Security Bulletin

Microsoft Security Bulletin MS04-028 - Critical

Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)

Published: September 14, 2004 | Updated: December 14, 2004

Version: 3.0

Issued: September 14, 2004
Updated: December 14, 2004
Version: 3.0

Summary

Who should read this document: Customers who use any of the affected operating systems, affected software programs, or affected components.

Impact of Vulnerability:  Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: None

Caveats: If you have installed any of the affected programs or affected components listed in this bulletin, you should install the required security update for each of the affected programs or affected components. This may require the installation of multiple security updates. See the FAQ section of this bulletin for more information. Microsoft Knowledge Base Article 833987 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 833987 or the FAQ section of this security bulletin.

Tested Software and Security Update Download Locations:

Affected Software:

Office Users Note Office XP Service Pack 2 and Office XP Service Pack 3 are both vulnerable to this issue. However the security update for Office XP Service Pack 2 is only provided as part of the Office XP administrative security update. For more information, see the Security Update Information section. Office 2003 Service Pack 1, Visio 2003 Service Pack 1, and Project 2003 Service Pack 1 contain an updated version of the affected component and are not affected. Customers that have installed these service packs do not need to install the available security updates for these products. We recommend that customers who are using the Visio 2002 Viewer, Visio 2003 Viewer, or PowerPoint 2003 Viewer programs read the following FAQs for more information about these programs.

MSN 9 Users Note MSN 9 distributes Picture It! Express version 9 and Picture It! Library. You have the option to install these programs when you install MSN 9. You should install the Picture It! version 9 update only if you installed Picture It! Express version 9 or Picture It! Library when you installed MSN 9.

Affected Components:

Non-Affected Software

  • Microsoft Windows NT Server 4.0 Service Pack 6a
  • Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
  • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)
  • Microsoft Office 2003 Service Pack 1
  • Microsoft Office 2000
  • Microsoft Visio 2003 Service Pack 1
  • Microsoft Visio 2000
  • Microsoft Project 2003 Service Pack 1
  • Microsoft Project 2000
  • Microsoft Digital Image Suite 10, Microsoft Digital Image Pro 10, Picture It! Premium 10
  • The Microsoft .NET Framework version 1.1 SDK
  • Microsoft Works (all versions)
  • Microsoft Systems Management Server (all versions)
  • Microsoft SQL Server Reporting Services
  • Microsoft Broadband Networking

Non-Affected Components:

Note The non-affected versions of Windows do not natively contain the vulnerable component. However, the vulnerable component is installed on these non-affected operating systems when you install any of the software programs or components that are listed in the Affected Software and Affected Components sections of this bulletin. See the FAQ section of this bulletin for more information.

The software in this list has been tested to determine if the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support lifecycle for your product and version, visit the following Microsoft Support Lifecycle Web site.

General Information

Executive Summary

Executive Summary:

This update resolves a newly-discovered, privately reported vulnerability. A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. The vulnerability is documented in this bulletin in its own section.

If a user is logged on with administrator privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.

Microsoft recommends that customers apply the update immediately.

Severity Ratings and Vulnerability Identifier:

Vulnerability Identifier Impact of Vulnerability Outlook (Versions 2002 and 2003) Internet Explorer 6 Service Pack 1 Windows XP, Windows XP Service Pack 1, Windows Server 2003 .NET Framework 1.0, Service Pack 2, .NET Framework 1.1 Other Affected Software and Affected Components Listed Earlier
JPEG Vulnerability - CAN-2004-0200 Remote Code Execution Critical Critical Critical Critical Important

This assessment is based on the types of systems that are affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them.

Why was this security bulletin updated on December 14, 2004?
The bulletin has been updated to advise on the availability of additional updates that help address this vulnerability:

  • Standalone security updates for the Microsoft .NET Framework version 1.0 Service Pack 2 and the Microsoft .NET Framework version 1.1 are now available. Based on customer feedback, Microsoft has created standalone updates for customers who have not yet deployed the Microsoft .NET Framework 1.0 Service Pack 3 or the Microsoft .NET Framework 1.1 Service Pack 1. However, Microsoft recommends that customers install the latest service pack in order to receive protection from this vulnerability as well as other security related issues. Customers that have already installed the Microsoft .NET Framework version 1.0 Service Pack 3 or the Microsoft .NET Framework version 1.1 Service Pack 1 do not need to apply these additional security updates.
  • Security updates for Microsoft Visual FoxPro 8.0 are now available. Developers should use the update for Microsoft Visual FoxPro 8.0 to update their development environment. Developers distributing custom runtime applications that were developed using Microsoft Visual FoxPro 8.0 and include a copy of the vulnerable gdiplus.dll file should evaluate the need to deploy the security update for the Microsoft Visual FoxPro 8.0 Runtime Library.
  • Windows Messenger 5.0 distributes a copy of the vulnerable version of the gdiplus.dll file. However, it is not vulnerable to any known or likely attack vectors and therefore is not considered to be vulnerable to this issue. However, customers that are concerned about the presence of this file and possible future attack vectors that may be found should upgrade to Windows Messenger 5.1. Windows Messenger 5.1 contains the latest version of the gdiplus.dll file and is the recommended version of Windows Messenger. Windows Messenger 5.1 can be downloaded from the following Web site.

The MS04-028 Enterprise Update Scanning Tool has been updated to detect and deploy the stand alone security updates for the Microsoft .NET Framework version 1.0 Service Pack 2 and the Microsoft .NET Framework version 1.1 as well as the Microsoft Visual FoxPro 8.0 security update. The existing version of this tool supported the detection and deployment of the Microsoft .NET Framework version 1.0 Service Pack 3 and the Microsoft .NET Framework version 1.1 Service Pack 1. Now that the standalone security updates are available this tool has been updated to use the stand alone updates instead of the service pack updates. Customers who prefer the support of the service pack updates should continue to use the existing version of this tool. Since Windows Messenger is not considered to be vulnerable to any known or likely attack vectors, it has not been included in this update. For more information about the MS04-028 Enterprise Update Scanning Tool, see Microsoft Knowledge Base Article 886988.

Why was this security bulletin updated on October 12, 2004?
Microsoft Knowledge Base Article 833987 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 833987

After the release of the MS04-028 security bulletin, Microsoft became aware of an issue affecting customers deploying the Office XP, Visio 2002, and Project 2002 updates on Windows XP Service Pack 2 based systems. In some cases, this issue caused the security updates to appear to install correctly, when in fact they did not. This is an issue with the installer used in the security update. For more technical details on this issue, and the specific conditions that can cause the installation to fail, see Microsoft Knowledge Base Article 885876.

As a reminder, Windows XP Service Pack 2 already contains the security update addressing the vulnerability in the JPEG Parsing Engine that is supplied by the operating system. However, customers still need to successfully apply the security updates for Office XP, Visio 2002, and Project 2002 in order to be protected from this vulnerability when using these applications.

Microsoft has investigated this issue and has made available revised security updates for these applications to help ensure that they install successfully on Windows XP Service Pack 2 based systems. These revised security updates are available from Office Update and the Microsoft Download Center. Customers who have not yet applied the original version of these updates should visit Office Update to receive the revised updates. Enterprise customers who have not yet applied the original version of these update should obtain the revised updates from the Microsoft Download Center by using the download links provided in the Affected Software section of this security bulletin.

For customers who have already applied the original Office XP, Visio 2002, and Project 2002 updates and are using Windows XP Service Pack 2, any one of the following steps will correct the issue and properly apply the update:

  • For customers who have Automatic Update enabled in Windows XP Service Pack 2, Microsoft has provided an updated installation package through Windows Update that will correct the installation problem and install the correct files. Since Windows XP Service Pack 2 recommends and prompts customers to turn Automatic Update on, most Windows XP Service Pack 2 users will not have to take any additional steps. This updated installation package is documented in Microsoft Knowledge Base Article 885884.
  • Visit Office Update to obtain the revised updates. Office update will detect the vulnerability on the system and apply the update with the revised version of the installer software.
  • Enterprise customers should obtain the revised security updates from the Microsoft Download Center and redeploy these updates to their clients running Windows XP Service Pack 2.
  • Customers can use the “Detect and Repair” feature within the affected applications. This process will successfully install the correct version of the affected files needed to help protect against the vulnerability. For more information about manually using the "Detect and Repair" feature, see Microsoft Knowledge Base Article 821593

Microsoft has also identified the Windows Journal Viewer as affected by this security vulnerability and has released an update for Windows 2000-based systems. See the following FAQs for more information about the update for the Windows Journal Viewer for Windows 2000-based systems.

As part of this update, Microsoft has also released the MS04-028 Enterprise Update Scanning Tool. Review the MS04-028 Enterprise Update Scanning Tool FAQ in this updated security bulletin for more information.

Why has Microsoft released an update for the Windows Journal Viewer on October 12, 2004?
The Windows Journal Viewer makes it possible for users who do not have a system running Windows XP Tablet PC Edition to view files that were created in Windows Journal on a Tablet PC. The Windows Journal Viewer is vulnerable to the security vulnerability discussed in this bulletin. However, when used on Windows XP based systems, the Windows Journal Viewer uses the operating system supplied version of the affected component. When the Windows XP operating system update is applied on Windows XP and Windows XP Service Pack 1 based systems the Windows Journal Viewer is no longer vulnerable to this issue. Windows XP Service Pack 2 is not vulnerable to this issue, therefore the Windows Journal Viewer when used on Windows XP Service Pack 2 based systems is not vulnerable to this issue. We have now released a security update for Windows Journal Viewer that will help protect Windows 2000-based systems that may have installed the Windows Journal Viewer.

Even if you have installed all of the previously available security updates on Windows 2000, if you have installed the Windows Journal Viewer, it is important that you also install this security update. Windows Update will offer this update only to Windows 2000-based systems that have installed the Windows Journal Viewer. If you are using Windows XP or have not installed the Windows Journal Viewer on Windows 2000, you do not need this security update. This program is not supported on Windows Server 2003. However, if it were installed on Windows Server 2003, it would also use the operating system version of the vulnerable component. If you are using this program on Windows Server 2003 make sure that you install the Windows Server 2003 security update.

What is GDI+?
GDI+ is a graphics device interface that provides two-dimensional vector graphics, imaging, and typography to applications and programmers.

Why are there several affected programs and components?
Windows XP, Windows XP Service Pack 1, and Windows Server 2003 provide an operating system version of the component that is vulnerable to this issue. Earlier versions of Windows did not provide an operating system version of this component. Therefore, when you install programs that require this functionality on earlier versions of Windows, this component is commonly installed. Typically, when these programs are installed on Windows XP, Windows XP Service Pack 1, or Windows Server 2003 they only use the version that is provided by the operating system, even if they install a copy of the vulnerable component.

The exceptions to this are Office XP, Visio 2002, Project 2002, Office 2003, Visio 2003, and Project 2003. To help make sure that JPEG images are processed consistently across all operating systems, these programs use their own version of the vulnerable component. This version of the vulnerable component is installed on all operating systems that are supported by these programs. If you have installed these programs, you must install the update for these programs. You must also install an operating system update if you use Windows XP, Windows XP Service Pack 1, or Windows Server 2003. Also, please review the following FAQ questions relating to exceptions for application developers and third-party applications.

If I use Windows XP Service Pack 2 and use any of the affected software, what should I do?
Windows XP Service Pack 2 does not contain a vulnerable version of the affected component. However, if you have installed any of the affected Office, Visio, or Project applications you should install the updates for those applications. The easiest way to address this vulnerability is to install the updates provided by Office Update. If you have not installed any of the affected Office, Visio, or Project applications you do not have to install any other security updates because the other affected software and affected components use the operating system version of the vulnerable component on Windows XP Service Pack 2. However, please review the following FAQ questions relating to exceptions for application developers and third-party applications. Also, as explained in the previous FAQ, there are cases when the original versions of the Office, Visio, and Project security updates may not have installed correctly. For more information, see Microsoft Knowledge Base Article 833987.

If I use Windows XP, Windows XP Service Pack 1, or Windows Server 2003 and use any of the affected software, what should I do?
If you have installed any of the affected Office, Visio, or Project applications the easiest way to address this vulnerability is to install the updates provided by both Windows Update and Office Update. If you have not installed any of the affected Office, Visio, or Project applications the easiest way to address this vulnerability is to install the updates provided by Windows Update. You do not have to install any other security updates because the other affected software and affected components use the operating system version of the component on Windows XP and Windows Server 2003. However, please review the following FAQ questions relating to exceptions for application developers and third-party applications.

If I use Windows 98, Windows 98 Second Edition (SE), Windows Millennium Edition (Me), Windows NT 4.0, or Windows 2000, what should I do?
By default, these operating systems do not natively provide a version of the vulnerable component and are not affected. However, the vulnerable component is installed on these non-affected operating systems when you install any of the software programs or components that are listed in the Affected Software and Affected Components sections of this bulletin.

If you have installed any of the affected programs or components, you should install the required security updates for those programs or components. For example, if you have Internet Explorer 6 Service Pack 1 and Office XP installed on your Windows 2000 system, you have to install the Internet Explorer 6 Service Pack 1 security update and the Office XP security update. If you have not installed any of the affected programs or components, you do not have to install any security updates.

If I use versions of Internet Explorer that are earlier than Internet Explorer 6 Service Pack 1, am I vulnerable to this issue?
Internet Explorer 5.01 Service Pack 3, Internet Explorer 5.01 Service Pack 4 on Windows 2000, and Internet Explorer 5.5 Service Pack 2 on Windows Me have been tested and they are not vulnerable.

Internet Explorer 6 is only supported when using Windows XP, Windows XP Service Pack 1, and Windows Server 2003. Internet Explorer 6 on Windows XP, Windows XP Service Pack 1, and Windows Server 2003 uses the operating system version of the vulnerable component. When the Windows XP, Windows XP Service Pack 1, and Windows Server 2003 operating system update is installed, Internet Explorer 6 is not vulnerable. Windows XP Service Pack 2 includes Internet Explorer 6 Service Pack 2 and is not vulnerable to this issue. Internet Explorer 6 is no longer in support on other operating systems and may be vulnerable to this issue on those operating systems. Customers who do not use Windows XP, Windows XP Service Pack 1, or Windows Server 2003 and who use versions of Internet Explorer 6 that are earlier than Internet Explorer 6 Service Pack 1 should upgrade to Internet Explorer 6 Service Pack 1 and then install the Internet Explorer 6 Service Pack 1 security update provided in this security bulletin, or upgrade to Windows XP Service Pack 2 for Windows XP customers. To install Internet Explorer 6 Service Pack 1, visit the following Web site. For more information about the support lifecycle for Internet Explorer, visit the following Microsoft Support Lifecycle Web site.

