer (MBSA) to determine
if this update is required?
Yes. MBSA will determine if this update is required. For more
information about MBSA, visit the MBSA Web site.
Note After April 20, 2004, the Mssecure.xml file that is used by MBSA
1.1.1 and earlier versions is no longer being updated with new
security bulletin data. Therefore, scans that are performed with MBSA
1.1.1 or earlier after that date will be incomplete. All users should
upgrade to MBSA 1.2 because it provides more accurate security update
detection and supports additional products. Users can download MBSA 1.
2 from the MBSA Web site. For more information about MBSA support, visit
the following Microsoft Baseline Security Analyzer (MBSA) 1.2 Q&A Web
site.
Can I use Systems Management Server (SMS) to determine if this update is
required?
Yes. SMS can help detect and deploy this security update. For
information about SMS, visit the SMS Web site.
Top of section
Vulnerability Details
Help and Support Center Vulnerability - CAN-2004-0199:
A remote code execution vulnerability exists in the Help and Support
Center because of the way that it handles HCP URL validation. An
attacker could exploit the vulnerability by constructing a malicious HCP
URL that could potentially allow remote code execution if a user
visited a malicious Web site or viewed a malicious e-mail message. An
attacker who successfully exploited this vulnerability could take
complete control of an affected system. However, significant user
interaction is required to exploit this vulnerability.
Mitigating Factors for Help and Support Center Vulnerability -
CAN-2004-0199:
? In a Web-based attack scenario, an attacker would have to host a Web
site that contains a Web page that is used to exploit this
vulnerability. An attacker would have no way to force users to visit a
malicious Web site. Instead, an attacker would have to persuade them
to visit the Web site, typically by getting them to click a link that
takes them to the attacker's site. After they click the link, they would
be prompted to perform several actions. An attack could only occur
after they performed these actions.
? By default, Outlook Express 6, Outlook 2002, and Outlook 2003 open
HTML e-mail messages in the Restricted sites zone. Additionally, Outlook
98 and Outlook 2000 open HTML e-mail messages in the Restricted sites
zone if the Outlook E-mail Security Update has been installed. The
Restricted sites zone helps reduce attacks that could attempt to exploit
this vulnerability.
The risk of attack from the HTML e-mail vector can be significantly
reduced if you meet all the following conditions:
? Apply the update that is included with Microsoft Security Bulletin
MS03-040 or a later Cumulative Security Update for Internet Explorer.
? Use Internet Explorer 6 or later.
? Use the Microsoft Outlook E-mail Security Update, use Microsoft
Outlook Express 6 or later, or use Microsoft Outlook 2000 Service Pack 2
or later in its default configuration.
? An attacker who successfully exploited this vulnerability could gain
the same privileges as the user. Users whose accounts are configured
to have fewer privileges on the system would be at less risk than
users who operate with administrative privileges.
? Windows NT 4.0 and Windows 2000 are not affected by this
vulnerability.
Top of section
Workarounds for Help and Support Center Vulnerability - CAN-2004-0199:
Microsoft has tested the following workarounds. While these
workarounds will not correct the underlying vulnerability, they help
block known attack vectors. When a workaround reduces functionality,
it is identified below.
? Unregister the HCP Protocol.
To help prevent an attack, unregister the HCP Protocol by deleting the
following key from the registry: HKEY_CLASSES_ROOT\HCP. To do so, follow
these steps:
1.
Click Start, and then click Run.
2.
Type regedit, and then click OK.
The registry editor program launches.
3.
Expand HKEY_CLASSES_ROOT, and then highlight the HCP key.
4.
Right-click the HCP key, and then click Delete.
Note Using Registry Editor incorrectly can cause serious problems that
may require you to reinstall Windows. Microsoft cannot guarantee that
problems resulting from the incorrect use of Registry Editor can be
solved. Use Registry Editor at your own risk.
Impact of Workaround: Unregistering the HCP protocol will break all
local, legitimate help links that use hcp://. For example, links in
Control Panel may no longer work.
? Install Outlook E-mail Security Update if you are using Outlook 2000
SP1 or earlier.
By default, Outlook Express 6, Outlook 2002 and Outlook 2003 open HTML
e-mail messages in the Restricted sites zone. Additionally, Outlook 98
and Outlook 2000 open HTML e-mail messages in the Restricted sites
zone if the Outlook E-mail Security Update has been installed.
Customers who use any of these products could be at a reduced risk
from an e-mail-borne attack that tries to exploit this vulnerability
unless the user clicks a malicious link in the e-mail message.
? Read e-mail messages in plain text format if you are using Outlook
2002 or later, or Outlook Express 6 SP1 or later, to help protect
yourself from the HTML e-mail attack vector.
Microsoft Outlook 2002 users who have applied Office XP Service Pack 1
or later and Microsoft Outlook Express 6 users who have applied Internet
Explorer 6 Service Pack 1 can enable this setting and view e-mail
messages that are not digitally signed or e-mail messages that are not
encrypted in plain text only.
Digitally signed e-mail messages or encrypted e-mail messages are not
affected by the setting and may be read in their original formats. For
more information about enabling this setting in Outlook 2002, see
Microsoft Knowledge Base Article 307594.
