Microsoft Security Bulletin MS03-044
Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119)
Issued: October 15, 2003
Updated: October 22, 2003
Version Number: 1.1
See all Windows bulletins released October, 2003
Summary
Who Should Read This Document:
Customers using Microsoft® Windows®
Impact of Vulnerability:
Remote Code Execution
Maximum Severity Rating:
Critical
Recommendation:
Customers should install the patch immediately
Patch Replacement:
None
Caveats:
None
Tested Software and Patch Download Locations:
Affected Software:
- Microsoft Windows Millennium Edition - Download the patch
- Microsoft Windows NT Workstation 4.0, Service Pack 6a - Download the patch
- Microsoft Windows NT Server 4.0, Service Pack 6a - Download the patch
- Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6 - Download the patch
- Microsoft Windows 2000, Service Pack 2 - Download the patch
- Microsoft Windows 2000, Service Pack 3, Service Pack 4 - Download the patch
- Microsoft Windows XP Gold, Service Pack 1 - Download the patch
- Microsoft Windows XP 64-bit Edition - Download the patch
- Microsoft Windows XP 64-bit Edition Version 2003 - Download the patch
- Microsoft Windows Server 2003 - Download the patch
- Microsoft Windows Server 2003 64-bit Edition - Download the patch
Non Affected Software:
- None
The software listed above has been tested to determine if the versions are affected. Other versions are no longer supported, and may or may not be affected.
General Information
Technical Details
Technical Description:
A security vulnerability exists in the Help and Support Center function which ships with Windows XP and Windows Server 2003. The affected code is also included in all other supported Windows operating systems, although no known attack vector has been identified at this time because the HCP protocol is not supported on those platforms. The vulnerability results because a file associated with the HCP protocol contains an unchecked buffer.
An attacker could exploit the vulnerability by constructing a URL that, when clicked on by the user, could execute code of the attacker's choice in the Local Computer security context. The URL could be hosted on a web page, or sent directly to the user in email. In the web based scenario, where a user then clicked on the URL hosted on a website, an attacker could have the ability to read or launch files already present on the local machine.
The risk of attack from the HTML email vector can be significantly reduced if the following conditions are met:
- You have applied the patch included with Microsoft Security bulletin MS03-040
- You are using Internet Explorer 6 or later
- You are using the Microsoft Outlook Email Security Update or Microsoft Outlook Express 6.0 and higher, or Microsoft Outlook 2000 or higher in their default configuration.
Mitigating factors:
- The Help and Support Center function can not be started automatically in Outlook Express or Outlook if the user is running Internet Explorer 6.0 Service Pack 1.
- In the Web based attack scenario, the attacker would have to host a web site that contained a web page used to exploit these vulnerabilities. An attacker would have no way to force users to visit a malicious web site outside of the HTML email vector. Instead, the attacker would need to lure them there, typically by getting them to click on a link that would take them to the attacker's site.
Severity Rating:
| Windows Millennium Edition | Low |
| Windows NT Server 4.0 | Low |
| Windows NT Server 4.0, Terminal Server Edition | Low |
| Windows 2000 | Low |
| Windows XP | Critical |
| Windows Server 2003 | Critical |
The above assessment is based on the types of systems affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them.
Vulnerability identifier:CAN-2003-0711
Workarounds
Microsoft has tested the following workarounds. These workarounds will not correct the underlying vulnerability however they help block known attack vectors. Workarounds may cause a reduction in functionality in some cases - in such situations this is identified below.
- Deregister the HCP Protocol.
Deregistering the HCP Protocol or changing the registration will prevent an attack from being successful. The protocol can be deregistered by deleting the following key from the registry: HKEY_CLASSES_ROOT\HCP.
- From the Start Menu, select Run
- Type regedit then click OK (The registry editor program launches)
- Expand HKEY_CLASSES_ROOT and highlight the HCP key
- Right mouse click on the HCP key, and select Delete
WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall Windows. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.
Impact of Workaround: Deregistering the HCP protocol will break all local, legitimate help links that use hcp://. For example links in the Control Panel may no longer function.
- Install Outlook Email Security Update if you are using Outlook 2000 SP1 or Earlier.