If I use third-party applications that distribute the gdiplus.dll file, could I still be vulnerable even after I have installed all required Microsoft security updates?
Yes. There are cases where you might be vulnerable to this issue even after you install the required operating system update and the updates for programs or components that are listed in the Affected Software and Affected Components sections of this bulletin. If the Gdiplus.dll file is installed on your system, you may have to install an update for that program. Not every program that installs this file is vulnerable to this issue because it may not use the Gdiplus.dll file to process JPEG images. Even when the third-party application uses the Gdiplus.dll file to process JPEG images it may not do so in a vulnerable way. For example if an application does not allow users to supply images for processing or performs additional validation on the images before processing, it may not be vulnerable. However, only the manufacturer of that program can make that determination. This could include, but is not limited to, third party applications that were developed using Visual Studio .NET 2002, Visual Studio .NET 2003, or the Microsoft .NET Framework 1.0 SDK Service Pack 2. Additionally, Windows XP and Windows Server 2003 provide additional methods to help secure applications. These operating systems provide an operating system version of the affected component and can be centrally protected. This means that even if an application installs a version of the Gdiplus.dll file, that the application in most cases will use the operating system supplied version. The operating system version of Gdiplus.dll is updated when you install the appropriate operating system update and will protect most applications from this vulnerability.

However, it is possible for a developer or administrator to force an application to bypass the operating system supplied version of the Gdiplus.dll file and instead use a version that they supply. There are several ways that an application developer may design their application to not use the operating system version of the component. They might explicitly call a version of the component that they have provided, or they might use a side by side bypass feature to call their version of the affected component. This is not likely to be used in most circumstances. However, you may want to consider contacting the third-party application manufacturer for an updated version of their program, if they verify that their program uses any type of bypass feature. Steps to determine if your application is using the side by side bypass feature are located in Microsoft Knowledge Base Article 835322. To determine if your applications has explicitly called a version of the component that they supply we recommend that you contact the application manufacturer. It is important to note that the use of these types of features is generally rare and not recommended. For more information, see the MSDN Web site

Furthermore, in these cases you would only be vulnerable to this issue while using the affected program to process images. Installing the operating system update and the updates for the affected programs and components listed in this bulletin will help reduce the chance that you will be attacked from the most common attack vectors an attacker could use to exploit this vulnerability.

It is also important to note that you should install any available security updates instead of manually updating the affected component, if possible. Manually updating the affected component could create application compatibility issues and is not supported. Also, applications that feature ‘Detect and Repair’ functionality will not receive the necessary information required to prevent these features from potentially introducing the vulnerability upon execution if the affected component is manually updated.

If I am a developer and use Visual Studio .NET 2002, Visual Studio .NET 2003, the Microsoft .NET Framework 1.0 SDK Service Pack 2, or the Microsoft Platform SDK Redistributable: GDI+ to develop applications, what should I do?

When these programs are installed on Windows XP, Windows XP Service Pack 1, or Windows Server 2003 they use the operating system version of the vulnerable component. If you are using these programs on Windows XP, Windows XP Service Pack 1, or Windows Server 2003 make sure that you install the operating system version of the security update. If you are using these programs on other operating systems make sure that you install the update for these programs.

However, if you use these programs to create applications that distribute a version of the Gdiplus.dll file you need to install the appropriate security update based on the development tool you use, even if you have installed an available operating system update or are using Windows XP Service Pack 2. If you use the Gdiplus.dll file for JPEG processing you should consider updating your application to use the updated version of the Gdiplus.dll file. However as mentioned in the previous FAQ, your application may not be directly vulnerable to this issue. Also, you should make sure that you are not using any of the bypass features mentioned in the previous FAQ that could create vulnerabilities within your application.

Can I manually script and deploy the required security updates?
Yes. We have released Microsoft Knowledge Base Article 885885 to assist with the manual installation of some of the available security updates. This article does not provide instructions for the installation of all available security updates and is provided only as a guide in the creation of custom scripts.

Why was the security update for the Microsoft .NET Framework 1.0 and the Microsoft .NET Framework 1.1 initially provided in a Service Pack?

This issue does not affect customers who have already deployed the Microsoft .NET Framework 1.0 Service pack 3 (SP3) and the Microsoft .NET Framework 1.1 Service Pack 1 (SP1). These service packs, released prior to the release of this security bulletin, already contain the security update for this issue as well as other security changes for all reported customer issues found after the release of these software components. Therefore, we highly recommended that customers using the Microsoft .NET Framework 1.0 or the Microsoft .NET Framework 1.1 install these Service Packs for increased security not only for this vulnerability but also for all reported customer issues found after the release of the Microsoft .NET Framework.

Can I use the Microsoft Baseline Security Analyzer (MBSA) to determine if this update is required?
MBSA does detect if the update for this vulnerability is required for Office XP, Office 2003, Project 2002, Project 2003, Visio 2002, and Visio 2003 for local computer scans. For detailed information about how MBSA detects Office updates, visit the following Web site. MBSA displays a note to indicate that certain operating system updates are required. MBSA does not currently support the detection of several of the programs that are listed in the Affected Software and Affected Components section of this security bulletin. For detailed information about the programs that MBSA currently does not detect, see Microsoft Knowledge Base Article 306460. If you have installed any of the programs that are listed in the Affected Software and Affected Components section of this security bulletin you may have to manually determine if you have to install the required update. For example, a Windows 2000 or Windows NT 4.0 system that has installed Internet Explorer 6 Service Pack 1 will need to install the Internet Explorer 6 Service Pack 1 security update and MBSA will not detect the missing update in these configurations. Also, MBSA cannot use the Office Detection Tool to scan remote systems, it will only use this tool to scan a system locally for required security updates. For more information about MBSA, visit the MBSA Web site.

Note After April 20, 2004, the Mssecure.xml file that is used by MBSA 1.1.1 and earlier versions is no longer being updated with new security bulletin data. Therefore, scans that are performed after that date with MBSA 1.1.1 or earlier will be incomplete. All users should upgrade to MBSA 1.2 because it provides more accurate security update detection and supports additional products. Users can download MBSA 1.2 from the MBSA Web site. For more information about MBSA support, visit the Microsoft Baseline Security Analyzer1.2 Q&A; Web site.

Can I use Systems Management Server (SMS) to determine if this update is required?
Yes. SMS can help detect and deploy this security update. For information about SMS, visit the SMS Web site. SMS uses MBSA for detection; therefore, SMS has the same limitation listed earlier in this bulletin related to programs that MBSA does not detect. However, SMS can also use the Microsoft Office Inventory Tool to detect for required updates for Microsoft Office components.

Can I use SMS to determine if programs are installed that have to be updated?
Yes. SMS can help detect if any of the affected programs or affected components are installed that may have installed a version of the vulnerable component. SMS can search for the existence of the file Gdiplus.dll. For the affected programs and components listed in this bulletin may need to update all versions of Gdiplus.dll that are earlier than version 5.1.3102.1355 or versions that are identified as vulnerable in the following FAQ’s that are in use by affected applications. See the ‘If I use third-party applications that distribute the gdiplus.dll file, could I still be vulnerable even after I have installed all required Microsoft security updates?’ FAQ in this bulletin for more information about other applications that may have installed the Gdiplus.dll file. However, it is important to note that you should install the available security updates instead of manually updating the affected component. Manually updating the affected component could create application compatibility issues and is not supported. Also, applications that feature ‘Detect and Repair’ functionality will not receive the necessary information required to prevent these features from potentially introducing the vulnerability upon execution if the affected component is manually updated.

Installations of Office XP, Visio 2002, Project 2002, and Internet Explorer 6 Service Pack 1 (SP1) combine the features of the vulnerable component with other files. For Office XP and Project 2002 you would also have to search for the existence of the Mso.dll file. Update versions of Mso.dll that are earlier than version 10.0.6714.0 that are in use by affected applications. For Visio 2002, you have to search for the existence of the Mso.dll file and the Gdiplus.dll file because Visio 2002 distributes both files, except on Windows XP, or Windows Server 2003 where it only distributes the Mso.dll file.

For installations of Internet Explorer 6 Service Pack 1 that are not running on the Windows XP or Windows Server 2003 operating systems, search for the Vgx.dll file. Update all versions of Vgx.dll that are earlier than version 6.0.2800.1411. Internet Explorer 6 Service Pack 1 uses the operating system version of the vulnerable component on Windows XP and Windows Server 2003. You do not have to update Internet Explorer 6 Service Pack 1 for those operating systems. These .dll files are documented in the Security Update Information section of this security bulletin. You can also deploy the updates provided in this bulletin using the Inventory and Software Distribution feature of SMS.

Which versions of the Gdiplus.dll file could cause applications to become vulnerable?
It is important to remember that the existence of the Gdiplus.dll file does not determine if an application is vulnerable to this issue. The previous FAQs can be used to help determine if you are using the Gdiplus.dll file as part of a vulnerable application. As a general guide to help administrators and developers determine if they are using a version of the Gdiplus.dll file that could allow their applications to become vulnerable to this issue, we have created the following Gdiplus.dll file information table.

Version of Gdiplus.dll file State General Notes
All versions prior to 5.1.3102.1355 Vulnerable Includes Windows XP, Windows XP Service Pack 1, and most third party applications that redistribute this file.
5.1.3102.1355 Not Vulnerable Provided as part of this security bulletin.
5.1.3102.1360 Not Vulnerable Provided as part of this security bulletin.
Versions 5.1.3102.2000 through 5.1.3102.2179 Not Supported These versions were provided as part of early Windows XP Service Pack 2 Beta releases are not supported. Customers should upgrade to the released version of Windows XP Service Pack 2. These versions of the Gdiplus.dll file were not generally released to the public.
5.1.3102.2180 Not Vulnerable Shipped with Windows XP Service Pack 2.
5.2.3790.0 Vulnerable Shipped with Windows Server 2003.
5.2.3790.136 Not Vulnerable Provided as part of this security bulletin.
6.0.3260.0 Vulnerable Shipped with Office 2003, Visio 2003, and Project 2003.
Versions 6.0.3264.0 and later. Not Vulnerable Provided as part of this security bulletin.

Microsoft has released the MS04-028 Enterprise Update Scanning Tool that will assist enterprise customers in detecting if they are running one or more affected products and components, and help them deploy the available security updates. Where can I get more information about this tool?
In an effort to further support enterprise customers through the unique deployment complexities of MS04-28, due to the number of products and components affected, Microsoft has released a scanning tool and guidance that offers system administrators the ability to scan computers on their network for the software listed in the Affected Software and Affected Components sections of this security bulletin and to automatically apply the appropriate MS04-028 updates. The tool can also be used in conjunction with Microsoft’s System Management Server (SMS). For more information about the MS04-028 Enterprise Update Scanning Tool, see Microsoft Knowledge Base Article 886988. This tool does support the Windows Journal Viewer security update.

Microsoft has released the GDI+ Detection Tool for consumers that will also assist in detecting if you are running one or more affected products and components. Where can I get more information about this tool?

Microsoft has created the GDI+ Detection tool to assist consumers in detecting if they are running one or more affected versions of the software listed in the Affected Software and Affected Components sections of this security bulletin that contain a vulnerable version of the JPEG Parsing component on their system. Microsoft Knowledge Base Article 873374 describes this tool as well as provides instructions on how to download this tool. This tool has not been updated to support the Windows Journal Viewer security update.

What does the GDI+ Detection tool do?

The GDI+ Detection tool scans your system for non-operating system software listed in the Affected Software and Affected Components sections of this security bulletin that are known to contain the vulnerable component. It then directs consumers to the appropriate locations for downloading an update to address the vulnerability.

Will the GDI+ Detection tool tell me if my system is at risk from this vulnerability?

No. The tool is only designed to scan the system and detect for the software listed in the Affected Software and Affected Components sections of this security bulletin that are known to contain the vulnerable component. The tool is not able to determine if these products have already been updated to use a secure version of the affected component.

I use Software Update Services (SUS) to deploy security updates in my enterprise. Should I deploy the GDI+ Detection Tool to all of my systems?

The GDI+ Detection Tool was available via SUS but has been removed. This tool is not designed for use or supported in enterprise environments.

What security updates will Windows Update offer to help address this vulnerability?
Windows Update will offer the required operating system updates for Windows XP, Windows XP Service Pack 1, and Windows Server 2003. Windows XP Service Pack 2 does not require an update because it does not contain a vulnerable version of the affected component. Windows Update will offer the Internet Explorer 6 Service Pack 1 security update to Windows 98, Windows 98 SE, Windows Me, Windows NT 4.0 and Windows 2000 operating systems. Windows Update will offer the .NET Framework, version 1.0 Service Pack 3 (SP3) and the .NET Framework, version 1.1 Service Pack 1 to Windows NT 4.0 and Windows 2000 operating systems. Windows Update will offer an update for the Windows Journal Viewer only to Windows 2000-based systems that have installed the Windows Journal Viewer. These security updates are not offered to Windows XP or Windows Server 2003 systems because these operating system components and applications use the operating system version of the affected component on Window XP and Windows Server 2003.

Also, as explained in a previous FAQ, there are cases, when using Windows XP Service Pack 2, where the original versions of the Office XP, Visio 2002, and Project 2002 security updates may not have installed correctly. For these Windows XP Service Pack 2 customers, Microsoft has provided an updated installation package through Windows Update that will correct the installation problem and install the correct files. Since Windows XP Service Pack 2 recommends and prompts customers to turn Automatic Update on, most Windows XP Service Pack 2 users will not have to take any additional steps. This updated installation package is documented in Microsoft Knowledge Base Article 885884.

What security updates will Office Update offer to help address this vulnerability?
Office Update will offer the required updates for Office XP, Office 2003, Project 2002, Project 2003, Visio 2002, and Visio 2003. These security updates are required on all operating systems where these products are installed. Office 2003 Service Pack 1, Visio 2003 Service Pack 1, and Project 2003 Service Pack 1 are not affected and will be offered to customers using Office 2003, Project 2003, and Visio 2003 instead of the individual updates. Customers who have installed these service packs are not affected by this vulnerability from these applications.