For information about this setting in Outlook Express 6, see Microsoft
Knowledge Base Article 291387.
Impact of Workaround: E-mail messages that are viewed in plain text
format will not contain pictures, specialized fonts, animations, or
other rich content. In addition:
? The changes are applied to the preview pane and to open messages.
? Pictures become attachments so that they are not lost.
? Because the message is still in Rich Text or HTML format in the store,
the object model (custom code solutions) may behave unexpectedly.
Top of section
FAQ for Help and Support Center Vulnerability - CAN-2004-0199:
What is the scope of the vulnerability?
This is a remote code execution vulnerability. If a user is logged on
with administrative privileges, an attacker who successfully exploited
this vulnerability could take complete control of an affected system,
including installing programs; viewing, changing, or deleting data; or
creating new accounts with full privileges. Users whose accounts are
configured to have fewer privileges on the system would be at less
risk than users who operate with administrative privileges. However,
significant user interaction is required to exploit this vulnerability.
What causes the vulnerability?
The process that the Help and Support Center uses to validate data
input.
What is the Help and Support Center?
The Help and Support Center (HSC) is a feature in Windows that
provides help on a variety of topics. For example, HSC can teach users
about Windows features, how to download and install software updates,
how to determine whether a particular hardware device is compatible with
Windows, and how to receive help from Microsoft. Users and programs can
use URL links to the Help and Support Center by using the "hcp://"
prefix in a URL link instead of "http://."
What is the HCP protocol?
Similar to the way that the HTTP protocol can use execute URL links to
open a Web browser, the HCP protocol can execute URL links to open the
Help and Support Center feature.
What is wrong with the Help and Support Center?
An error in input validation occurs.
What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take
complete control of an affected system, including installing programs;
viewing, changing, or deleting data; or creating new accounts that
have full privileges.
How could an attacker exploit this vulnerability?
To exploit this vulnerability, an attacker would have to host a
malicious Web site and then persuade a user to view that Web site. An
attacker could also create an HTML e-mail message that has a specially
crafted link, and then persuade a user to view the HTML e-mail message
and then click the malicious link If the user clicked this link, a
window could open with an HCP URL of the attacker's choice. However,
at this point significant additional user interaction is required. After
clicking the link, the user would be prompted to perform several
actions. An attack could only occur after a user performed these
actions.
What systems are primarily at risk from the vulnerability?
Windows XP and Windows Server 2003 contain the affected version of the
Help and Support Center. Other platforms are not affected because they
do not contain the Help and Support Center or because the nature of
the vulnerability is different on those platforms.
I am running Internet Explorer on Windows Server 2003. Does Windows
Server 2003 mitigate this vulnerability?
No. By default, Internet Explorer on Windows Server 2003 runs in a
restricted mode that is known as the Internet Explorer Enhanced Security
Configuration. However, the HCP protocol is permitted to access the
Help and Support Center by default. Therefore, Windows Server 2003 is
vulnerable.
For more information about Internet Explorer Enhanced Security
Configuration, visit the following Web site.
What does the update do?
This update removes the vulnerability by modifying the validation of
data that is passed to the Help and Support Center.
How does this vulnerability relate to the Help and SupportCenter
vulnerability that is corrected by MS04-011?
Both vulnerabilities were in the Help and Support Center. However,
this update corrects a new vulnerability that was not addressed as
part of MS04-011. MS04-011 fully protects against the vulnerability that
is discussed in that bulletin, but does not address this new
vulnerability. This update does not replace MS04-011. You must install
this update and the update provided as part of the MS04-011 security
bulletin to be protected from both vulnerabilities.
When this security bulletin was issued, had this vulnerability been
publicly disclosed?
No. Microsoft had not received any information indicating that this
vulnerability had been publicly disclosed when this security bulletin
was originally issued.
When this security bulletin was issued, had Microsoft received any
reports that this vulnerability was being exploited?
No. Microsoft had not received any information indicating that this
vulnerability had been publicly used to attack customers and had not
seen any examples of proof of concept code published when this
security bulletin was originally issued.
Top of section
Top of section
Top of section
Security Update Information
Installation Platforms and Prerequisites:
For information about the specific security update for your platform,
click the appropriate link:
Windows Server 2003 (all versions)
Prerequisites
This security update requires a released version of Windows Server
2003.
Inclusion in Future Service Packs:
The update for this issue will be included in Windows Server 2003
Service Pack 1.
Installation Information
This security update supports the following setup switches:
/help Displays the command line options
Setup Modes
/quiet Quiet mode (no user interaction or
display)
/passive Unattended mode (progress bar only)
/uninstall Uninstalls the package
Restart Options
/norestart Do not restart when installation is complete
/forcerestart Restart after installation
Special Options
/l Lists installed Windows hotfixes or update packages
/o Overwrite OEM files without prompting
/n Do not backup files needed for uninstall
/f Force other programs to close when the computer shuts
down
Note You can combine these switches into one command. For backward
compatibility, the security update also supports the setup switches that
the previous version of the setup utility uses. For more information
about the supported installation switches, see Microsoft Knowledge
Base Article 262841.