The Outlook Email Security Update causes Outlook 98 and 2000 to open HTML mail in the Restricted Sites Zone by default. Outlook Express 6.0 and Outlook 2002 by default open HTML mail in the Restricted Sites Zone. Customers who use any of these products would be at a reduced risk from an e-mail borne attack that attempts to exploit this vulnerability unless the user clicks a malicious link in the email
- If you are using Outlook 2002 or Outlook Express 6.0SP1 or higher, to help protect yourself from the HTML email attack vector, read email in plain text format.
Users of Microsoft Outlook 2002 and Outlook Express 6.0 who have applied Service Pack 1 and or higher can enable a feature to view all non-digitally-signed e-mail or non-encrypted e-mail messages in plain text only.
Digitally signed e-mail or encrypted e-mail messages are not affected by the setting and may be read in their original formats. Information on enabling this setting in Outlook 2002 can be found in the following Knowledge Base article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;307594
Information on enabling this setting in Outlook Express 6.0 can be found in the following Knowledge Base article:
http://support.microsoft.com/?kbid=291387
Impact of Workaround:
E-mail viewed in plain text format cannot contain pictures, specialized fonts, animations, or other rich content. In addition:
- The changes are applied to the preview pane and open messages.
- Pictures become attachments to avoid loss.
- Since the message is still in Rich Text or HTML format in the store, the object model (custom code solutions) may behave unexpectedly because the message is still in Rich Text or HTML format in the mail store.
Frequently Asked Questions
What's the scope of this vulnerability?
This is a buffer overrun vulnerability. An attacker who successfully exploited this vulnerability could cause code of their choice to be executed as though it originated on the local machine. Such code could provide the attacker with the ability to take any desired action on the machine, including adding, deleting or modifying data on the system or running any code of the attacker's choice.
What causes the vulnerability?
The vulnerability results because of an unchecked buffer in file associated with the HCP protocol which is owned by the Help and Support Center.
What is the Help and SupportCenter?
Help and Support Center (HSC) is a feature in Windows that provides help on a variety of topics. For instance, HSC enables users to learn about Windows features, download and install software updates, determine whether a particular hardware device is compatible with Windows, get assistance from Microsoft, and so forth.
Users and programs can execute URL links to Help and Support Center by using the "hcp://" prefix in a URL link instead of "http://".
What is the HCP protocol?
Similar to the HTTP protocol which is used to execute URL links to open a web browser, the HCP protocol can be used to execute URL links to open the Help and Support Center feature.
What's wrong with the HCP protocol?
There is an unchecked buffer in an associated file used by the HCP protocol. This file is used by the Help and Support Center feature and is invoked automatically when HSC is launched.
What could this vulnerability enable an attacker to do?
This vulnerability could enable an attacker to cause code of their choice to run with additional privileges on the system. This could allow the attacker to add, delete or modify data on the system, or take any other action of the attacker's choice.
How could an attacker exploit this vulnerability?
The attacker would need to construct a web page that launched a specially crafted URL. The attack could then proceed via either of two vectors. In the first, the attacker could host the web page on a web site; when a user visited the site, the web page would attempt to launch the URL and exploit the vulnerability. In the second, the attacker could send the web page as an HTML mail. Upon being opened by the recipient, the web page could attempt to invoke the function and exploit the vulnerability.
Why is this vulnerability listed only as "Low" on all systems prior to Windows XP?
The specific file which actually contains the vulnerable code is present on all versions of Microsoft Windows, but the Help and Support Center functionality, which is required to exploit the vulnerability, is not available or supported on platforms prior to Windows XP.
Is there anything that helps mitigate the risk of an HTML email attack?
The risk of attack from the HTML email vector can be significantly reduced if the following conditions are met:
- You have applied the patch included with Microsoft Security bulletin MS03-040
- You are using Internet Explorer 6 or later
- You are using the Microsoft Outlook Email Security Update or Microsoft Outlook Express 6.0 and higher, or Microsoft Outlook 2000 or higher in their default configuration.
What does the patch do?
The patch addresses the vulnerability by correcting the unchecked buffer in the file associated with the HCP protocol.
Security Patch Information
Installation Platforms and Prerequisites:
For information about the specific security patch for your platform, click the appropriate link:
Windows Server 2003 (all versions)
Prerequisites:
This security patch requires a released version of Windows Server 2003.
Inclusion in future service packs:
The fix for this issue will be included in Windows Server 2003 Service Pack 1.
Installation Information:
This security patch supports the following Setup switches:
/?: Show the list of installation switches.
/u: Use Unattended mode.
/f: Force other programs to quit when the computer shuts down.