What security updates will not be offered through Windows Update or Office Update to help address this vulnerability and should be manually installed?
Windows Update and Office Update do not provide support for the remaining programs. This includes the security updates for Visual Studio .NET 2002 (and all included programs), Visual Studio .NET 2003 (and all included programs), Greetings 2002, Picture It! (all versions), Digital Image (all versions), the Microsoft .NET Framework version 1.0 SDK Service Pack 2, the Microsoft .NET Framework version 1.0 Service Pack 2 standalone security update, the Microsoft .NET Framework version 1.1 standalone security update, Producer for Microsoft Office PowerPoint (all versions), and the Platform SDK Redistributable: GDI+. These security updates are required on Windows 98, Windows 98 SE, Windows Me, Windows NT 4.0 and Windows 2000 operating systems where these products are installed. Note Visual Studio .NET 2002 Enterprise Architect and Visual Studio .NET 2003 Enterprise Architect include Visio 2002. Visio 2002 is supported by Office Update.

Are the Visio 2002 Viewer, Visio 2003 Viewer, and PowerPoint 2003 Viewer programs affected by this vulnerability?
Earlier versions of the Visio 2002 Viewer, Visio 2003 Viewer, and PowerPoint 2003 Viewer programs are affected by this vulnerability. We do not offer security update support for these programs. However, the most recent version of the Visio 2002 Viewer, Visio 2003 Viewer, and PowerPoint 2003 Viewer programs are not affected by this vulnerability. We recommend that customers install the most recent version of these programs.

Vulnerability Details

JPEG Vulnerability - CAN-2004-0200:

A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. Any program that processes JPEG images on the affected systems could be vulnerable to this attack, and any system that uses the affected programs or components could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Mitigating factors for JPEG Vulnerability - CAN-2004-0200:

  • An attacker who successfully exploited this vulnerability could gain the same privileges as the user. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
  • The vulnerability could only be exploited by an attacker who persuaded a user to open a specially crafted file or to view a directory that contains the specially crafted image. There is no way for an attacker to force a user to open a malicious file.
  • In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.
  • Windows XP, Window XP Service Pack 1, and Windows Server 2003 are the only operating systems that contain the vulnerable component by default. By default, Windows 98, Windows 98 SE, Windows Me, Windows NT 4.0, Windows 2000, and Windows XP Service Pack 2 are not vulnerable to this issue. However, the vulnerable component will be installed by any of the programs listed in the affected software section of this bulletin on these operating systems and you should install the appropriate security update for those programs.

Workarounds for JPEG Vulnerability - CAN-2004-0200:

Microsoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified below.

Read e-mail messages in plain text format if you are using Outlook 2002 or later, or Outlook Express 6 SP1 or later, to help protect yourself from the HTML e-mail attack vector.

Microsoft Outlook 2002 users who have applied Office XP Service Pack 1 or later and Microsoft Outlook Express 6 users who have applied Internet Explorer 6 Service Pack 1 can enable this setting and view e-mail messages that are not digitally signed or e-mail messages that are not encrypted in plain text only.

Digitally signed e-mail messages or encrypted e-mail messages are not affected by the setting and may be read in their original formats. For more information about enabling this setting in Outlook 2002, see Microsoft Knowledge Base Article 307594.

For information about this setting in Outlook Express 6, see Microsoft Knowledge Base Article 291387.

Impact of Workaround: E-mail messages that are viewed in plain text format will not contain pictures, specialized fonts, animations, or other rich content. Additionally:

  • The changes are applied to the preview pane and to open messages.
  • Pictures become attachments so that they are not lost. Note Manually viewing these pictures could allow remote code execution if you are using a vulnerable application or operating system.
  • Because the message is still in Rich Text or HTML format in the store, the object model (custom code solutions) may behave unexpectedly.

FAQ for JPEG Vulnerability - CAN-2004-0200:

What is the scope of the vulnerability?
This is a buffer overrun vulnerability. If a user is logged on with administrator privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.

What causes the vulnerability?
An unchecked buffer in the processing of JPEG images.

What are JPEG images?
JPEG is a platform-independent image format that supports a high level of compression. JPEG is a widely supported Internet standard developed by the Joint Photographic Experts Group.

What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.

How could an attacker exploit this vulnerability?
Any program that processes JPEG images could be vulnerable to this attack. Here are some examples:

  • An attacker could host a malicious Web site that is designed to exploit this vulnerability through Internet Explorer 6 and then persuade a user to view the Web site.
  • An attacker could also create an HTML e-mail message that has a specially crafted image attached. The specially crafted image could be designed to exploit this vulnerability through Outlook 2002 or Outlook Express 6. An attacker could persuade the user to view or preview the HTML e-mail message.
  • An attacker could embed a specially crafted image in an Office document and then persuade the user to view the document.
  • An attacker could add a specially crafted image to the local file system or onto a network share and then persuade the user to preview the directory by using Windows Explorer.

What systems are primarily at risk from the vulnerability?
The vulnerability could only be exploited on the affected systems by an attacker who persuaded a user to open a specially crafted file or view a directory that contains the specially crafted image. There is no way for an attacker to force a user to open a malicious file.

In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.

Windows XP, Windows XP Service Pack 1, and Windows Server 2003 are vulnerable by default. Windows XP Service Pack 2, Windows 98, Windows 98 SE, Windows Me, Windows NT 4.0, and Windows 2000 are not vulnerable by default. However, the vulnerable component could be installed by any of the products listed in the affected software section on these operating systems. Third-party applications that perform JPEG processing; third-party applications that were developed using Visual Studio .NET 2002, Visual Studio .NET 2003, or the Microsoft .NET Framework version 1.0 SDK Service Pack 2; and third-party applications that distribute their own copy of the vulnerable component may be also vulnerable.

What does the update do?
The update removes the vulnerability by modifying the way that the affected component validates the affected image types.

When this security bulletin was issued, had this vulnerability been publicly disclosed?
No. Microsoft received information about this vulnerability through responsible disclosure. Microsoft had not received any information indicating that this vulnerability had been publicly disclosed when this security bulletin was originally issued.

When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?
No. Microsoft had not received any information indicating that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.

Security Update Information

Installation Platforms and Prerequisites:

For information about the specific security update for your platform, click the appropriate link:

Windows Server 2003 (all versions)

Prerequisites This security update requires a released version of Windows Server 2003.

Inclusion in Future Service Packs: The update for this issue will be included in Windows Server 2003 Service Pack 1.

Installation Information

This security update supports the following setup switches:

/help                 Displays the command line options

Setup Modes

/quiet            Quiet mode (no user interaction or display)

/passive            Unattended mode (progress bar only)

/uninstall          Uninstalls the package

Restart Options

/norestart          Do not restart when installation is complete

/forcerestart      Restart after installation

Special Options

/l           Lists installed Windows hotfixes or update packages

/o          Overwrite OEM files without prompting

/n          Do not backup files needed for uninstall

/f           Force other programs to close when the computer shuts down

Note You can combine these switches into one command. For backward compatibility, the security update also supports the setup switches that the previous version of the setup utility uses. For more information about the supported installation switches, see Microsoft Knowledge Base Article 262841.

Deployment Information

To install the security update without any user intervention, use the following command at a command prompt for Windows Server 2003:

Windowsserver2003-kb833987-x86-enu /passive /quiet

To install the security update without forcing the system to restart, use the following command at a command prompt for Windows Server 2003:

Windowsserver2003-kb833987-x86-enu /norestart

For information about how to deploy this security update with Software Update Services, visit the Software Update Services Web site.

Restart Requirement

In some cases, this update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason or if required files are in use, this update will require a restart. If this occurs, a message appears that advises you to restart.

Removal Information

To remove this update, use the Add or Remove Programs tool in Control Panel.

System administrators can also use the Spuninst.exe utility to remove this security update. The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB833987$\Spuninst folder. The Spuninst.exe utility supports the following setup switches:

/?: Show the list of installation switches.

/u: Use unattended mode.

/f: Force other programs to quit when the computer shuts down.

/z: Do not restart when the installation is complete.

/q: Use Quiet mode (no user interaction).

File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, and Windows Server 2003 Datacenter Edition:

Date Time Version Size Filename Folder
-----------------------------------------------------------------
24-Mar-2004 01:02 5.2.3790.136 1,642,496 Gdiplus.dll
24-Mar-2004 01:02 5.2.3790.121 751,104 Sxs.dll RTMQFE

Windows Server 2003 64-Bit Enterprise Edition and Windows Server 2003 64-Bit Datacenter Edition:

Date Time Version Size Filename Platform Folder
--------------------------------------------------------------------------------
24-Mar-2004 01:02 5.2.3790.136 4,719,104 Gdiplus.dll IA-64
24-Mar-2004 01:02 5.2.3790.136 1,642,496 Gdiplus.dll x86
24-Mar-2004 01:02 5.2.3790.121 1,860,608 Sxs.dll IA-64 RTMQFE
24-Mar-2004 01:02 5.2.3790.121 751,104 Wsxs.dll x86 RTMQFE\WOW

Verifying Update Installation

  • Microsoft Baseline Security Analyzer (MBSA)

    To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

  • Registry Key Verification

    You may also be able to verify the files that this security update has installed by reviewing the following registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP1\KB833987\Filelist

    Note This registry key may not contain a complete list of installed files. Also, this registry key may not be created correctly if an administrator or an OEM integrates or slipstreams the 833987 security update into the Windows installation source files.

Windows XP, Windows XP Service Pack 1 (all versions)

Note For Windows XP 64-Bit Edition Version 2003, this security update is the same as the Windows Server 2003 64-Bit Edition security update.

Prerequisites This security update requires the release version of Windows XP or Windows XP Service Pack 1 (SP1). For more information, see Microsoft Knowledge Base Article 322389.

Inclusion in Future Service Packs: The update for this issue is included in Windows XP Service Pack 2.

Installation Information

This security update supports the following setup switches:

/help                 Displays the command line options

Setup Modes

/quiet            Quiet mode (no user interaction or display)

/passive            Unattended mode (progress bar only)

/uninstall          Uninstalls the package

Restart Options

/norestart          Do not restart when installation is complete

/forcerestart      Restart after installation

Special Options

/l           Lists installed Windows hotfixes or update packages

/o          Overwrite OEM files without prompting

/n          Do not backup files needed for uninstall

/f           Force other programs to close when the computer shuts down

Note You can combine these switches into one command. For backward compatibility, the security update also supports the setup switches that the previous version of the setup utility uses. For more information about the supported installation switches, see Microsoft Knowledge Base Article 262841.

Deployment Information

To install the security update without any user intervention, use the following command at a command prompt for Windows XP:

Windowsxp-kb833987-x86-enu /passive /quiet

To install the security update without forcing the system to restart, use the following command at a command prompt for Windows XP:

Windowsxp-kb833987-x86-enu /norestart

For more information about how to deploy this security update with Software Update Services, visit the Software Update Services Web site.

Restart Requirement

In some cases, this update does not require a restart. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason or if required files are in use, this update will require a restart. If this occurs, a message appears that advises you to restart.

Removal Information

To remove this security update, use the Add or Remove Programs tool in Control Panel.

System administrators can also use the Spuninst.exe utility to remove this security update. The Spuninst.exe is located in the %Windir%\$NTUninstallKB833987$\Spuninst folder. The Spuninst.exe utility supports the following setup switches:

/?: Show the list of installation switches.

/u: Use unattended mode.

/f: Force other programs to quit when the computer shuts down.

/z: Do not restart when the installation is complete.

/q: Use Quiet mode (no user interaction).

File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Windows XP Home Edition, Windows XP Professional, Windows XP Home Edition Service Pack 1, Windows XP Professional Service Pack 1, Windows XP Tablet PC Edition, and Windows XP Media Center Edition:

Date Time Version Size File name Folder
--------------------------------------------------------------------------
09-Mar-2004 01:58 5.1.2600.136 646,656 Sxs.dll SP1 (Pre SP1)
02-Mar-2004 21:19 5.1.3102.1360 1,638,400 Gdiplus.dll SP1 (Pre SP1)
09-Mar-2004 02:25 5.1.2600.1363 676,864 Sxs.dll SP2 (With SP1)
02-Mar-2004 21:19 5.1.3102.1360 1,638,400 Gdiplus.dll SP2 (With SP1)

Windows XP 64-Bit Edition Service Pack 1:

Date Time Version Size File name Platform
--------------------------------------------------------------------------
09-Mar-2004 02:33 5.1.2600.1363 2,018,816 Sxs.dll IA-64
09-Mar-2004 02:25 5.1.2600.1363 676,864 Wsxs.dll x86
09-Mar-2004 02:33 5.1.3102.1360 5,185,536 Gdiplus.dll IA-64

Windows XP 64-Bit Edition Version 2003:

Date Time Version Size File name Platform Folder
--------------------------------------------------------------------------------
24-Mar-2004 01:02 5.2.3790.136 4,719,104 Gdiplus.dll IA-64
24-Mar-2004 01:02 5.2.3790.136 1,642,496 Gdiplus.dll x86
24-Mar-2004 01:02 5.2.3790.121 1,860,608 Sxs.dll IA-64 RTMQFE
24-Mar-2004 01:02 5.2.3790.121 751,104 Wsxs.dll x86 RTMQFE\WOW

Notes

The Windows XP, Windows XP Service Pack 1, and Windows XP 64-Bit Edition Version 2003 versions of this security update are packaged as dual-mode packages, which contain files for both the original version of Windows XP and Windows XP Service Pack 1. For more information about dual-mode packages, see Microsoft Knowledge Base Article 328848.

Verifying Update Installation

  • Microsoft Baseline Security Analyzer (MBSA)

    To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

  • Registry Key Verification

    You may also be able to verify the files that this security update has installed by reviewing the following registry keys.

    For Windows XP Home Edition, Windows XP Professional, Windows XP Home Edition Service Pack 1, Windows XP Professional Service Pack 1, Windows XP 64-Bit Edition Service Pack 1, Windows XP Tablet PC Edition, and Windows XP Media Center Edition:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB833987\Filelist

    For Windows XP 64-Bit Edition Version 2003:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP1\KB833987\Filelist

    Note These registry keys may not contain a complete list of installed files. Also, these registry keys may not be created correctly if an administrator or an OEM integrates or slipstreams the 833987 security update into the Windows installation source files.