Deployment Information
To install the security update without any user intervention, use the
following command at a command prompt for Windows Server 2003:
Windowsserver2003-kb840374-x86-enu /passive /quiet
To install the security update without forcing the system to restart,
use the following command at a command prompt for Windows Server 2003:
Windowsserver2003-kb840374-x86-enu /norestart
For information about how to deploy this security update with Software
Update Services, visit the Software Update Services Web site.
Restart Requirement
In some cases, this update does not require a restart. The installer
stops the required services, applies the update, and then restarts the
services. However, if the required services cannot be stopped for any
reason or if required files are in use, this update will require a
restart. If this occurs, a message appears that advises you to restart.
Removal Information
To remove this update, use the Add or Remove Programs tool in Control
Panel.
System administrators can also use the Spuninst.exe utility to remove
this security update. The Spuninst.exe utility is located in the
%Windir%\$NTUninstallKB840374$\Spuninst folder. The Spuninst.exe utility
supports the following setup switches:
/?: Show the list of installation switches.
/u: Use unattended mode.
/f: Force other programs to quit when the computer shuts down.
/z: Do not restart when the installation is complete.
/q: Use Quiet mode (no user interaction).
File Information
The English version of this update has the file attributes (or later)
that are listed in the following table. The dates and times for these
files are listed in coordinated universal time (UTC). When you view
the file information, it is converted to local time. To find the
difference between UTC and local time, use the Time Zone tab in the Date
and Time tool in Control Panel.
Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard
Edition, Windows Server 2003 Web Edition, and Windows Server 2003
Datacenter Edition:
Date Time Version Size File name
Platform Folder
------------------------------------------------------------------------
----------------------------------
15-Apr-2004 06:03 5.2.3790.161 782,848 Helpctr.exe
x86 RTMGDR
15-Apr-2004 06:03 5.2.3790.161 10,240 Hscupd.exe
x86 RTMGDR
15-Apr-2004 07:10 26,507 Hsc.system.errors.
connection.htm.cab RTMGDR\BR
15-Apr-2004 07:05 25,790 Hsc.system.errors.
connection.htm.cab RTMGDR\CHS
15-Apr-2004 07:05 25,754 Hsc.system.errors.
connection.htm.cab RTMGDR\CHT
15-Apr-2004 07:10 26,537 Hsc.system.errors.
connection.htm.cab RTMGDR\CS
15-Apr-2004 07:10 26,479 Hsc.system.errors.
connection.htm.cab RTMGDR\ES
15-Apr-2004 07:10 26,667 Hsc.system.errors.
connection.htm.cab RTMGDR\FR
15-Apr-2004 07:10 26,881 Hsc.system.errors.
connection.htm.cab RTMGDR\GER
15-Apr-2004 07:10 26,514 Hsc.system.errors.
connection.htm.cab RTMGDR\HU
15-Apr-2004 07:10 26,607 Hsc.system.errors.
connection.htm.cab RTMGDR\IT
15-Apr-2004 07:10 26,515 Hsc.system.errors.
connection.htm.cab RTMGDR\JPN
15-Apr-2004 07:05 26,120 Hsc.system.errors.
connection.htm.cab RTMGDR\KOR
15-Apr-2004 07:10 26,724 Hsc.system.errors.
connection.htm.cab RTMGDR\NL
15-Apr-2004 07:10 26,691 Hsc.system.errors.
connection.htm.cab RTMGDR\PL
15-Apr-2004 07:10 26,544 Hsc.system.errors.
connection.htm.cab RTMGDR\PT
15-Apr-2004 07:10 26,508 Hsc.system.errors.
connection.htm.cab RTMGDR\RU
15-Apr-2004 07:10 26,514 Hsc.system.errors.
connection.htm.cab RTMGDR\SV
15-Apr-2004 07:05 26,350 Hsc.system.errors.
connection.htm.cab RTMGDR\TR
15-Apr-2004 07:10 26,397 Hsc.system.errors.
connection.htm.cab RTMGDR\USA
15-Apr-2004 06:00 5.2.3790.161 782,848 Helpctr.exe
x86 RTMQFE
15-Apr-2004 06:00 5.2.3790.161 10,240 Hscupd.exe
x86 RTMQFE
15-Apr-2004 07:05 26,507 Hsc.system.errors.
connection.htm.cab RTMGDR\BR
15-Apr-2004 07:05 25,790 Hsc.system.errors.
connection.htm.cab RTMGDR\CHS
15-Apr-2004 07:05 25,754 Hsc.system.errors.
connection.htm.cab RTMGDR\CHT
15-Apr-2004 07:05 26,537 Hsc.system.errors.
connection.htm.cab RTMGDR\CS
15-Apr-2004 07:05 26,479 Hsc.system.errors.
connection.htm.cab RTMGDR\ES
15-Apr-2004 07:05 26,667 Hsc.system.errors.
connection.htm.cab RTMGDR\FR
15-Apr-2004 07:05 26,881 Hsc.system.errors.
connection.htm.cab RTMGDR\GER
15-Apr-2004 07:05 26,514 Hsc.system.errors.
connection.htm.cab RTMGDR\HU
15-Apr-2004 07:05 26,607 Hsc.system.errors.
