Microsoft Security Bulletin MS04-028

• An attacker who successfully exploited this vulnerability could gain the same privileges as the user. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
• The vulnerability could only be exploited by an attacker who persuaded a user to open a specially crafted file or to view a directory that contains the specially crafted image. There is no way for an attacker to force a user to open a malicious file.
• In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.
• Windows XP, Window XP Service Pack 1, and Windows Server 2003 are the only operating systems that contain the vulnerable component by default. By default, Windows 98, Windows 98 SE, Windows Me, Windows NT 4.0, Windows 2000, and Windows XP Service Pack 2 are not vulnerable to this issue. However, the vulnerable component will be installed by any of the programs listed in the affected software section of this bulletin on these operating systems and you should install the appropriate security update for those programs.

Microsoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified below.

Read e-mail messages in plain text format if you are using Outlook 2002 or later, or Outlook Express 6 SP1 or later, to help protect yourself from the HTML e-mail attack vector.

Microsoft Outlook 2002 users who have applied Office XP Service Pack 1 or later and Microsoft Outlook Express 6 users who have applied Internet Explorer 6 Service Pack 1 can enable this setting and view e-mail messages that are not digitally signed or e-mail messages that are not encrypted in plain text only.

Digitally signed e-mail messages or encrypted e-mail messages are not affected by the setting and may be read in their original formats. For more information about enabling this setting in Outlook 2002, see Microsoft Knowledge Base Article 307594.

For information about this setting in Outlook Express 6, see Microsoft Knowledge Base Article 291387.

Impact of Workaround: E-mail messages that are viewed in plain text format will not contain pictures, specialized fonts, animations, or other rich content. Additionally:

• The changes are applied to the preview pane and to open messages.
• Pictures become attachments so that they are not lost. Note Manually viewing these pictures could allow remote code execution if you are using a vulnerable application or operating system.
• Because the message is still in Rich Text or HTML format in the store, the object model (custom code solutions) may behave unexpectedly.

What is the scope of the vulnerability?
This is a buffer overrun vulnerability. If a user is logged on with administrator privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.

What causes the vulnerability?
An unchecked buffer in the processing of JPEG images.

What are JPEG images?
JPEG is a platform-independent image format that supports a high level of compression. JPEG is a widely supported Internet standard developed by the Joint Photographic Experts Group.

What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.

How could an attacker exploit this vulnerability?
Any program that processes JPEG images could be vulnerable to this attack. Here are some examples:

• An attacker could host a malicious Web site that is designed to exploit this vulnerability through Internet Explorer 6 and then persuade a user to view the Web site.
• An attacker could also create an HTML e-mail message that has a specially crafted image attached. The specially crafted image could be designed to exploit this vulnerability through Outlook 2002 or Outlook Express 6. An attacker could persuade the user to view or preview the HTML e-mail message.
• An attacker could embed a specially crafted image in an Office document and then persuade the user to view the document.
• An attacker could add a specially crafted image to the local file system or onto a network share and then persuade the user to preview the directory by using Windows Explorer.

What systems are primarily at risk from the vulnerability?
The vulnerability could only be exploited on the affected systems by an attacker who persuaded a user to open a specially crafted file or view a directory that contains the specially crafted image. There is no way for an attacker to force a user to open a malicious file.

In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.

Windows XP, Windows XP Service Pack 1, and Windows Server 2003 are vulnerable by default. Windows XP Service Pack 2, Windows 98, Windows 98 SE, Windows Me, Windows NT 4.0, and Windows 2000 are not vulnerable by default. However, the vulnerable component could be installed by any of the products listed in the affected software section on these operating systems. Third-party applications that perform JPEG processing; third-party applications that were developed using Visual Studio .NET 2002, Visual Studio .NET 2003, or the Microsoft .NET Framework version 1.0 SDK Service Pack 2; and third-party applications that distribute their own copy of the vulnerable component may be also vulnerable.

What does the update do?
The update removes the vulnerability by modifying the way that the affected component validates the affected image types.

When this security bulletin was issued, had this vulnerability been publicly disclosed?
No. Microsoft received information about this vulnerability through responsible disclosure. Microsoft had not received any information indicating that this vulnerability had been publicly disclosed when this security bulletin was originally issued.

When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?
No. Microsoft had not received any information indicating that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.