Office XP (all versions)

Prerequisites and Additional Update Details

Important: Before you install this update, make sure that the following requirements have been met:

  • Microsoft Windows Installer 2.0 must be installed. Microsoft Windows Server 2003, Windows XP and Microsoft Windows 2000 Service Pack 3 (SP3) include Windows Installer 2.0 or later. To install the latest version of the Windows Installer, visit one of the following Microsoft Web sites:

    Windows Installer 2.0 for Windows 95, Windows 98, Windows 98 SE, and Windows Millennium Edition

    Windows Installer 2.0 for Windows 2000 and Windows NT 4.0

  • Office XP Service Pack 3 (SP3) must be installed in order to install the client security update. Before you install this update, install Office XP SP3. For additional information about how to install Office XP SP3, see Microsoft Knowledge Base Article 832671. The administrative update can also be installed on systems that are running Office XP Service Pack 2 or Office XP Service Pack 3. The security update for Office XP Service Pack 2 is only provided as part of the Office XP administrative security update.

For additional information about how to determine the version of Office XP on your computer, see Microsoft Knowledge Base Article 291331.

Note The administrative version of this update includes the necessary files to support installation on localized versions of the affected product, although the security update installation user interface will be in English.

Inclusion in Future Service Packs:

The fix for this issue will be included in a future service pack.

Restart Requirement

No restart is required.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove the application, and then install it again from the original CD-ROM.

Automated Client Installation Information

Office Update Web Site

Microsoft recommends that you install the Microsoft Office XP client updates by using the Office Update Web site. The Office Update Web site detects your particular installation and prompts you to install exactly what you must have to make sure that your installation is completely up-to-date.

To have the Office Update Web site detect the required updates that you must install on your computer, visit the Office Update Web site, and then click Check for Updates. After detection is complete, you will receive a list of recommended updates for your approval. Click Start Installation to complete the process.

Manual Client Installation Information

For detailed information about how to manually install this update please review the following section.

Installation Information

The security update supports the following setup switches:

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/Q:U Specifies user-quiet mode, which presents some dialog boxes to the user.

/Q:A Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the setup .inf or .exe file.

/R:N Never restarts the computer after installation.

/R:I Prompts the user to restart the computer if a restart is required, except when used with /Q:A.

/R:A Always restarts the computer after installation.

/R:S Restarts the computer after installation without prompting the user.

/N:V No version checking - Install the program over any previous version.

Note These switches do not necessarily work with all updates. If a switch is not available that functionality is necessary for the correct installation of the update. Also, the use of the /N:V switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it failed to install.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Client Deployment Information

  1. Download the client version of this security update.
  2. Click Save this program to disk, and then click OK.
  3. Click Save.
  4. Using Windows Explorer, find the folder that contains the saved file, and then double-click the saved file.
  5. If you are prompted to install the update, click Yes.
  6. Click Yes to accept the License Agreement.
  7. Insert your original source CD-ROM when you are prompted to do so, and then click OK.
  8. When you receive a message that indicates the installation was successful, click OK.

Note If the security update is already installed on your computer, you receive the following error message: This update has already been applied or is included in an update that has already been applied.

Client Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Office XP:

Date Time Version Size Filename
--------------------------------------------------------
07-May-2004 21:56 10.0.6714.0 9,796,288 Mso.dll

Verifying Update Installation

  • Microsoft Baseline Security Analyzer

    To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

Administrative Installation Information

If you installed your application from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.

Installation Information

The following setup switches are relevant to administrative installations as they allow an administrator to customize the manner in which the files are extracted from within the security update:

/? Displays the command line options

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Administrative Deployment Information

To update your administrative installation please perform the following procedure:

  1. Download the administrative version of this security update.

  2. Click Save this program to disk, and then click OK.

  3. Click Save.

  4. Using Windows Explorer, find the folder that contains the saved file and then double-click the saved file.

  5. If you are prompted to install the update, click Yes.

  6. Click Yes to accept the License Agreement.

  7. In the Type the location where you want to place the extracted files box, type c:\adminUpdate, and then click OK.

  8. Click Yes when you are prompted to create the folder.

  9. If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box

    msiexec /a Admin Path\MSI File /p C:\adminUpdate\MSP File SHORTFILENAMES=TRUE

    Where Admin Path is the path of your administrative installation point for your application (for example, C:\OfficeXP), MSI File is the .msi database package for the application (for example, Data1.msi), and MSP File is the name of the administrative update (for example, SHAREDff.msp).

    Note You can append /qb+ to the command line so that the Administrative Installation dialog box and the End User License Agreement dialog box do not appear.

  10. Click Next in the provided dialog box. Do not change your CD Key, installation location, or company name in the provided dialog box.

  11. Click I accept the terms in the License Agreement, and then click Install.

At this point, your administrative installation point is updated. Next, you must update the workstations that were originally installed from this administrative installation. To do this, please review the Workstation Deployment section. Any new installations that you run from this administrative installation point will include the update.

Warning Any workstation that was originally installed from this administrative installation before you installed the update cannot use this administrative installation for actions like repairing Office or adding new features until you complete the steps in the Workstation Deployment section for this workstation.

Workstation Deployment Information

To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box:

msiexec /i Admin Path\MSI File /qb REINSTALL=Feature List REINSTALLMODE=vomu

where Admin Path is the path of your administrative installation point for your application (for example, C:\OfficeXP), MSI File is the MSI database package for the application (for example, Data1.msi), and Feature List is the list of feature names (case sensitive) that have to be reinstalled for the update. To install all features, you can use REINSTALL=ALL.

Note Additional instructions are provided in Microsoft Knowledge Base Article 832332. Information concerning this update can also be found on the Microsoft Office XP Resource Kit Web site. General information concerning the Microsoft Office XP Resource Kit can also be found on TechNet. The Windows Installer Documentation also provides additional information about the parameters supported by the Windows Installer.

Administrative Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Office XP:

Date Time Version Size Filename
--------------------------------------------------------
07-May-2004 21:56 10.0.6714.0 9,796,288 Mso.dll

Verifying Update Installation

  • Microsoft Baseline Security Analyzer

    To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

Project 2002 (all versions)

Prerequisites and Additional Update Details

Important: Before you install this update, make sure that the following requirements have been met:

  • Microsoft Windows Installer 2.0 must be installed. Microsoft Windows Server 2003, Windows XP and Microsoft Windows 2000 Service Pack 3 (SP3) include Windows Installer 2.0 or later. The latest version of Windows Installer is available as a separate download at the following links:

    Windows Installer 2.0 for Windows 95, Windows 98, and Windows Millennium Edition

    Windows Installer 2.0 for Windows 2000 and Windows NT 4.0

  • Microsoft Project Standard 2002, Microsoft Project Standard Service Pack 1, Microsoft Project Professional 2002, or Microsoft Project Professional 2002 Service Pack 1 must be installed. We recommend that before you install this update that you install Microsoft Project 2002 Service Pack 1. However this update will successfully install on installations of Microsoft Project 2002 that do not have Service Pack 1 installed. For additional information about how to install Microsoft Project 2002 Service Pack 1, see Microsoft Knowledge Base Article 830241. For additional information about how to install this update on Microsoft Project 2002 installations that do not have Project 2002 Service Pack 1 installed, see Microsoft Knowledge Base Article 831931.

Note The administrative (full-file) version of this update includes the necessary files to support installation on localized versions of the affected product, although the security update installation user interface will be in English.

Inclusion in Future Service Packs:

The fix for this issue will be included in a future service pack.

Restart Requirement

No restart is required.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove the application, and then install it again from the original CD-ROM.

Automated Client Installation Information

Office Update Web Site

Microsoft recommends that you install the Project 2002 client update by using the Office Update Web site. The Office Update Web site detects your particular installation and prompts you to install exactly what you must have to make sure that your installation is completely up-to-date.

To have the Office Updates Web site detect the required updates that you must install on your computer, visit the Office Update Web site, then click Check for Updates. After detection is complete, you will receive a list of recommended updates for your approval. Click Start Installation to complete the process.

Manual Client Installation Information

For detailed information about how to manually install this update please review the following section.

Installation Information

The security update supports the following Setup switches:

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/Q:U Specifies user-quiet mode, which presents some dialog boxes to the user.

/Q:A Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

/R:N Never restarts the computer after installation.

/R:I Prompts the user to restart the computer if a restart is required, except when used with /Q:A.

/R:A Always restarts the computer after installation.

/R:S Restarts the computer after installation without prompting the user.

/N:V No version checking - Install the program over any previous version.

Note These switches do not necessarily work with all updates. If a switch is not available that functionality is necessary for the correct installation of the update. Also, the use of the /N:V switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it failed to install.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Client Deployment Information

  1. Download the update.
  2. Click Save this program to disk, and then click OK.
  3. Click Save.
  4. Using Windows Explorer, find the folder that contains the saved file, and then double-click the saved file.
  5. If you are prompted to install the update, click Yes.
  6. Click Yes to accept the License Agreement.
  7. Insert your original source CD-ROM when you are prompted to do so, and then click OK.
  8. When you receive a message that indicates the installation was successful, click OK.

Note If the security update is already installed on your computer, you receive the following error message: This update has already been applied or is included in an update that has already been applied.

Client Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Project 2002:

Date Time Version Size Filename
--------------------------------------------------------
07-May-2004 21:56 10.0.6714.0 9,796,288 Mso.dll

Verifying Update Installation

  • Microsoft Baseline Security Analyzer (MBSA)

    To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

Administrative Installation Information

If you installed your application from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.

Installation Information

The following setup switches are relevant to administrative installations as they allow an administrator to customize the manner in which the files are extracted from within the security update:

/? Displays the command line options

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Administrative Deployment Information

To update your administrative installation please perform the following procedure:

  1. In Windows Explorer, create a new folder on the C drive, and then name it KB831931.

  2. Download the update.

  3. Click Save this program to disk to save the Project2002-KB831931-FullFile-ENU.exe file to the C:\KB831931 folder.

  4. Click Start, click Run, type cmd in the Open box, and then click OK. (When using Windows 98, Windows 98 SE, or Windows Millennium Edition replace cmd with command.com.)

  5. At the command prompt, type the following lines, and then press ENTER after each line:

    cd\kb831931

    Project2002-KB831931-FullFile-ENU.exe /c /t:c:\kb831931

  6. Click Yes to accept the License Agreement.

  7. At the command prompt, type the following line, and then press ENTER:

    exit

  8. If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box

    msiexec /a Admin Path\MSI File /p C:\kb831931\MSP File SHORTFILENAMES=TRUE

    Where Admin Path is the path of your administrative installation point for your application (for example, C:\Project), MSI File is the .msi database package for the application (for example, Prjproe.msi), and MSP File is the name of the administrative update (for example, MSO.MSP).

    Note You can append /qb+ to the command line so that the Administrative Installation dialog box and the End User License Agreement dialog box do not appear.

  9. Click Next in the provided dialog box. Do not change your CD Key, installation location, or company name in the provided dialog box.

  10. Click I accept the terms in the License Agreement, and then click Install.

At this point, your administrative installation point is updated. Next, you must update the workstations that were originally installed from this administrative installation. To do this, please review the Workstation Deployment section. Any new installations that you run from this administrative installation point will include the update.

Warning Any workstation that was originally installed from this administrative installation before you installed the update cannot use this administrative installation for actions like repairing Office or adding new features until you complete the steps in the Workstation Deployment section for this workstation.

Workstation Deployment Information

To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box:

msiexec /i Admin Path\MSI File /qb REINSTALL=Feature List REINSTALLMODE=vomu

where Admin Path is the path of your administrative installation point for your application (for example, C:\Project), MSI File is the MSI database package for the application (for example, Prjproe.msi), and Feature List is the list of feature names (case sensitive) that have to be reinstalled for the update. To install all features, you can use REINSTALL=ALL.

Note Additional instructions are provided in Microsoft Knowledge Base Article 831931. Information concerning Microsoft Project 2002 can be found in the Microsoft Project 2002 Resource Kit. General information concerning the Microsoft Office XP Resource Kit can also be found on TechNet. The Windows Installer Documentation also provides additional information about the parameters supported by the Windows Installer.

Administrative Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Project 2002:

Date Time Version Size Filename
--------------------------------------------------------
07-May-2004 21:56 10.0.6714.0 9,796,288 Mso.dll

Verifying Update Installation

  • Microsoft Baseline Security Analyzer

    To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

Visio 2002 (all versions)

Prerequisites and Additional Update Details

Important: Before you install this update, make sure that the following requirements have been met:

  • Microsoft Windows Installer 2.0 must be installed. Microsoft Windows Server 2003, Windows XP and Microsoft Windows 2000 Service Pack 3 (SP3) include Windows Installer 2.0 or later. The latest version of Windows Installer is available as a separate download at the following links:

    Windows Installer 2.0 for Windows 95, Windows 98, and Window Millennium

    Windows Installer 2.0 for Windows 2000 and Windows NT 4.0

  • Either Microsoft Visio 2002 Standard (Service Pack 1 or Service Pack 2), Microsoft Visio 2002 Professional (Service Pack 1 or Service Pack 2), Microsoft Visio 2002 for Enterprise Architects (Service Pack 1 or Service Pack 2), or Microsoft Visio 2002 for Biztalk Server (Service Pack 1 or Service Pack 2) must be installed. Before you install this update, install Visio 2002 Service Pack 1 or Service Pack 2. For additional information about how to install Visio 2002 Service Pack 2, see Microsoft Knowledge Base Article 830242. For additional information about how to install this update on Microsoft Visio 2002 installations that do not have Visio 2002 Service Pack 2 installed, see Microsoft Knowledge Base Article 831932.

Note The administrative (full-file) version of this update includes the necessary files to support installation on localized versions of the affected product, although the security update installation user interface will be in English.

Inclusion in Future Service Packs:

The fix for this issue will be included in a future service pack.

Restart Requirement

No restart is required.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove the application, and then install it again from the original CD-ROM.

Automated Client Installation Information

Office Update Web Site

Microsoft recommends that you install the Visio 2002 client update by using the Office Update Web site. The Office Update Web site detects your particular installation and prompts you to install exactly what you must have to make sure that your installation is completely up-to-date.