connection.htm.cab RTMGDR\IT
15-Apr-2004 07:05 26,515 Hsc.system.errors.
connection.htm.cab RTMGDR\JPN
15-Apr-2004 07:05 26,120 Hsc.system.errors.
connection.htm.cab RTMGDR\KOR
15-Apr-2004 07:05 26,724 Hsc.system.errors.
connection.htm.cab RTMGDR\NL
15-Apr-2004 07:05 26,691 Hsc.system.errors.
connection.htm.cab RTMGDR\PL
15-Apr-2004 07:05 26,544 Hsc.system.errors.
connection.htm.cab RTMGDR\PT
15-Apr-2004 07:05 26,508 Hsc.system.errors.
connection.htm.cab RTMGDR\RU
15-Apr-2004 07:05 26,514 Hsc.system.errors.
connection.htm.cab RTMGDR\SV
15-Apr-2004 07:05 26,350 Hsc.system.errors.
connection.htm.cab RTMGDR\TR
15-Apr-2004 07:05 26,397 Hsc.system.errors.
connection.htm.cab RTMGDR\USA
Windows Server 2003 64-Bit Enterprise Edition and Windows Server 2003
64-Bit Datacenter Edition:
Date Time Version Size File name
Platform Folder
------------------------------------------------------------------------
----------------------------------
11-Apr-2004 05:23 5.2.3790.161 2,062,336 Helpctr.exe
IA-64 RTMGDR
11-Apr-2004 05:21 5.2.3790.161 21,504 Hscupd.exe
IA-64 RTMGDR
15-Apr-2004 07:10 26,479 Hsc.system.errors.
connection.htm.cab RTMGDR\ES
15-Apr-2004 07:10 26,667 Hsc.system.errors.
connection.htm.cab RTMGDR\FR
15-Apr-2004 07:10 26,881 Hsc.system.errors.
connection.htm.cab RTMGDR\GER
15-Apr-2004 07:10 26,607 Hsc.system.errors.
connection.htm.cab RTMGDR\IT
15-Apr-2004 07:10 26,515 Hsc.system.errors.
connection.htm.cab RTMGDR\JPN
15-Apr-2004 07:05 26,120 Hsc.system.errors.
connection.htm.cab RTMGDR\KOR
15-Apr-2004 07:05 26,397 Hsc.system.errors.
connection.htm.cab RTMGDR\USA
11-Apr-2004 06:50 5.2.3790.161 2,062,336 Helpctr.exe
IA-64 RTMQFE
11-Apr-2004 06:49 5.2.3790.161 21,504 Hscupd.exe
IA-64 RTMQFE
15-Apr-2004 07:05 26,479 Hsc.system.errors.
connection.htm.cab RTMQFE\ES
15-Apr-2004 07:05 26,667 Hsc.system.errors.
connection.htm.cab RTMQFE\FR
15-Apr-2004 07:05 26,881 Hsc.system.errors.
connection.htm.cab RTMQFE\GER
15-Apr-2004 07:05 26,607 Hsc.system.errors.
connection.htm.cab RTMQFE\IT
15-Apr-2004 07:05 26,515 Hsc.system.errors.
connection.htm.cab RTMQFE\JPN
15-Apr-2004 07:05 26,120 Hsc.system.errors.
connection.htm.cab RTMQFE\KOR
15-Apr-2004 07:05 26,397 Hsc.system.errors.
connection.htm.cab RTMQFE\USA
Note When you install this security update on Windows Server 2003 or
on Windows XP 64-Bit Edition Version 2003, the installer checks to see
if any of the files that are being updated on your system have
previously been updated by a Microsoft hotfix. If you have previously
installed a hotfix to update one of these files, the installer copies
the RTMQFE files to your system. Otherwise, the installer copies the
RTMGDR files to your system. For more information, see Microsoft
Knowledge Base Article 824994.
Verifying Update Installation
To verify that a security update is installed on an affected system
you may be able to use the Microsoft Baseline Security Analyzer (MBSA)
tool, which allows administrators to scan local and remote systems for
missing security updates and for common security misconfigurations.
For more information about MBSA, visit the Microsoft Baseline Security
Analyzer Web site.
You may also be able to verify the files that this security update has
installed by reviewing the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Server
2003\SP1\KB840374\Filelist
Note This registry key may not be created correctly if an
administrator or an OEM integrates or slipstreams the 840374 security
update into the Windows installation source files.
Top of section
Windows XP (all versions)
Note For Windows XP 64-Bit Edition Version 2003, this security update is
the same as the Windows Server 2003 64-Bit Edition security update.
Prerequisites
This security update requires the release version of Windows XP or
Windows XP Service Pack 1 (SP1). For more information, see Microsoft
Knowledge Base Article 322389.
Inclusion in Future Service Packs:
The update for these issues will be included in Windows XP Service
Pack 2.