Important: Before you install this update, make sure that the following requirements have been met:

• Microsoft Windows Installer 2.0 must be installed. Microsoft Windows Server 2003, Windows XP and Microsoft Windows 2000 Service Pack 3 (SP3) include Windows Installer 2.0 or later. To install the latest version of the Windows Installer, visit one of the following Microsoft Web sites:

  Windows Installer 2.0 for Windows 95, Windows 98, Windows 98 SE, and Windows Millennium Edition

  Windows Installer 2.0 for Windows 2000 and Windows NT 4.0

• Office XP Service Pack 3 (SP3) must be installed in order to install the client security update. Before you install this update, install Office XP SP3. For additional information about how to install Office XP SP3, see Microsoft Knowledge Base Article 832671. The administrative update can also be installed on systems that are running Office XP Service Pack 2 or Office XP Service Pack 3. The security update for Office XP Service Pack 2 is only provided as part of the Office XP administrative security update.

For additional information about how to determine the version of Office XP on your computer, see Microsoft Knowledge Base Article 291331.

Note The administrative version of this update includes the necessary files to support installation on localized versions of the affected product, although the security update installation user interface will be in English.

Inclusion in Future Service Packs:

The fix for this issue will be included in a future service pack.

Restart Requirement

No restart is required.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove the application, and then install it again from the original CD-ROM.

Office Update Web Site

Microsoft recommends that you install the Microsoft Office XP client updates by using the Office Update Web site. The Office Update Web site detects your particular installation and prompts you to install exactly what you must have to make sure that your installation is completely up-to-date.

To have the Office Update Web site detect the required updates that you must install on your computer, visit the Office Update Web site, and then click Check for Updates. After detection is complete, you will receive a list of recommended updates for your approval. Click Start Installation to complete the process.

For detailed information about how to manually install this update please review the following section.

Installation Information

The security update supports the following setup switches:

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/Q:U Specifies user-quiet mode, which presents some dialog boxes to the user.

/Q:A Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the setup .inf or .exe file.

/R:N Never restarts the computer after installation.

/R:I Prompts the user to restart the computer if a restart is required, except when used with /Q:A.

/R:A Always restarts the computer after installation.

/R:S Restarts the computer after installation without prompting the user.

/N:V No version checking - Install the program over any previous version.

Note These switches do not necessarily work with all updates. If a switch is not available that functionality is necessary for the correct installation of the update. Also, the use of the /N:V switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it failed to install.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Client Deployment Information

1. Download the client version of this security update.
2. Click Save this program to disk, and then click OK.
3. Click Save.
4. Using Windows Explorer, find the folder that contains the saved file, and then double-click the saved file.
5. If you are prompted to install the update, click Yes.
6. Click Yes to accept the License Agreement.
7. Insert your original source CD-ROM when you are prompted to do so, and then click OK.
8. When you receive a message that indicates the installation was successful, click OK.

Note If the security update is already installed on your computer, you receive the following error message: This update has already been applied or is included in an update that has already been applied.

Client Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Office XP:

Date Time Version Size Filename
--------------------------------------------------------
07-May-2004 21:56 10.0.6714.0 9,796,288 Mso.dll

Verifying Update Installation

• Microsoft Baseline Security Analyzer

  To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

• File Version Verification

  Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.
  4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

     Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

  5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

     Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

If you installed your application from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.

Installation Information

The following setup switches are relevant to administrative installations as they allow an administrator to customize the manner in which the files are extracted from within the security update:

/? Displays the command line options

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Administrative Deployment Information

To update your administrative installation please perform the following procedure:

1. Download the administrative version of this security update.
2. Click Save this program to disk, and then click OK.
3. Click Save.
4. Using Windows Explorer, find the folder that contains the saved file and then double-click the saved file.
5. If you are prompted to install the update, click Yes.
6. Click Yes to accept the License Agreement.
7. In the Type the location where you want to place the extracted files box, type c:\adminUpdate, and then click OK.
8. Click Yes when you are prompted to create the folder.
9. If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box

   msiexec /a Admin Path\MSI File /p C:\adminUpdate\MSP File SHORTFILENAMES=TRUE

   Where Admin Path is the path of your administrative installation point for your application (for example, C:\OfficeXP), MSI File is the .msi database package for the application (for example, Data1.msi), and MSP File is the name of the administrative update (for example, SHAREDff.msp).