/n: Do not back up files for removal.
/o: Overwrite OEM files without prompting.
/z: Do not restart when the installation is complete.
/q: Use Quiet mode (no user interaction).
/l: List the installed hotfixes.
/x: Extract the files without running Setup.
Deployment Information
To install the security patch without any user intervention, use the following command line:
Windowsserver2003-kb825119-x86-enu /u /q
To install the security patch without forcing the computer to restart, use the following command line:
Windowsserver2003-kb825119-x86-enu /z
Note: You can combine these switches into one command line.
For information about how to deploy this security patch with Microsoft Software Update Services, visit the following Microsoft Web site:
http://www.microsoft.com/windowsserversystem/updateservices/evaluation/previous/susoverview.mspx
Restart Requirement:
You must restart your computer after you apply this security patch.
Removal Information:
To remove this update, use the Add or Remove Programs tool in Control Panel.
System administrators can use the Spuninst.exe utility to remove this security patch. The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB825119$\Spuninst folder, and it supports the following Setup switches:
/?: Show the list of installation switches.
/u: Use unattended mode.
/f: Force other programs to quit when the computer shuts down.
/z: Do not restart when the installation is complete.
/q: Use Quiet mode (no user interaction).
File Information:
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, and Windows Server 2003, Datacenter Edition:
| Date | Time | Version | Size | File Name | Folder |
|---|---|---|---|---|---|
| 25-Aug-2003 | 15:16 | 5.2.3790.80 | 143,872 | Itircl.dll | RTMQFE |
| 25-Aug-2003 | 14:53 | 5.2.3790.80 | 143,872 | Itircl.dll | RTMGDR |
Windows Server 2003, 64-Bit Enterprise Edition and Windows Server 2003, 64-Bit Datacenter Edition:
| Date | Time | Version | Size | File Name | Platform | Folder |
|---|---|---|---|---|---|---|
| 25-Aug-2003 | 15:17 | 5.2.3790.80 | 613,888 | Itircl.dll | I64 | RTMQFE |
| 25-Aug-2003 | 15:16 | 5.2.3790.80 | 143,872 | Itircl.dll | x86 | RTMQFE |
| 25-Aug-2003 | 15:13 | 5.2.3790.80 | 665,600 | Itircl.dll | I64 | RTMGDR |
| 25-Aug-2003 | 14:53 | 5.2.3790.80 | 143,872 | Itircl.dll | x86 | RTMGDR |
Note: When you install this security patch on a Windows Server 2003-based computer or on a Windows XP 64-Bit Edition Version 2003-based computer, the installer checks to see if any of the files that are being updated on your computer have previously been updated by a Microsoft hotfix. If you have previously installed a hotfix to update one of these files, the installer copies the RTMQFE files to your computer. Otherwise, the installer copies the RTMGDR files to your computer. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
824994 Description of the Contents of a Windows Server 2003 Product Update Package
Verifying patch installation:
To verify that the security patch is installed on your computer use the Microsoft Baseline Security Analyzer (MBSA) tool. For additional information about MBSA, click the following article number to view the article in the Microsoft Knowledge Base:
320454 Microsoft Baseline Security Analyzer Version 1.1.1 Is Available
You may also be able to verify the files that this security patch installed by reviewing the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP1\KB825119\Filelist
Note: This registry key may not be not created properly when an administrator or an OEM integrates or slipstreams the 825119 security patch into the Windows installation source files.
Windows XP (all versions)
For Windows XP 64-Bit Edition, Version 2003, this security patch is the same as the security patch for 64-bit versions of Windows Server 2003.
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Prerequisites:
This security patch requires the released version of Windows XP or Windows XP Service Pack 1 (SP1). For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
322389 How to Obtain the Latest Windows XP Service Pack
Inclusion in future service packs:
The fix for this issue will be included in Windows XP Service Pack 2.
Installation Information:
This security patch supports the following Setup switches:
/?: Show the list of installation switches.
/u: Use Unattended mode.
/f: Force other programs to quit when the computer shuts down.
/n: Do not back up files for removal.
/o: Overwrite OEM files without prompting.
/z: Do not restart when the installation is complete.
/q: Use Quiet mode (no user interaction).
/l: List the installed hotfixes.
/x: Extract the files without running Setup.