Installation Information
This security update supports the following setup switches:
/help Displays the command line options
Setup Modes
/quiet Quiet mode (no user interaction or
display)
/passive Unattended mode (progress bar only)
/uninstall Uninstalls the package
Restart Options
/norestart Do not restart when installation is complete
/forcerestart Restart after installation
Special Options
/l Lists installed Windows hotfixes or update packages
/o Overwrite OEM files without prompting
/n Do not backup files needed for uninstall
/f Force other programs to close when the computer shuts
down
Note You can combine these switches into one command. For backward
compatibility, the security update also supports the setup switches that
the previous version of the setup utility uses. For more information
about the supported installation switches, see Microsoft Knowledge
Base Article 262841.
Deployment Information
To install the security update without any user intervention, use the
following command at a command prompt for Windows XP:
Windowsxp-kb840374-x86-enu /passive /quiet
To install the security update without forcing the system to restart,
use the following command at a command prompt for Windows XP:
Windowsxp-kb840374-x86-enu /norestart
For information about how to deploy this security update with Software
Update Services, visit the Software Update Services Web site.
Restart Requirement
In some cases, this update does not require a restart. The installer
stops the required services, applies the update, and then restarts the
services. However, if the required services cannot be stopped for any
reason or if required files are in use, this update will require a
restart. If this occurs, a message appears that advises you to restart.
Removal Information
To remove this update, use the Add or Remove Programs tool in Control
Panel.
System administrators can also use the Spuninst.exe utility to remove
this security update. The Spuninst.exe is located in the
%Windir%\$NTUninstallKB840374$\Spuninst folder. The Spuninst.exe utility
supports the following setup switches:
/?: Show the list of installation switches.
/u: Use unattended mode.
/f: Force other programs to quit when the computer shuts down.
/z: Do not restart when the installation is complete.
/q: Use Quiet mode (no user interaction).
File Information
The English version of this update has the file attributes (or later)
that are listed in the following table. The dates and times for these
files are listed in coordinated universal time (UTC). When you view
the file information, it is converted to local time. To find the
difference between UTC and local time, use the Time Zone tab in the Date
and Time tool in Control Panel.
Windows XP Home Edition, Windows XP Professional, Windows XP Home
Edition Service Pack 1, Windows XP Professional Service Pack 1,
Windows XP Tablet PC Edition, and Windows XP Media Center Edition:
Date Time Version Size File name
Folder
------------------------------------------------------------------------
---------------------
09-Apr-2004 19:56 5.1.2600.137 726,528 Helpctr.exe
SP1
15-Apr-2004 21:36 26,172 Hsc.system.errors.
connection.htm.cab SP1
27-Feb-2004 04:30 5.1.2600.134 16,896 Hscupd.exe
SP1
27-Feb-2004 04:36 70,111 Hscxpsp1.cab
SP1
15-Apr-2004 21:36 25,958 Hsc.system.errors.
connection.htm.cab SP1\ARA
15-Apr-2004 21:25 10,469 Hsc.system.scripts.
common.js.cab SP1\ARA
15-Apr-2004 21:36 25,565 Hsc.system.errors.
connection.htm.cab SP1\CHS
15-Apr-2004 21:25 10,469 Hsc.system.scripts.
common.js.cab SP1\CHS
15-Apr-2004 21:36 25,529 Hsc.system.errors.
connection.htm.cab SP1\CHT
15-Apr-2004 21:25 10,469 Hsc.system.scripts.
common.js.cab SP1\CHT
15-Apr-2004 21:36 26,316 Hsc.system.errors.
connection.htm.cab SP1\CSY
15-Apr-2004 21:26 10,469 Hsc.system.scripts.
common.js.cab SP1\CSY
15-Apr-2004 21:36 26,386 Hsc.system.errors.
connection.htm.cab SP1\DAN
15-Apr-2004 21:26 10,469 Hsc.system.scripts.
common.js.cab SP1\DAN
15-Apr-2004 21:36 26,656 Hsc.system.errors.
connection.htm.cab SP1\DEU
15-Apr-2004 21:26 10,469 Hsc.system.scripts.
common.js.cab SP1\DEU
15-Apr-2004 21:36 26,651 Hsc.system.errors.
connection.htm.cab SP1\ELL
15-Apr-2004 21:26 10,469 Hsc.system.scripts.
common.js.cab SP1\ELL
15-Apr-2004 21:36 26,254 Hsc.system.errors.
connection.htm.cab SP1\ESN
15-Apr-2004 21:26 10,469 Hsc.system.scripts.
common.js.cab SP1\ESN
15-Apr-2004 21:36 26,107 Hsc.system.errors.
connection.htm.cab SP1\FIN
15-Apr-2004 21:26 10,469 Hsc.system.scripts.
common.js.cab SP1\FIN
15-Apr-2004 21:36 26,448 Hsc.system.errors.
connection.htm.cab SP1\FRA
15-Apr-2004 21:26 10,469 Hsc.system.scripts.
common.js.cab SP1\FRA
15-Apr-2004 21:36 25,852 Hsc.system.errors.
connection.htm.cab SP1\HEB
15-Apr-2004 21:26 10,469 Hsc.system.scripts.
common.js.cab SP1\HEB
15-Apr-2004 21:36 26,289 Hsc.system.errors.
connection.htm.cab SP1\HUN
15-Apr-2004 21:26 10,469 Hsc.system.scripts.
common.js.cab SP1\HUN
15-Apr-2004 21:36 26,382 Hsc.system.errors.