   Note You can append /qb+ to the command line so that the Administrative Installation dialog box and the End User License Agreement dialog box do not appear.

10. Click Next in the provided dialog box. Do not change your CD Key, installation location, or company name in the provided dialog box.
11. Click I accept the terms in the License Agreement, and then click Install.

At this point, your administrative installation point is updated. Next, you must update the workstations that were originally installed from this administrative installation. To do this, please review the Workstation Deployment section. Any new installations that you run from this administrative installation point will include the update.

Warning Any workstation that was originally installed from this administrative installation before you installed the update cannot use this administrative installation for actions like repairing Office or adding new features until you complete the steps in the Workstation Deployment section for this workstation.

Workstation Deployment Information

To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box:

msiexec /i Admin Path\MSI File /qb REINSTALL=Feature List REINSTALLMODE=vomu

where Admin Path is the path of your administrative installation point for your application (for example, C:\OfficeXP), MSI File is the MSI database package for the application (for example, Data1.msi), and Feature List is the list of feature names (case sensitive) that have to be reinstalled for the update. To install all features, you can use REINSTALL=ALL.

Note Additional instructions are provided in Microsoft Knowledge Base Article 832332. Information concerning this update can also be found on the Microsoft Office XP Resource Kit Web site. General information concerning the Microsoft Office XP Resource Kit can also be found on TechNet. The Windows Installer Documentation also provides additional information about the parameters supported by the Windows Installer.

Administrative Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Office XP:

Date Time Version Size Filename
--------------------------------------------------------
07-May-2004 21:56 10.0.6714.0 9,796,288 Mso.dll

Verifying Update Installation

• Microsoft Baseline Security Analyzer

  To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

• File Version Verification

  Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.
  4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

     Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

  5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

     Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

Important: Before you install this update, make sure that the following requirements have been met:

• Microsoft Windows Installer 2.0 must be installed. Microsoft Windows Server 2003, Windows XP and Microsoft Windows 2000 Service Pack 3 (SP3) include Windows Installer 2.0 or later. The latest version of Windows Installer is available as a separate download at the following links:

  Windows Installer 2.0 for Windows 95, Windows 98, and Windows Millennium Edition

  Windows Installer 2.0 for Windows 2000 and Windows NT 4.0

• Microsoft Project Standard 2002, Microsoft Project Standard Service Pack 1, Microsoft Project Professional 2002, or Microsoft Project Professional 2002 Service Pack 1 must be installed. We recommend that before you install this update that you install Microsoft Project 2002 Service Pack 1. However this update will successfully install on installations of Microsoft Project 2002 that do not have Service Pack 1 installed. For additional information about how to install Microsoft Project 2002 Service Pack 1, see Microsoft Knowledge Base Article 830241. For additional information about how to install this update on Microsoft Project 2002 installations that do not have Project 2002 Service Pack 1 installed, see Microsoft Knowledge Base Article 831931.

Note The administrative (full-file) version of this update includes the necessary files to support installation on localized versions of the affected product, although the security update installation user interface will be in English.

Inclusion in Future Service Packs:

The fix for this issue will be included in a future service pack.

Restart Requirement

No restart is required.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove the application, and then install it again from the original CD-ROM.

Office Update Web Site

Microsoft recommends that you install the Project 2002 client update by using the Office Update Web site. The Office Update Web site detects your particular installation and prompts you to install exactly what you must have to make sure that your installation is completely up-to-date.

To have the Office Updates Web site detect the required updates that you must install on your computer, visit the Office Update Web site, then click Check for Updates. After detection is complete, you will receive a list of recommended updates for your approval. Click Start Installation to complete the process.

For detailed information about how to manually install this update please review the following section.

Installation Information

The security update supports the following Setup switches:

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/Q:U Specifies user-quiet mode, which presents some dialog boxes to the user.

/Q:A Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

/R:N Never restarts the computer after installation.

/R:I Prompts the user to restart the computer if a restart is required, except when used with /Q:A.

/R:A Always restarts the computer after installation.

/R:S Restarts the computer after installation without prompting the user.

/N:V No version checking - Install the program over any previous version.