Deployment Information
To install the security patch without any user intervention, use the following command line:
Windowsxp-kb825119-x86-enu /u /q
To install the security patch without forcing the computer to restart, use the following command line:
Windowsxp-kb825119-x86-enu /z
Note: You can combine these switches into one command line.
For information about how to deploy this patch with Software Update Services, visit the following Microsoft Web site:
http://www.microsoft.com/windowsserversystem/updateservices/evaluation/previous/susoverview.mspx
Restart Requirement:
You must restart your computer after you apply this security patch.
Removal Information:
To remove this security patch, use the Add or Remove Programs tool in Control Panel.
System administrators can use the Spuninst.exe utility to remove this security patch. The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB828025$\Spuninst folder, and it supports the following Setup switches:
/?: Show the list of installation switches.
/u: Use unattended mode.
/f: Force other programs to quit when the computer shuts down.
/z: Do not restart when the installation is complete.
/q: Use Quiet mode (no user interaction).
File Information:
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Windows XP Home Edition, Windows XP Professional, Windows XP Tablet PC Edition, and Windows XP Media Center Edition:
| Date | Time | Version | Size | File Name |
|---|---|---|---|---|
| 28-Aug-2003 | 09:57 | 5.2.3790.80 | 143,872 | Itircl.dll |
Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, and Windows Server 2003, Datacenter Edition:
| Date | Time | Version | Size | File Name |
|---|---|---|---|---|
| 28-Aug-2003 | 16:57 | 5.2.3790.80 | 143,872 | Itircl.dll |
Windows XP 64-Bit Edition Version 2002:
| Date | Time | Version | Size | File Name | Platform |
|---|---|---|---|---|---|
| 28-Aug-2003 | 16:56 | 5.2.3790.80 | 613,888 | Itircl.dll | IA64 |
| 28-Aug-2003 | 16:57 | 5.2.3790.80 | 143,872 | Witircl.dll | x86 |
Windows XP 64-Bit Edition Version 2003:
| Date | Time | Version | Size | File Name | Platform | Folder |
|---|---|---|---|---|---|---|
| 25-Aug-2003 | 15:17 | 5.2.3790.80 | 613,888 | Itircl.dll | I64 | RTMQFE |
| 25-Aug-2003 | 15:16 | 5.2.3790.80 | 143,872 | Itircl.dll | x86 | RTMQFE |
| 25-Aug-2003 | 15:13 | 5.2.3790.80 | 613,888 | Itircl.dll | I64 | RTMGDR |
| 25-Aug-2003 | 14:53 | 5.2.3790.80 | 143,872 | Itircl.dll | x86 | RTMGDR |
Note: When you install the Windows XP 64-Bit Edition Version 2003 security patch, the installer checks to see if any of the files that are being updated on your computer have previously been updated by a Microsoft hotfix. If you have previously installed a hotfix to update one of these files, the installer copies the RTMQFE files to your computer. Otherwise, the installer copies the RTMGDR files to your computer. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
824994 Description of the Contents of a Windows Server 2003 Product Update Package
The Windows XP and Windows XP 64-Bit Edition Version 2002 versions of this security patch are packaged as dual-mode packages. Dual-mode packages contain files for both the original version of Windows XP and Windows XP Service Pack 1 (SP1). For additional information about dual-mode packages, click the following article number to view the article in the Microsoft Knowledge Base:
328848 Description of Dual-Mode Hotfix Packages for Windows XP
Verifying patch installation:
To verify that the security patch is installed on your computer use the Microsoft Baseline Security Analyzer (MBSA) tool. For additional information about MBSA, click the following article number to view the article in the Microsoft Knowledge Base:
320454 Microsoft Baseline Security Analyzer Version 1.1.1 Is Available
You may also be able to verify the files that this security patch installed by reviewing the following registry keys:
For Windows XP Home Edition SP1; Windows XP Professional SP1; Windows XP 64-Bit Edition, Version 2002 SP1; Windows XP Tablet PC Edition; Windows XP Media Center Edition:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB825119\Filelist
For Windows XP Home Edition; Windows XP Professional; Windows XP 64-Bit Edition, Version 2002:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP1\KB825119\Filelist
For Windows XP 64-Bit Edition, Version 2003:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP1\KB825119\Filelist
Note: This registry key may not be not created properly when an administrator or an OEM integrates or slipstreams the 825119 security patch into the Windows installation source files.
Windows 2000 (all versions)
Prerequisites:
For Windows 2000 this security patch requires Service Pack 2 (SP2), Service Pack 3 (SP3), or Service Pack 4 (SP4).