To have the Office Update Web site detect the required updates that you must install on your computer, visit the Office Update Web site and then click Check for Updates. After detection is complete, you will receive a list of recommended updates for your approval. Click Start Installation to complete the process.

Manual Client Installation Information

For detailed information about how to manually install this update please review the following section.

Installation Information

The security update supports the following Setup switches:

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/Q:U Specifies user-quiet mode, which presents some dialog boxes to the user.

/Q:A Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

/R:N Never restarts the computer after installation.

/R:I Prompts the user to restart the computer if a restart is required, except when used with /Q:A.

/R:A Always restarts the computer after installation.

/R:S Restarts the computer after installation without prompting the user.

/N:V No version checking - Install the program over any previous version.

Note These switches do not necessarily work with all updates. If a switch is not available, that functionality is necessary for the correct installation of the update. Also, the use of the /N:V switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it failed to install.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Client Deployment Information

  1. Download the update
  2. Click Save this program to disk, and then click OK.
  3. Click Save.
  4. Using Windows Explorer, find the folder that contains the saved file, and the double-click the saved file.
  5. If you are prompted to install the update, click Yes.
  6. Click Yes to accept the License Agreement.
  7. Insert your original source CD-ROM when you are prompted to do so, and then click OK.
  8. When you receive a message that indicates the installation was successful, click OK.

Note If the security update is already installed on your computer, you receive the following error message: This update has already been applied or is included in an update that has already been applied.

Client Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Visio 2002:

Date Time Version Size Filename
---------------------------------------------------------
02-Mar-2004 21:19 5.1.3102.1360 1,638,400 Gdiplus.dll
07-May-2004 21:56 10.0.6714.0 9,796,288 Mso.dll

Note When you install this security update on Windows XP or Windows Server 2003, it only installs the Mso.dll file. Visio 2002 uses the operating system version of the Gdiplus.dll file on Windows XP and Windows Server 2003. If you use Visio 2002 on Windows XP or Windows Server 2003 make sure that you install the operating system version of the security update. When you install this security update on other operating systems, it will install both the Gdiplus.dll file and the Mso.dll file.

Verifying Update Installation

  • Microsoft Baseline Security Analyzer

    To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

Administrative Installation Information

If you installed your application from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.

Installation Information

The following setup switches are relevant to administrative installations as they allow an administrator to customize the manner in which the files are extracted from within the security update:

/? Displays the command line options

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Administrative Deployment Information

To update your administrative installation please perform the following procedure:

  1. In Windows Explorer, create a new folder on the C drive, and then name it KB831932.

  2. Download the update.

  3. Click Save this program to disk to save the Visio2002-KB831932-FullFile-ENU.exe file to the C:\KB831932 folder.

  4. Click Start, click Run, type cmd in the Open box, and then click OK. (When using Windows 98, Windows 98 SE, or Windows Millennium Edition replace cmd with command.com.)

  5. At the command prompt, type the following lines, and then press ENTER after each line:

    cd\kb831932

    Visio2002-KB831932-FullFile-ENU.exe /c /t:c:\kb831932

  6. Click Yes to accept the License Agreement.

  7. At the command prompt, type the following line, and then press ENTER:

    exit

  8. If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box

    msiexec /a Admin Path\MSI File /p C:\kb831932\Visio2002-KB831932-FullFile.MSP

    Where Admin Path is the path of your administrative installation point for your application (for example, C:\Visio), MSI File is the .msi database package for the application (for example, Visio.msi), and MSP File is the name of the administrative update (for example, Visio2002-KB831932-FullFile.MSP).

    Note You can append /qb+ to the command line so that the Administrative Installation dialog box and the End User License Agreement dialog box do not appear.

  9. Click Next in the provided dialog box. Do not change your CD Key, installation location, or company name in the provided dialog box.

  10. Click I accept the terms in the License Agreement, and then click Install.

At this point, your administrative installation point is updated. Next, you must update the workstations that were originally installed from this administrative installation. To do this, please review the Workstation Deployment section. Any new installations that you run from this administrative installation point will include the update.

Warning Any workstation that was originally installed from this administrative installation before you installed the update cannot use this administrative installation for actions like repairing Office or adding new features until you complete the steps in the Workstation Deployment section for this workstation.

Workstation Deployment Information

To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box:

msiexec /i Admin Path\MSI File /qb REINSTALL=Feature List REINSTALLMODE=vomu

where Admin Path is the path of your administrative installation point for your application (for example, C:\Visio), MSI File is the MSI database package for the application (for example, Visio.msi), and Feature List is the list of feature names (case sensitive) that have to be reinstalled for the update. To install all features, you can use REINSTALL=ALL.

Note Additional instructions are provided in Microsoft Knowledge Base Article 831932. Information on deploying updates in a corporate environment can also be found in the Microsoft Office Resource Kit or the Microsoft Visio 2002 Resource Kit. The Windows Installer Documentation also provides additional information about the parameters supported by the Windows Installer.

Administrative Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Visio 2002:

Date Time Version Size File name
----------------------------------------------------------
02-Mar-2004 21:19 5.1.3102.1360 1,638,400 Gdiplus.dll
07-May-2004 21:56 10.0.6714.0 9,796,288 Mso.dll

Verifying Update Installation

  • Microsoft Baseline Security Analyzer

    To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

Office 2003 (all versions except Office 2003 Service Pack 1)

Prerequisites and Additional Update Details

Important: Before you install this update, make sure that the following requirements have been met:

For additional information about how to determine the version of Office 2003 on your computer, see Microsoft Knowledge Base Article 821549.

Note The administrative version of this update includes the necessary files to support installation on localized versions of the affected product, although the security update installation user interface will be in English.

Inclusion in Future Service Packs:

The fix for this issue is included in Microsoft Office 2003 Service Pack 1.

Restart Requirement

No restart is required.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove the application, and then install it again from the original CD-ROM.

Automated Client Installation Information

Office Update Web Site

Microsoft recommends that you install the Microsoft Office 2003 Service Pack 1 update by using the Office Update Web site. The Office Update Web site detects your particular installation and prompts you to install exactly what you must have to make sure that your installation is completely up-to-date.

To have the Office Update Web site detect the required updates that you must install on your computer, visit the Office Update Web site, and then click Check for Updates. After detection is complete, you will receive a list of recommended updates for your approval. Click Start Installation to complete the process.

Manual Client Installation Information

For detailed information about how to manually install this update please review the following section.

Installation Information

The security update supports the following Setup switches:

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/Q:U Specifies user-quiet mode, which presents some dialog boxes to the user.

/Q:A Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

/R:N Never restarts the computer after installation.

/R:I Prompts the user to restart the computer if a restart is required, except when used with /Q:A.

/R:A Always restarts the computer after installation.

/R:S Restarts the computer after installation without prompting the user.

/N:V No version checking - Install the program over any previous version.

Note These switches do not necessarily work with all updates. If a switch is not available, then that functionality is necessary for the correct installation of the update. Also, the use of the /N:V switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it failed to install.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Client Deployment Information

  1. Download the client version of this security update.
  2. Click Save this program to disk, and then click OK.
  3. Click Save.
  4. Using Windows Explorer, find the folder that contains the saved file, and then double-click the saved file.
  5. If you are prompted to install the update, click Yes.
  6. Click Yes to accept the License Agreement.
  7. Insert your original source CD-ROM when you are prompted to do so, and then click OK.
  8. When you receive a message that indicates the installation was successful, click OK.

Note If the security update is already installed on your computer, you receive the following error message: This update has already been applied or is included in an update that has already been applied.

Client Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Office 2003:

Date Time Version Size Filename
--------------------------------------------------------
28-Feb-2004 19:16 6.0.3264.0 1,773,568 gdiplus.dll

Verifying Update Installation

  • Microsoft Baseline Security Analyzer

    To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

Administrative Installation Information

If you installed your application from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.

Installation Information

The following setup switches are relevant to administrative installations as they allow an administrator to customize the manner in which the files are extracted from within the security update:

/? Displays the command line options

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Administrative Deployment Information

To update your administrative installation please perform the following procedure:

  1. Download the administrative version of this security update.

  2. Click Save this program to disk, and then click OK.

  3. Click Save.

  4. Using Windows Explorer, find the folder that contains the saved file, and then double-click the saved file.

  5. If you are prompted to install the update, click Yes.

  6. Click Yes to accept the License Agreement.

  7. In the Type the location where you want to place the extracted files box, type c:\adminUpdate, and then click OK.

  8. Click Yes when you are prompted to create the folder.

  9. If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box

    msiexec /a Admin Path\MSI File /p C:\adminUpdate\MSP File SHORTFILENAMES=TRUE

    Where Admin Path is the path of your administrative installation point for your application (for example, C:\Office2003), MSI File is the .msi database package for the application (for example, Data1.msi), and MSP File is the name of the administrative update (for example, SHAREDff.msp).

    Note You can append /qb+ to the command line so that the Administrative Installation dialog box and the End User License Agreement dialog box do not appear.

  10. Click Next in the provided dialog box. Do not change your CD Key, installation location, or company name in the provided dialog box.

  11. Click I accept the terms in the License Agreement, and then click Install.

At this point, your administrative installation point is updated. Next, you must update the workstations that were originally installed from this administrative installation. To do this, please review the Workstation Deployment section. Any new installations that you run from this administrative installation point will include the update.

Warning Any workstation that was originally installed from this administrative installation before you installed the update cannot use this administrative installation for actions like repairing Office or adding new features until you complete the steps in the Workstation Deployment section for this workstation.

Workstation Deployment Information

To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box:

msiexec /i Admin Path\MSI File /qb REINSTALL=Feature List REINSTALLMODE=vomu /qb

where Admin Path is the path of your administrative installation point for your application (for example, C:\Office2003), MSI File is the MSI database package for the application (for example, Data1.msi), and Feature List is the list of feature names (case sensitive) that have to be reinstalled for the update. To install all features, you can use REINSTALL=ALL.

Note Additional instructions are provided in Microsoft Knowledge Base Article 838905. The Windows Installer Documentation also provides additional information about the parameters supported by the Windows Installer.

Administrative Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Office 2003:

Date Time Version Size Filename
--------------------------------------------------------
28-Feb-2004 19:16 6.0.3264.0 1,773,568 gdiplus.dll

Verifying Update Installation

  • Microsoft Baseline Security Analyzer

    To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

Project 2003 (all versions except Project 2003 Service Pack 1)

Prerequisites and Additional Update Details

Important: Before you install this update, make sure that the following requirements have been met:

Note The administrative version of this update includes the necessary files to support installation on localized versions of the affected product, although the security update installation user interface will be in English.

Inclusion in Future Service Packs:

The fix for this issue is included in Microsoft Project 2003 Service Pack 1.

Restart Requirement

No restart is required.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove the application, and then install it again from the original CD-ROM.

Automated Client Installation Information

Office Update Web Site

Microsoft recommends that you install the Microsoft Project 2003 Service Pack 1 update by using the Office Update Web site. The Office Update Web site detects your particular installation and prompts you to install exactly what you must have to make sure that your installation is completely up-to-date.

To have the Office Update Web site detect the required updates that you must install on your computer, visit the Office Update Web site, and then click Check for Updates. After detection is complete, you will receive a list of recommended updates for your approval. Click Start Installation to complete the process.

Manual Client Installation Information

For detailed information about how to manually install this update please review the following section.

Installation Information

The security update supports the following Setup switches:

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/Q:U Specifies user-quiet mode, which presents some dialog boxes to the user.

/Q:A Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

/R:N Never restarts the computer after installation.

/R:I Prompts the user to restart the computer if a restart is required, except when used with /Q:A.

/R:A Always restarts the computer after installation.

/R:S Restarts the computer after installation without prompting the user.

/N:V No version checking - Install the program over any previous version.

Note These switches do not necessarily work with all updates. If a switch is not available, then that functionality is necessary for the correct installation of the update. Also, the use of the /N:V switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it failed to install.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Client Deployment Information

  1. Download the update.
  2. Click Save this program to disk, and then click OK.
  3. Click Save.
  4. Using Windows Explorer, find the folder that contains the saved file, and then double-click the saved file.
  5. If you are prompted to install the update, click Yes.
  6. Click Yes to accept the License Agreement.
  7. Insert your original source CD-ROM when you are prompted to do so, and then click OK.
  8. When you receive a message that indicates the installation was successful, click OK.

Note If the security update is already installed on your computer, you receive the following error message: This update has already been applied or is included in an update that has already been applied.

Client Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table.

Project 2003:

Date Time Version Size Filename
--------------------------------------------------------
28-Feb-2004 19:16 6.0.3264.0 1,773,568 gdiplus.dll

Verifying Update Installation

  • Microsoft Baseline Security Analyzer

    To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

Administrative Installation Information

If you installed your application from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.

Installation Information

The following setup switches are relevant to administrative installations as they allow an administrator to customize the manner in which the files are extracted from within the security update:

/? Displays the command line options

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Administrative Deployment Information

To update your administrative installation please perform the following procedure:

  1. In Windows Explorer, create a new folder on the C drive, and then name it KB838344.

  2. Download the update.

  3. Click Save this program to disk to save the Project2003-kb838344-fullfile-enu.exe file to the C:\KB838344 folder.

  4. Click Start, click Run, type cmd in the Open box, and then click OK. (When using Windows 98, Windows 98 SE, or Windows Millennium Edition replace cmd with command.com.)

  5. At the command prompt, type the following lines, and then press ENTER after each line:

    cd\kb838344

    Project2003-kb838344-FullFile-ENU.exe /c /t:c:\kb838344

  6. Click Yes to accept the License Agreement.

  7. At the command prompt, type the following line, and then press ENTER:

    exit

  8. If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box

    msiexec /a Admin Path\MSI File /p C:\kb838344\MSP File SHORTFILENAMES=TRUE

    Where Admin Path is the path of your administrative installation point for your application (for example, C:\Project), MSI File is the .msi database package for the application (for example, Prjproe.msi), and MSP File is the name of the administrative update (for example, MSO.MSP).

    Note You can append /qb+ to the command line so that the Administrative Installation dialog box and the End User License Agreement dialog box do not appear.

  9. Click Next in the provided dialog box. Do not change your CD Key, installation location, or company name in the provided dialog box.