connection.htm.cab SP1\ITA
15-Apr-2004 21:26 10,469 Hsc.system.scripts.
common.js.cab SP1\ITA
15-Apr-2004 21:36 26,290 Hsc.system.errors.
connection.htm.cab SP1\JPN
15-Apr-2004 21:26 10,469 Hsc.system.scripts.
common.js.cab SP1\JPN
15-Apr-2004 21:36 25,895 Hsc.system.errors.
connection.htm.cab SP1\KOR
15-Apr-2004 21:26 10,469 Hsc.system.scripts.
common.js.cab SP1\KOR
15-Apr-2004 21:36 26,493 Hsc.system.errors.
connection.htm.cab SP1\NLD
15-Apr-2004 21:26 10,469 Hsc.system.scripts.
common.js.cab SP1\NLD
15-Apr-2004 21:36 26,228 Hsc.system.errors.
connection.htm.cab SP1\NOR
15-Apr-2004 21:26 10,469 Hsc.system.scripts.
common.js.cab SP1\NOR
15-Apr-2004 21:36 26,466 Hsc.system.errors.
connection.htm.cab SP1\PLK
15-Apr-2004 21:26 10,469 Hsc.system.scripts.
common.js.cab SP1\PLK
15-Apr-2004 21:36 26,282 Hsc.system.errors.
connection.htm.cab SP1\PTB
15-Apr-2004 21:25 10,469 Hsc.system.scripts.
common.js.cab SP1\PTB
15-Apr-2004 21:36 26,319 Hsc.system.errors.
connection.htm.cab SP1\PTG
15-Apr-2004 21:26 10,469 Hsc.system.scripts.
common.js.cab SP1\PTG
15-Apr-2004 21:36 26,283 Hsc.system.errors.
connection.htm.cab SP1\RUS
15-Apr-2004 21:26 10,469 Hsc.system.scripts.
common.js.cab SP1\RUS
15-Apr-2004 21:36 26,289 Hsc.system.errors.
connection.htm.cab SP1\SVE
15-Apr-2004 21:26 10,469 Hsc.system.scripts.
common.js.cab SP1\SVE
15-Apr-2004 21:36 26,125 Hsc.system.errors.
connection.htm.cab SP1\TRK
15-Apr-2004 21:26 10,469 Hsc.system.scripts.
common.js.cab SP1\TRK
15-Apr-2004 00:50 5.1.2600.1515 740,864 Helpctr.exe
SP2
15-Apr-2004 08:26 26,173 Hsc.system.errors.
connection.htm.cab SP2
11-Apr-2004 02:53 5.1.2600.1515 16,384 Hscupd.exe
SP2
15-Apr-2004 08:26 25,959 Hsc.system.errors.
connection.htm.cab SP2\ARA
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\ARA
15-Apr-2004 08:26 25,566 Hsc.system.errors.
connection.htm.cab SP2\CHS
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\CHS
15-Apr-2004 08:26 25,530 Hsc.system.errors.
connection.htm.cab SP2\CHT
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\CHT
15-Apr-2004 08:26 26,317 Hsc.system.errors.
connection.htm.cab SP2\CSY
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\CSY
15-Apr-2004 08:26 26,387 Hsc.system.errors.
connection.htm.cab SP2\DAN
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\DAN
15-Apr-2004 08:26 26,657 Hsc.system.errors.
connection.htm.cab SP2\DEU
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\DEU
15-Apr-2004 08:26 26,652 Hsc.system.errors.
connection.htm.cab SP2\ELL
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\ELL
15-Apr-2004 08:26 26,255 Hsc.system.errors.
connection.htm.cab SP2\ESN
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\ESN
15-Apr-2004 08:26 26,108 Hsc.system.errors.
connection.htm.cab SP2\FIN
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\FIN
15-Apr-2004 08:26 26,449 Hsc.system.errors.
connection.htm.cab SP2\FRA
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\FRA
15-Apr-2004 08:26 25,853 Hsc.system.errors.
connection.htm.cab SP2\HEB
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\HEB
15-Apr-2004 08:26 26,290 Hsc.system.errors.
connection.htm.cab SP2\HUN
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\HUN
15-Apr-2004 08:26 26,383 Hsc.system.errors.
connection.htm.cab SP2\ITA
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\ITA
15-Apr-2004 08:26 26,291 Hsc.system.errors.
connection.htm.cab SP2\JPN
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\JPN
15-Apr-2004 08:26 25,896 Hsc.system.errors.
connection.htm.cab SP2\KOR
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\KOR
15-Apr-2004 08:26 26,494 Hsc.system.errors.
connection.htm.cab SP2\NLD
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\NLD
15-Apr-2004 08:26 26,229 Hsc.system.errors.
connection.htm.cab SP2\NOR
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\NOR
15-Apr-2004 08:26 26,467 Hsc.system.errors.
connection.htm.cab SP2\PLK
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\PLK
15-Apr-2004 08:26 26,283 Hsc.system.errors.
connection.htm.cab SP2\PTB
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\PTB
15-Apr-2004 08:26 26,320 Hsc.system.errors.