For information about the Windows desktop product life cycle, visit the following Microsoft Web site:
http://www.microsoft.com/lifecycle/
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
Inclusion in future service packs:
The fix for this issue will be included in Windows 2000 Service Pack 5.
Installation Information:
This security patch supports the following Setup switches:
/?: Show the list of installation switches.
/u: Use Unattended mode.
/f: Force other programs to quit when the computer shuts down.
/n: Do not back up files for removal.
/o: Overwrite OEM files without prompting.
/z: Do not restart when the installation is complete.
/q: Use Quiet mode (no user interaction).
/l: List the installed hotfixes.
/x: Extract the files without running Setup.
Deployment Information
To install the security patch without any user intervention, use the following command line:
For Windows 2000 Service Pack 3, Windows 2000 Service Pack 4:
Windows2000-kb825119-x86-enu /u /q
For Windows 2000 Service Pack 2:
Windows2000-kb825119-x86-enu-customservicepacksupport /u /q
To install the security patch without forcing the computer to restart, use the following command line:
For Windows 2000 Service Pack 3, Windows 2000 Service Pack 4:
Windows2000-kb825119-x86-enu /z
For Windows 2000 Service Pack 2:
Windows2000-kb825119-x86-enu-customservicepacksupport /z
Note: You can combine these switches into one command line.
For information about how to deploy this patch with Software Update Services, visit the following Microsoft Web site:
http://www.microsoft.com/windowsserversystem/updateservices/evaluation/previous/susoverview.mspx
Restart Requirement:
You must restart your computer after you apply this security patch.
Removal Information:
To remove this security patch, use the Add or Remove Programs tool in Control Panel.
System administrators can use the Spuninst.exe utility to remove this security patch. The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB825119$\Spuninst folder, and it supports the following Setup switches:
/?: Show the list of installation switches.
/u: Use unattended mode.
/f: Force other programs to quit when the computer shuts down.
/z: Do not restart when the installation is complete.
/q: Use Quiet mode (no user interaction).
File Information:
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4:
| Date | Time | Version | Size | File Name |
|---|---|---|---|---|
| 27-Aug-2003 | 22:13 | 5.2.3790.80 | 143,872 | Itircl.dll |
Verifying patch installation:
To verify that the security patch is installed on your computer use the Microsoft Baseline Security Analyzer (MBSA) tool. For additional information about MBSA, click the following article number to view the article in the Microsoft Knowledge Base:
320454 Microsoft Baseline Security Analyzer Version 1.1.1 Is Available
You may also be able to verify the files that this security patch installed by reviewing the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB825119\Filelist
Note: This registry key may not be not created properly when an administrator or an OEM integrates or slipstreams the 825119 security patch into the Windows installation source files.
Windows NT 4.0 (all versions)
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Prerequisites:
This security patch requires Windows NT 4.0 Service Pack 6a (SP6a) or Windows NT Server 4.0, Terminal Server Edition, Service Pack 6 (SP6).
For information about the Windows desktop product life cycle, visit the following Microsoft Web site:
http://www.microsoft.com/lifecycle/
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
152734 How to Obtain the Latest Windows NT 4.0 Service Pack
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
152734 How to Obtain the Latest Windows NT 4.0 Service Pack
Installation Information:
This security patch supports the following Setup switches:
/y: Perform removal (only with /m or /q ).
/f: Force programs to quit during the shutdown process.
/n: Do not create an Uninstall folder.
/z: Do not restart when the update completes.
/q: Use Quiet or Unattended mode with no user interface (this switch is a superset of /m ).
/m: Use Unattended mode with a user interface.
/l: List the installed hotfixes.
/x: Extract the files without running Setup.
Deployment Information
To install the security patch without any user intervention, use the following command line:
For Windows NT Server 4.0, Windows NT Server 4.0, Terminal Server Edition:
Windowsnt4server-kb825119-x86-enu /q
For Windows NT Workstation 4.0:
Windowsnt4workstation-kb825119-x86-enu /q
To install the security patch without forcing the computer to restart, use the following command line:
For Windows NT Server 4.0, Windows NT Server 4.0, Terminal Server Edition:
Windowsnt4server-kb825119-x86-enu /z
For Windows NT Workstation 4.0:
Windowsnt4workstation-kb825119-x86-enu /z
Note: You can combine these switches into one command line.