  10. Click I accept the terms in the License Agreement, and then click Install.

At this point, your administrative installation point is updated. Next, you must update the workstations that were originally installed from this administrative installation. To do this, please review the Workstation Deployment section. Any new installations that you run from this administrative installation point will include the update.

WARNING: Any workstation that was originally installed from this administrative installation before you installed the update cannot use this administrative installation for actions like repairing Office or adding new features until you complete the steps in the Workstation Deployment section for this workstation.

Workstation Deployment Information

To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box:

msiexec /i Admin Path\MSI File /qb REINSTALL=Feature List REINSTALLMODE=vomu

where Admin Path is the path of your administrative installation point for your application (for example, C:\Project), MSI File is the MSI database package for the application (for example, Prjproe.msi), and Feature List is the list of feature names (case sensitive) that have to be reinstalled for the update. To install all features, you can use REINSTALL=ALL.

Note Additional instructions are provided in Microsoft Knowledge Base Article 838344. The Windows Installer Documentation also provides additional information about the parameters supported by the Windows Installer.

Administrative Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table.

Project 2003:

Date Time Version Size Filename
--------------------------------------------------------
28-Feb-2004 19:16 6.0.3264.0 1,773,568 gdiplus.dll

Verifying Update Installation

  • Microsoft Baseline Security Analyzer

    To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

Visio 2003 (all versions except Visio 2003 Service Pack 1)

Prerequisites and Additional Update Details

Important: Before you install this update, make sure that the following requirements have been met:

Note The administrative version of this update includes the necessary files to support installation on localized versions of the affected product, although the security update installation user interface will be in English.

Inclusion in Future Service Packs:

The fix for this issue will is included in Microsoft Visio 2003 Service Pack 1.

Restart Requirement

No restart is required.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove the application, and then install it again from the original CD-ROM.

Automated Client Installation Information

Office Update Web Site

Microsoft recommends that you install the Microsoft Visio 2003 Service Pack 1 update by using the Office Update Web site. The Office Update Web site detects your particular installation and prompts you to install exactly what you must have to make sure that your installation is completely up-to-date.

To have the Office Update Web site detect the required updates that you must install on your computer, visit the Office Update Web site, and then click Check for Updates. After detection is complete, you will receive a list of recommended updates for your approval. Click Start Installation to complete the process.

Manual Client Installation Information

For detailed information about how to manually install this update please review the following section.

Installation Information

The security update supports the following Setup switches:

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/Q:U Specifies user-quiet mode, which presents some dialog boxes to the user.

/Q:A Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

/R:N Never restarts the computer after installation.

/R:I Prompts the user to restart the computer if a restart is required, except when used with /Q:A.

/R:A Always restarts the computer after installation.

/R:S Restarts the computer after installation without prompting the user.

/N:V No version checking - Install the program over any previous version.

Note These switches do not necessarily work with all updates. If a switch is not available, then that functionality is necessary for the correct installation of the update. Also, the use of the /N:V switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it failed to install.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Client Deployment Information

  1. Download the update.
  2. Click Save this program to disk, and then click OK.
  3. Click Save.
  4. Using Windows Explorer, find the folder that contains the saved file, and then double-click the saved file.
  5. If you are prompted to install the update, click Yes.
  6. Click Yes to accept the License Agreement.
  7. Insert your original source CD-ROM when you are prompted to do so, and then click OK.
  8. When you receive a message that indicates the installation was successful, click OK.

Note If the security update is already installed on your computer, you receive the following error message: This update has already been applied or is included in an update that has already been applied.

Client Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Visio 2003:

Date Time Version Size Filename
--------------------------------------------------------
28-Feb-2004 19:16 6.0.3264.0 1,773,568 gdiplus.dll

Verifying Update Installation

  • Microsoft Baseline Security Analyzer

    To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

Administrative Installation Information

If you installed your application from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.

Installation Information

The following setup switches are relevant to administrative installations as they allow an administrator to customize the manner in which the files are extracted from within the security update:

/? Displays the command line options

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Administrative Deployment Information

To update your administrative installation please perform the following procedure:

  1. In Windows Explorer, create a new folder on the C drive, and then name it KB838345.

  2. Download the update2

  3. Click Save this program to disk to save the Visio2003-KB838345-FullFile-ENU.exe file to the C:\KB838345 folder.

  4. Click Start, click Run, type cmd in the Open box, and then click OK. (When using Windows 98, Windows 98 SE, or Windows Millennium Edition replace cmd with command.com.)

  5. At the command prompt, type the following lines, and then press ENTER after each line:

    cd\kb838345

    Visio2003-KB838345-FullFile-ENU.exe /c /t:c:\kb838345

  6. Click Yes to accept the License Agreement.

  7. At the command prompt, type the following line, and then press ENTER:

    exit

  8. If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box

    msiexec /a Admin Path\MSI File /p C:\kb838345\Visio2003-KB838345-FullFile.MSP SHORTFILENAMES=TRUE

    Where Admin Path is the path of your administrative installation point for your application (for example, C:\Visio), MSI File is the .msi database package for the application (for example, Visio.msi), and MSP File is the name of the administrative update (for example, Visio2003-KB838345-FullFile.MSP).

    Note You can append /qb+ to the command line so that the Administrative Installation dialog box and the End User License Agreement dialog box do not appear.

  9. Click Next in the provided dialog box. Do not change your CD Key, installation location, or company name in the provided dialog box.

  10. Click I accept the terms in the License Agreement, and then click Install.

At this point, your administrative installation point is updated. Next, you must update the workstations that were originally installed from this administrative installation. To do this, please review the Workstation Deployment section. Any new installations that you run from this administrative installation point will include the update.

Warning Any workstation that was originally installed from this administrative installation before you installed the update cannot use this administrative installation for actions like repairing Office or adding new features until you complete the steps in the Workstation Deployment section for this workstation.

Workstation Deployment Information

To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box:

msiexec /i Admin Path\MSI File /qb REINSTALL=Feature List REINSTALLMODE=vomu

where Admin Path is the path of your administrative installation point for your application (for example, C:\Visio), MSI File is the MSI database package for the application (for example, Visio.msi), and Feature List is the list of feature names (case sensitive) that have to be reinstalled for the update. To install all features, you can use REINSTALL=ALL.

Note Additional instructions are provided in Microsoft Knowledge Base Article 838345. The Windows Installer Documentation also provides additional information about the parameters supported by the Windows Installer.

Administrative Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Visio 2003:

Date Time Version Size Filename
--------------------------------------------------------
28-Feb-2004 19:16 6.0.3264.0 1,773,568 gdiplus.dll

Verifying Update Installation

  • Microsoft Baseline Security Analyzer

    To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

Visual Studio .NET 2002 (Including Visual Basic .NET Standard 2002, Visual C# .NET Standard 2002, Visual C++ .NET Standard 2002)

Prerequisites This security update requires the release version of the products listed earlier.

Note When these programs are installed on Windows XP or Windows Server 2003, they use the operating system version of the vulnerable component. If you use these programs on Windows XP, Windows XP Service Pack 1 or Windows Server 2003, make sure that you install the operating system version of the security update. If you use these programs on other operating systems, make sure that you install the update for this program.

However, if you use these programs to create applications that distribute a version of the Gdiplus.dll file, you have to install this security update even if you use Windows XP or Windows Server 2003. When this update is installed on these operating systems, only the Gdiplus.msm file is installed. This file is used to create applications that distribute a copy of the Gdiplus.dll file. An application developer can use the updated Gdiplus.msm file to rebuild their application to use the updated version of the Gdiplus.dll file.

Inclusion in Future Service Packs: The update for this issue will be included in the Visual Studio .NET 2002 Service Pack 1.

Installation Information

This security update supports the following setup switches:

/? Show this information

/I Install (default action)

/u Uninstall (if installed)

/q Quiet mode

/l:logfile Generate log file

/ld Log package details

/lp Log affected products

/lf Log included files

/xp[:path] Extract MSP

Deployment Information

To install the security update without any user intervention, use the following command at a command prompt:

VS7.0-KB830348-X86.exe /q

Restart Requirement

This security update does not require a restart.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed you must remove the application, and then install it again.

File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Visual Studio .NET 2002:

Date Time Version Size Filename
-------------------------------------------------------------------
20-Feb-2004 01-32 866,816 gdiplus.msm
15-Mar-2004 21:14 5.1.3102.1355 1,638,400 gdiplus.dll

Verifying Update Installation

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

  • Registry Key Verification

    You may also be able to verify the files that this security update has installed by reviewing the following registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6639C3A4-741F-47A1-97BB-F3BD1CEFB313}

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Visual Studio\7.0\M8303481025

Visual Studio .NET 2003 (Including Visual Basic .NET Standard 2003, Visual C# .NET Standard 2003, Visual C++ .NET Standard 2003, Visual J# .NET Standard 2003)

Prerequisites This security update requires the release version of the products listed earlier.

Inclusion in Future Service Packs: The update for this issue will be included in the Visual Studio .NET 2003 Service Pack 1.

Note When these programs are installed on Windows XP or Windows Server 2003, they use the operating system version of the vulnerable component. If you use these programs on Windows XP, Windows XP Service Pack 1 or Windows Server 2003, make sure that you install the operating system version of the security update. If you use these programs on other operating systems, make sure that you install the update for this program.

However, if you use these programs to create applications that distribute a version of the Gdiplus.dll file, you have to install this security update even if you use Windows XP or Windows Server 2003. When this update is installed on these operating systems, only the Gdiplus.msm file is installed. This file is used to create applications that distribute a copy of the Gdiplus.dll file. An application developer can use the updated Gdiplus.msm file to rebuild their application to use the updated version of the Gdiplus.dll file.

Installation Information

This security update supports the following setup switches:

/? Show this information

/I Install (default action)

/u Uninstall (if installed)

/q Quiet mode

/l:logfile Generate log file

/ld Log package details

/lp Log affected products

/lf Log included files

/xp[:path] Extract MSP

Deployment Information

To install the security update without any user intervention, use the following command at a command prompt:

VS7.1-KB830348-X86.exe /q

Restart Requirement

This security update does not require a restart.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed you must remove the application, and then install it again.

File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Visual Studio .NET 2003:

Date Time Version Size Filename
-------------------------------------------------------------------
19-Mar-2004 17:19 866,816 gdiplus.msm
27-Feb-2004 05:33 5.1.3102.1355 1,638,400 gdiplus.dll

Verifying Update Installation

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

  • Registry Key Verification

    You may also be able to verify the files that this security update has installed by reviewing the following registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BBDEF0B4-0C24-4812-80C6-9207B26285E8}

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Visual Studio\7.1\M8303481037

The Microsoft .NET Framework version 1.0 Service Pack 2 (Including the Microsoft .NET Framework version 1.0 SDK Service Pack 2)

The Microsoft .NET Framework version 1.0 Service Pack 3

Prerequisites This security update requires a released version of the Microsoft .NET Framework or the Microsoft .NET Framework version 1.0 SDK.

This update is required on the following versions of Windows:

  • Microsoft Windows 98
  • Microsoft Windows 98 Second Edition
  • Microsoft Windows Millennium Edition
  • Microsoft Windows NT Server 4.0 Service Pack 6a
  • Microsoft Windows NT Server 4.0 Terminal Server Edition, Service Pack 6
  • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

Note This update is not required if you are using these programs on Windows XP or Windows Sever 2003. When these programs are installed on Windows XP or Windows Server 2003 they use the operating system version of the vulnerable component. If you are using these programs on Windows XP or Windows Server 2003 make sure that you install the operating system version of the security update. If you are using these programs on other operating systems make sure that you install the update for this program.

Inclusion in Future Service Packs: The update for this issue is included in The Microsoft .NET Framework version 1.0 Service Pack 3.

Installation Information

This security update supports the following setup switches:

/? Show this information

/I Install (default action)

/u Uninstall (if installed)

/q Quiet mode

/l:logfile Generate log file

/ld Log package details

/lp Log affected products

/lf Log included files

/xp[:path] Extract MSP

Deployment Information

To install the security update without any user intervention, use the following command at a command prompt:

NDP1.0sp3-KB867461-X86-Enu.exe

For more information about how to deploy this security update with Software Update Services, visit the Software Update Services Web site.

Restart Requirement

This security update does not require a restart.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove the application, and then install it again.

File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

The Microsoft .NET Framework version 1.0 Service Pack 2 and the Microsoft .NET Framework version 1.0 SDK Service Pack 2:

Date Time Version Size File name
-------------------------------------------------------------
Updated installed file for verification:
04-May-2004 11:53 5.1.3102.1360 1,645,320 gdiplus.dll

Verifying Update Installation

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

  • Registry Key Verification

    You may also be able to verify the files that this security update has installed by reviewing the following registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\.NETFramework\1.0\S867461

The Microsoft .NET Framework version 1.0 Service Pack 2 standalone security update

Prerequisites This security update requires the Microsoft .NET Framework version 1.0 Service Pack 2 or the Microsoft .NET Framework 1.0 SDK Service Pack 2. This security update will not install and is not required on systems that already have installed The Microsoft .NET Framework version 1.0 Service Pack 3.

This update is required on the following versions of Windows:

  • Microsoft Windows 98
  • Microsoft Windows 98 Second Edition
  • Microsoft Windows Millennium Edition
  • Microsoft Windows NT Server 4.0 Service Pack 6a
  • Microsoft Windows NT Server 4.0 Terminal Server Edition, Service Pack 6
  • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

Note This update is not required if you are using these programs on Windows XP or Windows Sever 2003. When these programs are installed on Windows XP or Windows Server 2003 they use the operating system version of the vulnerable component. If you are using these programs on Windows XP or Windows Server 2003 make sure that you install the operating system version of the security update. If you are using these programs on other operating systems make sure that you install the update for this program. Also, this security update is not necessary if you have already installed the Microsoft .NET Framework version 1.0 Service Pack 3.

Inclusion in Future Service Packs: The update for this issue is included in The Microsoft .NET Framework version 1.0 Service Pack 3.

Installation Information

This security update supports the following setup switches:

/? Show this information

/I Install (default action)

/q Quiet mode

/l:logfile Generate log file

/ld Log package details

/lp Log affected products

/lf Log included files

/xp[:path] Extract MSP

Deployment Information

To install the security update without any user intervention, use the following command at a command prompt:

NDP1.0sp2-KB830348-X86-Enu.exe /q

Restart Requirement

This security update does not require a restart.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove the application, and then install it again.