connection.htm.cab SP2\PTG
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\PTG
15-Apr-2004 08:26 26,284 Hsc.system.errors.
connection.htm.cab SP2\RUS
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\RUS
15-Apr-2004 08:26 26,290 Hsc.system.errors.
connection.htm.cab SP2\SVE
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\SVE
15-Apr-2004 08:26 26,126 Hsc.system.errors.
connection.htm.cab SP2\TRK
15-Apr-2004 08:25 10,470 Hsc.system.scripts.
common.js.cab SP2\TRK
Windows XP 64-Bit Edition Service Pack 1:
Date Time Version Size File name
Platform Folder
------------------------------------------------------------------------
--------------------------------
11-Apr-2004 05:23 5.2.3790.161 2,062,336 Helpctr.exe
IA-64 RTMGDR
11-Apr-2004 05:21 5.2.3790.161 21,504 Hscupd.exe
IA-64 RTMGDR
15-Apr-2004 07:10 26,479 Hsc.system.errors.
connection.htm.cab RTMGDR\ES
15-Apr-2004 07:10 26,667 Hsc.system.errors.
connection.htm.cab RTMGDR\FR
15-Apr-2004 07:10 26,881 Hsc.system.errors.
connection.htm.cab RTMGDR\GER
15-Apr-2004 07:10 26,607 Hsc.system.errors.
connection.htm.cab RTMGDR\IT
15-Apr-2004 07:10 26,515 Hsc.system.errors.
connection.htm.cab RTMGDR\JPN
15-Apr-2004 07:05 26,120 Hsc.system.errors.
connection.htm.cab RTMGDR\KOR
15-Apr-2004 07:05 26,397 Hsc.system.errors.
connection.htm.cab RTMGDR\USA
11-Apr-2004 06:50 5.2.3790.161 2,062,336 Helpctr.exe
IA-64 RTMQFE
11-Apr-2004 06:49 5.2.3790.161 21,504 Hscupd.exe
IA-64 RTMQFE
15-Apr-2004 07:05 26,479 Hsc.system.errors.
connection.htm.cab RTMQFE\ES
15-Apr-2004 07:05 26,667 Hsc.system.errors.
connection.htm.cab RTMQFE\FR
15-Apr-2004 07:05 26,881 Hsc.system.errors.
connection.htm.cab RTMQFE\GER
15-Apr-2004 07:05 26,607 Hsc.system.errors.
connection.htm.cab RTMQFE\IT
15-Apr-2004 07:05 26,515 Hsc.system.errors.
connection.htm.cab RTMQFE\JPN
15-Apr-2004 07:05 26,120 Hsc.system.errors.
connection.htm.cab RTMQFE\KOR
15-Apr-2004 07:05 26,397 Hsc.system.errors.
connection.htm.cab RTMQFE\USA
Windows XP 64-Bit Edition Version 2003:
Date Time Version Size File name
Platform Folder
------------------------------------------------------------------------
----------------------------------
11-Apr-2004 05:23 5.2.3790.161 2,062,336 Helpctr.exe
IA-64 RTMGDR
11-Apr-2004 05:21 5.2.3790.161 21,504 Hscupd.exe
IA-64 RTMGDR
15-Apr-2004 07:10 26,479 Hsc.system.errors.
connection.htm.cab RTMGDR\ES
15-Apr-2004 07:10 26,667 Hsc.system.errors.
connection.htm.cab RTMGDR\FR
15-Apr-2004 07:10 26,881 Hsc.system.errors.
connection.htm.cab RTMGDR\GER
15-Apr-2004 07:10 26,607 Hsc.system.errors.
connection.htm.cab RTMGDR\IT
15-Apr-2004 07:10 26,515 Hsc.system.errors.
connection.htm.cab RTMGDR\JPN
15-Apr-2004 07:05 26,120 Hsc.system.errors.
connection.htm.cab RTMGDR\KOR
15-Apr-2004 07:05 26,397 Hsc.system.errors.
connection.htm.cab RTMGDR\USA
11-Apr-2004 06:50 5.2.3790.161 2,062,336 Helpctr.exe
IA-64 RTMQFE
11-Apr-2004 06:49 5.2.3790.161 21,504 Hscupd.exe
IA-64 RTMQFE
15-Apr-2004 07:05 26,479 Hsc.system.errors.
connection.htm.cab RTMQFE\ES
15-Apr-2004 07:05 26,667 Hsc.system.errors.
connection.htm.cab RTMQFE\FR
15-Apr-2004 07:05 26,881 Hsc.system.errors.
connection.htm.cab RTMQFE\GER
15-Apr-2004 07:05 26,607 Hsc.system.errors.
connection.htm.cab RTMQFE\IT
15-Apr-2004 07:05 26,515 Hsc.system.errors.
connection.htm.cab RTMQFE\JPN
15-Apr-2004 07:05 26,120 Hsc.system.errors.
connection.htm.cab RTMQFE\KOR
15-Apr-2004 07:05 26,397 Hsc.system.errors.
connection.htm.cab RTMQFE\USA
Notes The Windows XP and Windows XP 64-Bit Edition Version 2003 versions
of this security update are packaged as dual-mode packages, which
contain files for both the original version of Windows XP and Windows XP
Service Pack 1 (SP1). For more information about dual-mode packages,
see Microsoft Knowledge Base Article 328848.