For information about how to deploy this patch with Software Update Services, visit the following Microsoft Web site:
http://www.microsoft.com/windowsserversystem/updateservices/evaluation/previous/susoverview.mspx
Restart Requirement:
You must restart your computer after you apply this security patch.
Removal Information:
To remove this update, use the Add or Remove Programs tool in Control Panel.
System administrators can use the Hotfix.exe utility to remove this security patch. The Hotfix.exe utility is located in the %Windir%\$NTUninstallKB825119$ folder. The utility supports the following Setup switches:
/y: Perform removal (only with /m or /q).
/f: Force other programs to be closed at shutdown.
/n: Do not create an Uninstall folder.
/z: Do not restart when update completes.
/q: Use Quiet or Unattended mode with no user interface (this switch is a superset of /m).
/m: Use Unattended mode with a user interface.
/l: List the installed hotfixes.
File Information:
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Windows NT Workstation 4.0, Windows NT Server 4.0:
| Date | Time | Version | Size | File Name |
|---|---|---|---|---|
| 25-Aug-2003 | 21:53 | 5.2.3790.80 | 143,872 | Itircl.dll |
Windows NT Server 4.0, Terminal Server Edition:
| Date | Time | Version | Size | File Name |
|---|---|---|---|---|
| 25-Aug-2003 | 21:53 | 5.2.3790.80 | 143,872 | Itircl.dll |
Verifying patch installation:
To verify that the security patch is installed on your computer use the Microsoft Baseline Security Analyzer (MBSA) tool. For additional information about MBSA, click the following article number to view the article in the Microsoft Knowledge Base:
320454 Microsoft Baseline Security Analyzer Version 1.1.1 Is Available
You may also be able to verify the files that this security patch installed by reviewing the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB825119\File 1
Note: This registry key may not be not created properly when an administrator or an OEM integrates or slipstreams the 825119 security patch into the Windows installation source files.
Windows Me (all versions)
Prerequisites:
There are no prerequisites for the installation of this update.
Reboot Requirement
You must restart your computer after you apply this update.
Previous Update Status
This update does not supersede any other updates.
Setup Switches
This update supports the following Setup switches:
/Q : Quiet modes for package.
/T:full path : Specifies temporary working folder.
/C : Extract files only to the folder when used with /T.
/C:Cmd : Override Install command defined by author.
For example, to install the update without any user intervention, use the following command line:
825119usam /Q
File Information:
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. The following files are copied to the %Windir%\system folder:
Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, and Windows Server 2003, Datacenter Edition:
| Date | Time | Version | Size | File Name |
|---|---|---|---|---|
| 25-Aug-2003 | 14:53 | 5.2.3790.80 | 143,872 | Itircl.dll |
Note: Because of file dependencies, this update may contain additional files.
Verifying patch installation:
To verify that the patch has been installed on the machine, use the Qfecheck.exe tool and confirm that the display includes the following information:
UPD825119 Windows Me Q825119 Update
You may also be able to verify the files that this security patch installed by reviewing the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Updates\WinME\UPD825119
Note: This registry key may not be not created properly when an administrator or an OEM integrates or slipstreams the 825119 security patch into the Windows installation source files.
Other Information
Acknowledgments
Microsoft thanks the following for working with us to protect customers:
- David Litchfield of Next Generation Security Software Ltd. for reporting the issue in MS03-044.
Obtaining other security patches:
Patches for other security issues are available from the following locations:
- Security patches are available from the Microsoft Download Center, and can be most easily found by doing a keyword search for "security_patch".
- Patches for consumer platforms are available from the Windows Update web site
Support:
- Technical support is available from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls associated with security patches.
Security Resources:
- The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products.
- Microsoft Software Update Services: http://www.microsoft.com/sus/
- Microsoft Baseline Security Analyzer (MBSA) details: http://www.microsoft.com/mbsa. Please see http://support.microsoft.com/default.aspx?scid=kb;EN-US;306460 for list of security patches that have detection limitations with MBSA tool.
- Windows Update Catalog: http://support.microsoft.com/default.aspx?scid=kb;EN-US;323166
- Windows Update: http://windowsupdate.microsoft.com
- Office Update: http://office.microsoft.com/officeupdate/
Disclaimer:
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Revisions:
- V1.0 October 15, 2003: Bulletin published.
- V1.1 October 22, 2003: Updated download link for Windows XP 64 bit edition Version 2003.