File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

The Microsoft .NET Framework version 1.0 Service Pack 2 and the Microsoft .NET Framework version 1.0 SDK Service Pack 2:

Date Time Version Size File name
------------------------------------------------------------
04-May-2004 18:53 5.1.3102.1360 1,645,320 gdiplus.dll

Verifying Update Installation

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

  • Registry Key Verification

    You may also be able to verify the files that this security update has installed by reviewing the following registry keys. The registry key is different for each language:

    ENU: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{752FCCBC-8F52-415A-95DE-A4209712935E}

    • ESN: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6F9E6C5C-1B99-470A-9B31-8040DD9465B2}
    • ITA: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{941D3326-4694-4509-AA11-89FDC9A5FD2A}
    • CHS: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48C0C360-F79D-4CC6-BE45-F6B9FC96765E}
    • CHT: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B79B6035-CD85-4FA7-B3F0-A60D178FFD09}
    • DEU: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{088368DE-42AB-4CFC-B096-484CF2886084}
    • FRA: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8E8C1A84-DB41-444C-BA4B-B45B73EED4DB}
    • JPN: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{147CFA12-C64E-41A8-93F6-AC3DE076C9BC}
    • KOR: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1FC6CE15-DE07-4C91-AFF8-D8249D46684A}

The Microsoft .NET Framework version 1.1

The .Microsoft NET Framework version 1.1 Service Pack 1

Prerequisites This security update requires the released version of The Microsoft .NET Framework version 1.1.

This update is required on the following versions of Windows:

  • Microsoft Windows 98
  • Microsoft Windows 98 Second Edition
  • Microsoft Windows Millennium Edition
  • Microsoft Windows NT Server 4.0 Service Pack 6a
  • Microsoft Windows NT Server 4.0 Terminal Server Edition, Service Pack 6
  • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

Note This update is not required if you are using this program on Windows XP or Windows Sever 2003. When this program is installed on Windows XP or Windows Server 2003 it uses the operating system version of the vulnerable component. If you are using this program on Windows XP, Windows XP Service Pack 1, or Windows Server 2003 make sure that you install the operating system version of the security update. If you are using this program on other operating systems make sure that you install the update for this program.

Inclusion in Future Service Packs: The update for this issue is included in The .Microsoft NET Framework version 1.1 Service Pack 1.

Installation Information

This security update supports the following setup switches:

/? Show this information

/I Install (default action)

/u Uninstall (if installed)

/q Quiet mode

/l:logfile Generate log file

/ld Log package details

/lp Log affected products

/lf Log included files

/xp[:path] Extract MSP

Deployment Information

To install the security update without any user intervention, use the following command at a command prompt:

NDP1.1sp1-KB867460-X86.exe /q

For more information about how to deploy this security update with Software Update Services, visit the Software Update Services Web site.

Restart Requirement

This security update does not require a restart.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove the application, and then install it again.

File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

The Microsoft .NET Framework version 1.1

Date Time Version Size File name
------------------------------------------------------------
12-Oct-2004 15:57 5.1.3102.1360 1,645,320 gdiplus.dll

Verifying Update Installation

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

  • Registry Key Verification

    You may also be able to verify the files that this security update has installed by reviewing the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\.NETFramework\1.1\S867460

The Microsoft .NET Framework version 1.1 standalone security update

Prerequisites This security update requires the released version of The Microsoft .NET Framework version 1.1. This security update will not install and is not required on systems that already have installed the Microsoft .NET Framework version 1.1 Service Pack 1.

This update is required on the following versions of Windows:

  • Microsoft Windows 98
  • Microsoft Windows 98 Second Edition
  • Microsoft Windows Millennium Edition
  • Microsoft Windows NT Server 4.0 Service Pack 6a
  • Microsoft Windows NT Server 4.0 Terminal Server Edition, Service Pack 6
  • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

Note This update is not required if you are using this program on Windows XP or Windows Sever 2003. When this program is installed on Windows XP or Windows Server 2003 it uses the operating system version of the vulnerable component. If you are using this program on Windows XP, Windows XP Service Pack 1, or Windows Server 2003 make sure that you install the operating system version of the security update. If you are using this program on other operating systems make sure that you install the update for this program. Also, this security update is not necessary if you have already installed the Microsoft .NET Framework version 1.1 Service Pack 1.

Inclusion in Future Service Packs: The update for this issue is included in the .Microsoft NET Framework version 1.1 Service Pack 1.

Installation Information

This security update supports the following setup switches:

/? Show this information

/I Install (default action)

/q Quiet mode

/l:logfile Generate log file

/ld Log package details

/lp Log affected products

/lf Log included files

/xp[:path] Extract MSP

Deployment Information

To install the security update without any user intervention, use the following command at a command prompt:

NDP1.1-KB830348-X86.exe /q

Restart Requirement

This security update does not require a restart.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove the application, and then install it again.

File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

The Microsoft .NET Framework version 1.1

Date Time Version Size File name
-------------------------------------------------------------
Updated installed file for verification:
04-May-2004 11:53 5.1.3102.1360 1,645,320 gdiplus.dll

Verifying Update Installation

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

  • Registry Key Verification

    You may also be able to verify the files that this security update has installed by reviewing the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{738B5D5A-253B-4F2D-BA88-E81508DE71E3}

Picture It! (version 2002, version 7.0, and version 9), Microsoft Greetings 2002, Digital Image Pro (version 2002, version 7.0, and version 9), Digital Image Suite (version 2002, version 7.0, and version 9).

Prerequisites

Important: Before you install this updates, make sure that the following requirements have been met:

  • One of the following products must be installed:

    • Greetings 2002
    • Picture It! Express 2002
    • Picture It! Photo 2002
    • Picture It! Photo Premium 2002
    • Picture It! Publishing 2002
    • Picture It! Publishing Platinum 2002
    • Picture It! Express version 7.0
    • Picture It! Photo version 7.0
    • Picture It! Photo Premium version 7.0
    • Picture It! Digital Image Pro version 7.0
    • Picture It! Photo Premium version 9
    • Picture It! Express version 9
    • Picture It! Library
    • Digital Image Pro version 9
    • Digital Image Suite version 9
    • Digital Image Library

    MSN Users Note MSN 9 distributes Picture It! Express version 9 and Picture It! Library. You have the option to install these programs when you install MSN 9. You should install the Picture It! version 9 update only if you installed Picture It! Express version 9 or Picture It! Library when you installed MSN 9.

  • Microsoft Windows Installer version 1.1 or later must be installed. Microsoft Windows 2000 and later include an appropriate version of the installer. The latest version of Windows Installer is available as a separate download at the following links:

    Windows Installer 2.0 for Windows 95, Windows 98, and Windows Millennium Edition

    Windows Installer 2.0 for Windows 2000 and Windows NT 4.0

This update is required on the following versions of Windows:

  • Microsoft Windows 98
  • Microsoft Windows 98 Second Edition
  • Microsoft Windows Millennium Edition
  • Microsoft Windows NT Server 4.0 Service Pack 6a
  • Microsoft Windows NT Server 4.0 Terminal Server Edition, Service Pack 6
  • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

Note This update is not required if you are using these programs on Windows XP or Windows Sever 2003. When these programs are installed on Windows XP or Windows Server 2003 they use the operating system version of the vulnerable component. If you are using these programs on Windows XP, Windows XP Service Pack 1, or Windows Server 2003 make sure that you install the operating system version of the security update. If you are using these programs on an operating listed above make sure that you install the update for these programs.

Installation Information

The security update supports the following Setup switches:

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/Q:U Specifies user-quiet mode, which presents some dialog boxes to the user.

/Q:A Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

/R:N Never restarts the computer after installation.

/R:I Prompts the user to restart the computer if a restart is required, except when used with /Q:A.

/R:A Always restarts the computer after installation.

/R:S Restarts the computer after installation without prompting the user.

/N:V No version checking - Install the program over any previous version.

Note These switches do not necessarily work with all updates. If a switch is not available, then that functionality is necessary for the correct installation of the update. Also, the use of the /N:V switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it failed to install.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Deployment Information

For example, to install the update, use the following command at a command prompt.

Users of version 2002 products use:

gdiplus_6.exe

Users of version 7.0 products use:

gdiplus_7.exe

Users of version 9 products use:

gdiplus_9.exe

Restart Requirement

No restart is required.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove the application, and then install it again from the original CD-ROM.

File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Greetings 2002, Picture It! Express 2002, Picture It! Photo 2002, Picture It! Photo Premium 2002, Picture It! Publishing 2002, and Picture It! Publishing Platinum 2002

Date Time Version Size File name
------------------------------------------------------------
18-Aug-2001 05:43 6.0.2600.0 91,136 Advpack.dll
27-Feb-2004 04:33 5.1.3102.1355 1,638,400 Gdiplus.dll
06-Jun-2000 23:43 4.71.704.0 2,272 W95inf16.dll
06-Jun-2000 23:43 4.71.16.0 4,608 W95inf32.dll

Picture It! Express version 7.0, Picture It! Photo version 7.0, Picture It! Photo Premium version 7.0, and Picture It! Digital Image Pro version 7.0

Date Time Version Size File name
------------------------------------------------------------
18-Aug-2001 05:43 6.0.2600.0 91,136 Advpack.dll
27-Feb-2004 04:33 5.1.3102.1355 1,638,400 Gdiplus.dll
06-Jun-2000 23:43 4.71.704.0 2,272 W95inf16.dll
06-Jun-2000 23:43 4.71.16.0 4,608 W95inf32.dll

Picture It! Photo Premium version 9, Picture It! Express version 9, Picture It! Library, Digital Image Pro version 9, Digital Image Suite version 9, and Digital Image Library

Date Time Version Size File name
-------------------------------------------------------
18-Aug-2001 05:43 6.0.2600.0 91,136 Advpack.dll
27-Feb-2004 04:33 5.1.3102.1355 1,638,400 Gdiplus.dll
06-Jun-2000 23:43 4.71.704.0 2,272 W95inf16.dll
06-Jun-2000 23:43 4.71.16.0 4,608 W95inf32.dll

Verifying Update Installation

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

Microsoft Producer for Microsoft Office PowerPoint (all versions)

Prerequisites

Important: Before you install this updates, make sure that the following requirements have been met:

  • One of the following products must be installed:
    • Microsoft Producer for Microsoft Office PowerPoint 2002 (Producer 1.1)
    • Microsoft Producer for Microsoft Office PowerPoint 2003

This update is required on the following versions of Windows:

  • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

Note This update is not required if you are using these programs on Windows XP. When these programs are installed on Windows XP or Windows XP Service Pack 1 they use the operating system version of the vulnerable component. If you are using these programs on Windows XP or Windows XP Service Pack 1 make sure that you install the operating system security update. If you are using these programs on Windows 2000 make sure that you install the update for these programs. These programs are not supported on Windows Server 2003. However, if they were installed on Windows Server 2003, they would also use the operating system version of the vulnerable component. If you are using these programs on Windows Server 2003 make sure that you install the Windows Server 2003 security update.

Installation Information

The security update supports the following setup switches:

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/Q:U Specifies user-quiet mode, which presents some dialog boxes to the user.

/Q:A Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

/R:N Never restarts the computer after installation.

/R:I Prompts the user to restart the computer if a restart is required, except when used with /Q:A.

/R:A Always restarts the computer after installation.

/R:S Restarts the computer after installation without prompting the user.

/N:V No version checking - Install the program over any previous version.

Note These switches do not necessarily work with all updates. If a switch is not available, then that functionality is necessary for the correct installation of the update. Also, the use of the /N:V switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it failed to install.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Deployment Information

For example, to install the update, use the following command at a command prompt:

Setup.exe

Restart Requirement

In some cases, this update does not require a restart. The installer stops the needed services, applies the update, and then restarts the services. However, if the needed services cannot be stopped for any reason or if required files are in use, this update will require a restart. If this occurs, a message is displayed that advises you to restart.

Removal Information

To remove this update, use the Add or Remove Programs tool in Control Panel.

File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Microsoft Producer for Microsoft Office PowerPoint 2002 (Producer 1.1) and Microsoft Producer for Microsoft Office PowerPoint 2003:

Package Contents:
Date Time Version Size File name
-------------------------------------------------------------
25-Apr-2003 17:26 12.0.2600.1 1,707,856 Instmsia.exe
25-Apr-2003 17:26 12.0.2600.0 1,821,008 Instmsiw.exe
19-May-2004 21:53 49,754,624 Prod2.msi
25-Jun-2003 21:01 1.0.0.1 77,824 Setup.exe
Updated installed file for verification:
02-Mar-2004 21:19 5.1.3102.1360 1,638,400 Gdiplus.dll

Note Because of the size of the update, not all files have been listed.

Verifying Update Installation

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

Platform SDK Redistributable: GDI+

Prerequisites

Important: Before you install this updates, make sure that the following requirement has been met:

  • This update is only required if you are using the Platform SDK and are redistributing Gdiplus.dll in your custom application.

Installation Information

The security update supports the following setup switches:

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/Q:U Specifies user-quiet mode, which presents some dialog boxes to the user.

/Q:A Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

/R:N Never restarts the computer after installation.

/R:I Prompts the user to restart the computer if a restart is required, except when used with /Q:A.

/R:A Always restarts the computer after installation.

/R:S Restarts the computer after installation without prompting the user.

/N:V No version checking - Install the program over any previous version.

Note These switches do not necessarily work with all updates. If a switch is not available, then that functionality is necessary for the correct installation of the update. Also, the use of the /N:V switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it failed to install.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Deployment Information

For example, to install the update, use the following command at a command prompt:

gdiplus_dnld.exe

Restart Requirement

This update does not require a restart.

Removal Information

To remove this update, delete the installed files.

File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Platform SDK Redistributable: GDI+

Date Time Version Size File name
--------------------------------------------------------
04-May-2004 18:53 5.1.3102.1360 1,645,320 Gdiplus.dll

Verifying Update Installation

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

Internet Explorer 6 Service Pack 1 for Windows 2000 SP3, Windows 2000 SP4, Windows NT 4.0 SP6a, Windows Millennium Edition, Windows 98, and Windows 98 Second Edition

Prerequisites

Microsoft has tested the versions of Windows and the versions of Internet Explorer that are listed in this bulletin to assess if they are affected by this vulnerability and to confirm that the update that this bulletin describes addresses these vulnerabilities.