When you install the Windows XP 64-Bit Edition Version 2003 security
update, the installer checks to see if any of the files that are being
updated on your system have previously been updated by a Microsoft
hotfix. If you have previously installed a hotfix to update one of these
files, the installer copies the RTMQFE files to your system. Otherwise,
the installer copies the RTMGDR files to your system. For more
information, see Microsoft Knowledge Base Article 824994.
Verifying Update Installation
To verify that a security update is installed on an affected system
you may be able to use the Microsoft Baseline Security Analyzer (MBSA)
tool, which allows administrators to scan local and remote systems for
missing security updates and for common security misconfigurations.
For more information about MBSA, visit the Microsoft Baseline Security
Analyzer Web site.
You may also be able to verify the files that this security update has
installed by reviewing the following registry keys:
For Windows XP Home Edition, Windows XP Professional, Windows XP Home
Edition Service Pack 1, Windows XP Professional Service Pack 1,
Windows XP 64-Bit Edition Service Pack 1, Windows XP Tablet PC Edition,
and Windows XP Media Center Edition:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows
XP\SP2\KB840374\Filelist
For Windows XP 64-Bit Edition Version 2003:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Server
2003\SP1\KB840374\Filelist
Note This registry key may not be created correctly if an
administrator or an OEM integrates or slipstreams the 840374 security
update into the Windows installation source files.
Top of section
Top of section
Acknowledgments
Microsoft thanks the following for working with us to help protect
customers:
? Donnie Werner of ExploitLabs.com for reporting the DVD upgrade issue
that has been addressed as part of this security update.
Obtaining Other Security Updates:
Updates for other security issues are available from the following
locations:
? Security updates are available from the Microsoft Download Center: You
can find them most easily by doing a keyword search for
"security_patch".
? Updates for consumer platforms are available from the Windows Update
Web site.
Support:
? Customers in the U.S. and Canada can receive technical support from
Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge
for support calls that are associated with security updates.
? International customers can receive support from their local Microsoft
subsidiaries. There is no charge for support that is associated with
security updates. For more information on how to contact Microsoft for
support issues, visit the International Support Web site.
Security Resources:
? The Microsoft TechNet Security Web Site provides additional
information about security in Microsoft products.
? Microsoft Software Update Services
? Microsoft Baseline Security Analyzer (MBSA)
? Windows Update
? Windows Update Catalog: For more information about the Windows
Update Catalog, see Microsoft Knowledge Base Article 323166.
? Office Update
Software Update Services:
By using Microsoft Software Update Services (SUS), administrators can
quickly and reliably deploy the latest critical updates and security
updates to Windows 2000 and Windows Server 2003-based servers, and to
desktop systems that are running Windows 2000 Professional or Windows XP
Professional.
For more information about how to deploy this security update with
Software Update Services, visit the Software Update Services Web site.
Systems Management Server:
Microsoft Systems Management Server (SMS) delivers a highly-configurable
enterprise solution for managing updates. By using SMS,
administrators can identify Windows-based systems that require
security updates and to perform controlled deployment of these updates
throughout the enterprise with minimal disruption to end users. For more
information about how administrators can use SMS 2003 to deploy
security updates, see the SMS 2003 Security Patch Management Web site.
SMS 2.0 users can also use Software Updates Service Feature Pack to help
deploy security updates. For information about SMS, visit the SMS Web
Site.
Note SMS uses the Microsoft Baseline Security Analyzer and the Microsoft
Office Detection Tool to provide broad support for security bulletin
update detection and deployment. Some software updates may not be
detected by these tools. Administrators can use the inventory
capabilities of the SMS in these cases to target updates to specific
systems. For more information about this procedure, see the following
Web site. Some security updates require administrative rights
following a restart of the system. Administrators can use the Elevated
Rights Deployment Tool (available in the SMS 2003 Administration Feature
Pack and in the SMS 2.0 Administration Feature Pack) to install these
updates.
Disclaimer:
The information provided in the Microsoft Knowledge Base is provided "as
is" without warranty of any kind. Microsoft disclaims all warranties,
either express or implied, including the warranties of merchantability
and fitness for a particular purpose. In no event shall Microsoft
Corporation or its suppliers be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of
business profits or special damages, even if Microsoft Corporation or
its suppliers have been advised of the possibility of such damages. Some
states do not allow the exclusion or limitation of liability for
consequential or incidental damages so the foregoing limitation may
not apply.
Revisions:
? V1.0 (May 11, 2004): Bulletin published
? V1.1 (May 11, 2004): Bulletin updated to reflect updated information
in the Executive Summary and FAQ Section.
--
……
…………
沿址查无此人
※ 来源:·荔园晨风BBS站 bbs.szu.edu.cn·[FROM: 192.168.36.101]
--
※ 转载:·荔园晨风BBS站 bbs.szu.edu.cn·[FROM: 192.168.36.101]
[回到开始]
[上一篇][下一篇]
荔园在线首页 友情链接:深圳大学 深大招生 荔园晨风BBS S-Term软件 网络书店