To install the Internet Explorer 6 Service Pack 1 (SP1) version of this update, you must be running one of the following versions of Windows:

  • Microsoft Windows 98
  • Microsoft Windows 98 Second Edition (SE)
  • Microsoft Windows Millennium Edition
  • Microsoft Windows NT Server 4.0 Service Pack 6a
  • Microsoft Windows NT Server 4.0 Terminal Server Edition, Service Pack 6
  • Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

Note Versions of Windows and versions of Internet Explorer that are not listed in this article are no longer supported or not affected. Microsoft recommends that you upgrade to a supported version of Windows and of Internet Explorer, and then apply the appropriate update.

Note This update is not required if you are using this program on Windows XP or Windows Sever 2003. When this program is installed on Windows XP, Windows XP Service Pack 1, or Windows Server 2003, it uses the operating system version of the vulnerable component. If you use this program on Windows XP, Windows XP Service Pack 1, or Windows Server 2003, make sure that you install the operating system version of the security update. If you use this program on other operating systems, make sure that you install the update for this program. Windows XP Service Pack 2 includes Internet Explorer 6 Service Pack 2 and is not vulnerable to this issue.

For more information about support lifecycles for Windows components, see the following Microsoft Support Lifecycle Web site.

For more information about how to obtain the latest service pack for Internet Explorer 6, see Microsoft Knowledge Base Article 328548.

Installation Information

The security update supports the following setup switches:

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/Q:U Specifies user-quiet mode, which presents some dialog boxes to the user.

/Q:A Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

/R:N Never restarts the computer after installation.

/R:I Prompts the user to restart the computer if a restart is required, except when used with /Q:A.

/R:A Always restarts the computer after installation.

/R:S Restarts the computer after installation without prompting the user.

/N:V No version checking - Install the program over any previous version.

Note These switches do not necessarily work with all updates. If a switch is not available, then that functionality is necessary for the correct installation of the update. Also, the use of the /N:V switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it failed to install.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Deployment Information

For example, to install the update without any user intervention and not force the system to restart, use the following command at a command prompt:

IE6.0sp1-KB833989-x86-ENU.exe /q:a /r:n

For information about how to deploy this security update with Software Update Services, visit the Software Update Services Web site.

Restart Requirements

In some cases, you do not have to restart your system after you apply this update. However, if the required files are in use, you must restart your system after you apply this update. If this behavior occurs, a message is displayed that advises you to restart your system. You do not have to use an administrator logon after the system restarts for any version of this update.

Removal Information

To remove this update, use the Add or Remove Programs tool in Control Panel. Click Microsoft VGX 833989, and then click Change/Remove (or click Add/Remove).

System administrators can use the Ieuninst.exe utility to remove this update. This security update installs the Ieuninst.exe utility in the %Windir% folder. This utility supports the following setup switches:

/?: Show the list of supported switches

/z: Do not restart when the installation is complete

/q: Use Quiet mode (no user interaction)

For example, to remove this update quietly, use the following command:

c:\windows\ieuninst /q c:\windows\inf\q833989.inf

Note This command assumes that Windows is installed in the C:\Windows folder.

File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Date Time Version Size File name
--------------------------------------------------------
11-Mar-2004 01:09 6.0.2800.1411 2,283,008 Vgx.dll

Verifying Update Installation

  • Microsoft Baseline Security Analyzer

    To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

  • Registry Key Verification

    You may also be able to verify the files that this security update has installed by reviewing the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{dc0d5f50-5f0b-46bf-8683-93ac61c67001}

    Note Confirm that the IsInstalled DWORD value with a data value of 1 appears in the registry key.

  • Program Version Verification

    Confirm that Q833989 is listed in the Update Versions field in the About Internet Explorer dialog box

Microsoft Windows Journal Viewer for Windows 2000-based systems

Prerequisites

Important: Before you install this updates, make sure that the following requirements have been met:

  • The Windows Journal Viewer must be installed.
  • Using Microsoft Windows 2000 Service Pack 3 or Microsoft Windows 2000 Service Pack 4

Note This update is not required if you are using this program on Windows XP. When this program is installed on Windows XP or Windows XP Service Pack 1 it uses the operating system version of the vulnerable component. If you are using this programs on Windows XP or Windows XP Service Pack 1 make sure that you install the operating system security update. If you are this program on Windows 2000 make sure that you install the update for this program. This program is not supported on Windows Server 2003. However, if it were installed on Windows Server 2003, it would also use the operating system version of the vulnerable component. If you are using this program on Windows Server 2003 make sure that you install the Windows Server 2003 security update.

Installation Information

The security update supports the following setup switches:

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/Q:U Specifies user-quiet mode, which presents some dialog boxes to the user.

/Q:A Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

/R:N Never restarts the computer after installation.

/R:I Prompts the user to restart the computer if a restart is required, except when used with /Q:A.

/R:A Always restarts the computer after installation.

/R:S Restarts the computer after installation without prompting the user.

/N:V No version checking - Install the program over any previous version.

Note These switches do not necessarily work with all updates. If a switch is not available, then that functionality is necessary for the correct installation of the update. Also, the use of the /N:V switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it failed to install.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Deployment Information

For example, to install the update, use the following command at a command prompt:

JournalViewer1.5_KB886179_ENU.exe

Restart Requirement

This update does not require a restart unless the files that must be updated are in use at the time of installation. If this occurs, a message is displayed that advises you to restart.

Removal Information

This update cannot be uninstalled.

File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Windows Journal Viewer:

Date Time Version Size File name
-------------------------------------------------------------
02-Mar-2004 21:19 5.1.3102.1360 1,638,400 Gdiplus.dll

Verifying Update Installation

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

  • Registry Key Verification

    You may also be able to verify that this security update has installed by verifying the existence of the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{43DCF766-6838-4F9A-8C91-D92DA586DFA7}

Microsoft Visual FoxPro 8.0

Prerequisites This security update requires a released version of Visual FoxPro 8.0.

Note When this program is installed on Windows XP or Windows Server 2003, it uses the operating system version of the vulnerable component. If you use this program on Windows XP, Windows XP Service Pack 1 or Windows Server 2003, make sure that you install the operating system version of the security update. If you use this program on other operating systems, make sure that you install the update for this program.

However, if you use this program to create applications that distribute a version of the Gdiplus.dll file, you have to install this security update even if you use Windows XP or Windows Server 2003. When this update is installed the Vfp_gdiplus.msm file is installed. This file is used to create applications that distribute a copy of the Gdiplus.dll file. An application developer can use the updated Vfp_gdiplus.msm file to rebuild their application to use the updated version of the Gdiplus.dll file.

Inclusion in Future Versions: The update for this issue will be included in Visual FoxPro 9.0.

Installation Information

This security update supports the following setup switches:

/?                      Displays the command line options

/v                     Msi command line parameters

/s /v/qn         Silent installation

/p                      Password mode

/a                      Administrative installation

/j                      Advertise mode

/x                      Uninstall mode

/f                      Repair mode

/ua                    Install Windows 9x MSI Engine

/uw                    Install Windows NT MSI Engine

/b                      Cache installation locally

/w                      Wait

Note For more information about the supported installation switches, see the following Web site.

Deployment Information

To install the security update without any user intervention, use the following command at a command prompt:

VFP8-KB887684-X86.exe /s/v/qn

Note There is no space between the /v and /qn parameters. This formatting is required for a silent installation.

Restart Requirement

This security update does not require a restart.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed you must remove the application, and then install it again. However, Control Panel Add/Remove Programs will indicate that this security update can be removed. Selecting this option will only remove the Control Panel Add/Remove Programs entry and not remove the installed files.

File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Visual FoxPro 8.0:

Date Time Version Size Filename
----------------------------------------------------------
04-May-2004 18:53 5.1.3102.1360 1,645,320 gdiplus.dll

Verifying Update Installation

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

  • Registry Key Verification

    You may also be able to verify the files that this security update has installed by reviewing the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3DD480E3-106D-453B-8623-20F8101E7274}

Microsoft Visual FoxPro 8.0 Runtime Library

Prerequisites This security update requires a released version of Visual FoxPro 8.0. Developers who have distributed custom Visual FoxPro 8.0 runtime applications that include a copy of the vulnerable gdiplus.dll file should evaluate the need to deploy the security update for the Microsoft Visual FoxPro 8.0 Runtime Library. This security update can be distributed by developers to a customer who has a custom Visual FoxPro 8.0 runtime application.

Note When these types of Visual FoxPro 8.0 applications are installed on Windows XP or Windows Server 2003, they will generally use the operating system version of the vulnerable component. If you use these types of programs on Windows XP, Windows XP Service Pack 1 or Windows Server 2003, make sure that you install the operating system version of the security update. If you use these types of programs on other operating systems, make sure that you install this update.

Inclusion in Future Versions: The update for this issue will be included in Visual FoxPro 9.0.

Installation Information

This security update supports the following setup switches:

/?                      Displays the command line options

/v                     Msi command line parameters

/s /v/qn         Silent installation

/p                      Password mode

/a                      Administrative installation

/j                      Advertise mode

/x                      Uninstall mode

/f                      Repair mode

/ua                    Install Windows 9x MSI Engine

/uw                    Install Windows NT MSI Engine

/b                      Cache installation locally

/w                      Wait

Note For more information about the supported installation switches, see the following Web site.

Deployment Information

To install the security update without any user intervention, use the following command at a command prompt:

VFP8-KB887685-X86.exe /s/v/qn

Note There is no space between the /v and /qn parameters. This formatting is required for a silent installation.

Restart Requirement

This security update does not require a restart.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed you must remove the application, and then install it again. However, Control Panel Add/Remove Programs will indicate that this security update can be removed. Selecting this option will only remove the Control Panel Add/Remove Programs entry and not remove the installed files.

File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Visual FoxPro 8.0:

Date Time Version Size Filename
---------------------------------------------------------------
28-Sep-2004 16:44 870,400 vfp_gdiplus.msm
04-May-2004 18:53 5.1.3102.1360 1,645,320 gdiplus.dll

Verifying Update Installation

  • File Version Verification

    Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

    1. Click Start, and then click Search.

    2. In the Search Results pane, click All files and folders under Search Companion.

    3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

    4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

      Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

    5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

      Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

  • Registry Key Verification

    You may also be able to verify the files that this security update has installed by reviewing the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0BD1F5EF-CC01-482D-8132-BB680DB892A3}

Other Information

Acknowledgments

Microsoft thanks the following for working with us to help protect customers:

  • Nick DeBaggis for reporting the JPEG Vulnerability (CAN-2004-0200).

Obtaining Other Security Updates:

Updates for other security issues are available from the following locations:

Support:

  • Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.
  • International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.

Security Resources:

Software Update Services:

By using Microsoft Software Update Services (SUS), administrators can quickly and reliably deploy the latest critical updates and security updates to Windows 2000 and Windows Server 2003-based servers, and to desktop systems that are running Windows 2000 Professional or Windows XP Professional.

For more information about how to deploy this security update with Software Update Services, visit the Software Update Services Web site.

Systems Management Server:

Microsoft Systems Management Server (SMS) delivers a highly-configurable enterprise solution for managing updates. By using SMS, administrators can identify Windows-based systems that require security updates and to perform controlled deployment of these updates throughout the enterprise with minimal disruption to end users. For more information about how administrators can use SMS 2003 to deploy security updates, see the SMS 2003 Security Patch Management Web site. SMS 2.0 users can also use Software Updates Service Feature Pack to help deploy security updates. For information about SMS, visit the SMS Web site.

Note SMS uses the Microsoft Baseline Security Analyzer and the Microsoft Office Detection Tool to provide broad support for security bulletin update detection and deployment. Some software updates may not be detected by these tools. Administrators can use the inventory capabilities of the SMS in these cases to target updates to specific systems. For more information about this procedure, see the following Web site. Some security updates require administrative rights following a restart of the system. Administrators can use the Elevated Rights Deployment Tool (available in the SMS 2003 Administration Feature Pack and in the SMS 2.0 Administration Feature Pack) to install these updates.

Disclaimer:

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions:

  • V1.0 (September 14, 2004): Bulletin published
  • V1.1 (September 15, 2004): Affected and Non-Affected Software Sections updated. Office XP Service Pack 2 is affected and this has been clarified. The .NET Framework 1.1 SDK and MS Works (all versions) are not affected and have been added to the Non Affected Software Section. FAQ’s have also been updated to provide additional information about this issue.
  • V1.2 (September 21, 2004): Affected and Non-Affected Software Sections updated. Updated Security Update Information Sections for Office XP, Visio 2002, Project 2002, .NET Framework 1.0 and .NET Framework 1.1. FAQ’s have also been updated to provide additional information about this issue.
  • V2.0 (October 12, 2004): Bulletin updated to advise on the availability of revised security updates for Office XP, Visio 2002, and Project 2002 customers that are using Windows XP Service Pack 2. Microsoft Knowledge Base Article 833987 documents the currently known issues that customers may experience when installing these security updates. The article also documents recommended solutions for these issues. Microsoft has also released the MS04-028 Enterprise Update Scanning Tool to help customers detect and deploy the required updates. For more information about the MS04-028 Enterprise Update Scanning Tool, see Microsoft Knowledge Base Article 886988. We have released an update for Windows 2000-based systems that have installed the Windows Journal Viewer. The bulletin has also been updated with a new FAQ that addresses questions regarding the Visio 2002 Viewer, Visio 2003 Viewer, and PowerPoint 2003 Viewer programs.
  • V3.0 (December 14, 2004): Bulletin updated to advise on the availability of additional security updates. Standalone security updates for The Microsoft .NET Framework version 1.0 Service Pack 2 and The Microsoft .NET Framework version 1.1 are now available. Security updates for Microsoft Visual FoxPro 8.0 and the Microsoft Visual FoxPro 8.0 runtime are also now available. Bulletin updated to reflect the release of Windows Messenger 5.1 that contains an updated version of the affected file. The MS04-028 Enterprise Update Scanning Tool has been updated to detect and deploy the additional security updates.

Built at 2014-04-18T13:49:36Z-07:00