Note These switches do not necessarily work with all updates. If a switch is not available that functionality is necessary for the correct installation of the update. Also, the use of the /N:V switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it failed to install.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Client Deployment Information

1. Download the update.
2. Click Save this program to disk, and then click OK.
3. Click Save.
4. Using Windows Explorer, find the folder that contains the saved file, and then double-click the saved file.
5. If you are prompted to install the update, click Yes.
6. Click Yes to accept the License Agreement.
7. Insert your original source CD-ROM when you are prompted to do so, and then click OK.
8. When you receive a message that indicates the installation was successful, click OK.

Note If the security update is already installed on your computer, you receive the following error message: This update has already been applied or is included in an update that has already been applied.

Client Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Project 2002:

Date Time Version Size Filename
--------------------------------------------------------
07-May-2004 21:56 10.0.6714.0 9,796,288 Mso.dll

Verifying Update Installation

• Microsoft Baseline Security Analyzer (MBSA)

  To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

• File Version Verification

  Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.
  4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

     Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

  5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

     Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

If you installed your application from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.

Installation Information

The following setup switches are relevant to administrative installations as they allow an administrator to customize the manner in which the files are extracted from within the security update:

/? Displays the command line options

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Administrative Deployment Information

To update your administrative installation please perform the following procedure:

1. In Windows Explorer, create a new folder on the C drive, and then name it KB831931.
2. Download the update.
3. Click Save this program to disk to save the Project2002-KB831931-FullFile-ENU.exe file to the C:\KB831931 folder.
4. Click Start, click Run, type cmd in the Open box, and then click OK. (When using Windows 98, Windows 98 SE, or Windows Millennium Edition replace cmd with command.com.)
5. At the command prompt, type the following lines, and then press ENTER after each line:

   cd\kb831931

   Project2002-KB831931-FullFile-ENU.exe /c /t:c:\kb831931

6. Click Yes to accept the License Agreement.
7. At the command prompt, type the following line, and then press ENTER:

   exit

8. If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box

   msiexec /a Admin Path\MSI File /p C:\kb831931\MSP File SHORTFILENAMES=TRUE

   Where Admin Path is the path of your administrative installation point for your application (for example, C:\Project), MSI File is the .msi database package for the application (for example, Prjproe.msi), and MSP File is the name of the administrative update (for example, MSO.MSP).

   Note You can append /qb+ to the command line so that the Administrative Installation dialog box and the End User License Agreement dialog box do not appear.

9. Click Next in the provided dialog box. Do not change your CD Key, installation location, or company name in the provided dialog box.
10. Click I accept the terms in the License Agreement, and then click Install.

At this point, your administrative installation point is updated. Next, you must update the workstations that were originally installed from this administrative installation. To do this, please review the Workstation Deployment section. Any new installations that you run from this administrative installation point will include the update.

Warning Any workstation that was originally installed from this administrative installation before you installed the update cannot use this administrative installation for actions like repairing Office or adding new features until you complete the steps in the Workstation Deployment section for this workstation.

Workstation Deployment Information

To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box:

msiexec /i Admin Path\MSI File /qb REINSTALL=Feature List REINSTALLMODE=vomu

where Admin Path is the path of your administrative installation point for your application (for example, C:\Project), MSI File is the MSI database package for the application (for example, Prjproe.msi), and Feature List is the list of feature names (case sensitive) that have to be reinstalled for the update. To install all features, you can use REINSTALL=ALL.

Note Additional instructions are provided in Microsoft Knowledge Base Article 831931. Information concerning Microsoft Project 2002 can be found in the Microsoft Project 2002 Resource Kit. General information concerning the Microsoft Office XP Resource Kit can also be found on TechNet. The Windows Installer Documentation also provides additional information about the parameters supported by the Windows Installer.

Administrative Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Project 2002:

Date Time Version Size Filename
--------------------------------------------------------
07-May-2004 21:56 10.0.6714.0 9,796,288 Mso.dll

Verifying Update Installation

• Microsoft Baseline Security Analyzer

  To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

• File Version Verification

  Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.
  4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

     Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

  5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

     Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

Important: Before you install this update, make sure that the following requirements have been met:

• Microsoft Windows Installer 2.0 must be installed. Microsoft Windows Server 2003, Windows XP and Microsoft Windows 2000 Service Pack 3 (SP3) include Windows Installer 2.0 or later. The latest version of Windows Installer is available as a separate download at the following links:

  Windows Installer 2.0 for Windows 95, Windows 98, and Window Millennium

  Windows Installer 2.0 for Windows 2000 and Windows NT 4.0

• Either Microsoft Visio 2002 Standard (Service Pack 1 or Service Pack 2), Microsoft Visio 2002 Professional (Service Pack 1 or Service Pack 2), Microsoft Visio 2002 for Enterprise Architects (Service Pack 1 or Service Pack 2), or Microsoft Visio 2002 for Biztalk Server (Service Pack 1 or Service Pack 2) must be installed. Before you install this update, install Visio 2002 Service Pack 1 or Service Pack 2. For additional information about how to install Visio 2002 Service Pack 2, see Microsoft Knowledge Base Article 830242. For additional information about how to install this update on Microsoft Visio 2002 installations that do not have Visio 2002 Service Pack 2 installed, see Microsoft Knowledge Base Article 831932.

Note The administrative (full-file) version of this update includes the necessary files to support installation on localized versions of the affected product, although the security update installation user interface will be in English.

Inclusion in Future Service Packs:

The fix for this issue will be included in a future service pack.

Restart Requirement

No restart is required.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove the application, and then install it again from the original CD-ROM.

Office Update Web Site

Microsoft recommends that you install the Visio 2002 client update by using the Office Update Web site. The Office Update Web site detects your particular installation and prompts you to install exactly what you must have to make sure that your installation is completely up-to-date.

To have the Office Update Web site detect the required updates that you must install on your computer, visit the Office Update Web site and then click Check for Updates. After detection is complete, you will receive a list of recommended updates for your approval. Click Start Installation to complete the process.

For detailed information about how to manually install this update please review the following section.

Installation Information

The security update supports the following Setup switches:

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/Q:U Specifies user-quiet mode, which presents some dialog boxes to the user.

/Q:A Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

/R:N Never restarts the computer after installation.

/R:I Prompts the user to restart the computer if a restart is required, except when used with /Q:A.

/R:A Always restarts the computer after installation.

/R:S Restarts the computer after installation without prompting the user.

/N:V No version checking - Install the program over any previous version.

Note These switches do not necessarily work with all updates. If a switch is not available, that functionality is necessary for the correct installation of the update. Also, the use of the /N:V switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it failed to install.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Client Deployment Information

1. Download the update
2. Click Save this program to disk, and then click OK.
3. Click Save.
4. Using Windows Explorer, find the folder that contains the saved file, and the double-click the saved file.
5. If you are prompted to install the update, click Yes.
6. Click Yes to accept the License Agreement.
7. Insert your original source CD-ROM when you are prompted to do so, and then click OK.
8. When you receive a message that indicates the installation was successful, click OK.

Note If the security update is already installed on your computer, you receive the following error message: This update has already been applied or is included in an update that has already been applied.

Client Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Visio 2002:

Date Time Version Size Filename
---------------------------------------------------------
02-Mar-2004 21:19 5.1.3102.1360 1,638,400 Gdiplus.dll
07-May-2004 21:56 10.0.6714.0 9,796,288 Mso.dll

Note When you install this security update on Windows XP or Windows Server 2003, it only installs the Mso.dll file. Visio 2002 uses the operating system version of the Gdiplus.dll file on Windows XP and Windows Server 2003. If you use Visio 2002 on Windows XP or Windows Server 2003 make sure that you install the operating system version of the security update. When you install this security update on other operating systems, it will install both the Gdiplus.dll file and the Mso.dll file.

Verifying Update Installation

• Microsoft Baseline Security Analyzer

  To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

• File Version Verification

  Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.
  4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

     Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

  5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

     Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

If you installed your application from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.

Installation Information

The following setup switches are relevant to administrative installations as they allow an administrator to customize the manner in which the files are extracted from within the security update:

/? Displays the command line options

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Administrative Deployment Information

To update your administrative installation please perform the following procedure:

1. In Windows Explorer, create a new folder on the C drive, and then name it KB831932.
2. Download the update.
3. Click Save this program to disk to save the Visio2002-KB831932-FullFile-ENU.exe file to the C:\KB831932 folder.
4. Click Start, click Run, type cmd in the Open box, and then click OK. (When using Windows 98, Windows 98 SE, or Windows Millennium Edition replace cmd with command.com.)
5. At the command prompt, type the following lines, and then press ENTER after each line:

   cd\kb831932

   Visio2002-KB831932-FullFile-ENU.exe /c /t:c:\kb831932

6. Click Yes to accept the License Agreement.
7. At the command prompt, type the following line, and then press ENTER:

   exit

8. If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box

   msiexec /a Admin Path\MSI File /p C:\kb831932\Visio2002-KB831932-FullFile.MSP

   Where Admin Path is the path of your administrative installation point for your application (for example, C:\Visio), MSI File is the .msi database package for the application (for example, Visio.msi), and MSP File is the name of the administrative update (for example, Visio2002-KB831932-FullFile.MSP).

   Note You can append /qb+ to the command line so that the Administrative Installation dialog box and the End User License Agreement dialog box do not appear.

9. Click Next in the provided dialog box. Do not change your CD Key, installation location, or company name in the provided dialog box.
10. Click I accept the terms in the License Agreement, and then click Install.

At this point, your administrative installation point is updated. Next, you must update the workstations that were originally installed from this administrative installation. To do this, please review the Workstation Deployment section. Any new installations that you run from this administrative installation point will include the update.

Warning Any workstation that was originally installed from this administrative installation before you installed the update cannot use this administrative installation for actions like repairing Office or adding new features until you complete the steps in the Workstation Deployment section for this workstation.

Workstation Deployment Information

To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box:

msiexec /i Admin Path\MSI File /qb REINSTALL=Feature List REINSTALLMODE=vomu

where Admin Path is the path of your administrative installation point for your application (for example, C:\Visio), MSI File is the MSI database package for the application (for example, Visio.msi), and Feature List is the list of feature names (case sensitive) that have to be reinstalled for the update. To install all features, you can use REINSTALL=ALL.

Note Additional instructions are provided in Microsoft Knowledge Base Article 831932. Information on deploying updates in a corporate environment can also be found in the Microsoft Office Resource Kit or the Microsoft Visio 2002 Resource Kit. The Windows Installer Documentation also provides additional information about the parameters supported by the Windows Installer.

Administrative Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Visio 2002:

Date Time Version Size File name
----------------------------------------------------------
02-Mar-2004 21:19 5.1.3102.1360 1,638,400 Gdiplus.dll
07-May-2004 21:56 10.0.6714.0 9,796,288 Mso.dll

Verifying Update Installation

• Microsoft Baseline Security Analyzer

  To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

• File Version Verification

  Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.
  4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

     Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

  5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

     Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

Important: Before you install this update, make sure that the following requirements have been met:

• Microsoft Windows Installer 2.0 must be installed. Microsoft Windows Server 2003, Windows XP and Microsoft Windows 2000 Service Pack 3 (SP3) include Windows Installer 2.0 or later. To install the latest version of the Windows Installer, visit one of the following Microsoft Web sites:

  Windows Installer 2.0 for Windows 95, Windows 98, and Windows Millennium Edition

  Windows Installer 2.0 for Windows 2000 and Windows NT 4.0

For additional information about how to determine the version of Office 2003 on your computer, see Microsoft Knowledge Base Article 821549.

Note The administrative version of this update includes the necessary files to support installation on localized versions of the affected product, although the security update installation user interface will be in English.

Inclusion in Future Service Packs:

The fix for this issue is included in Microsoft Office 2003 Service Pack 1.

Restart Requirement

No restart is required.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove the application, and then install it again from the original CD-ROM.

Office Update Web Site

Microsoft recommends that you install the Microsoft Office 2003 Service Pack 1 update by using the Office Update Web site. The Office Update Web site detects your particular installation and prompts you to install exactly what you must have to make sure that your installation is completely up-to-date.

To have the Office Update Web site detect the required updates that you must install on your computer, visit the Office Update Web site, and then click Check for Updates. After detection is complete, you will receive a list of recommended updates for your approval. Click Start Installation to complete the process.

For detailed information about how to manually install this update please review the following section.

Installation Information

The security update supports the following Setup switches:

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/Q:U Specifies user-quiet mode, which presents some dialog boxes to the user.

/Q:A Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

/R:N Never restarts the computer after installation.

/R:I Prompts the user to restart the computer if a restart is required, except when used with /Q:A.

/R:A Always restarts the computer after installation.

/R:S Restarts the computer after installation without prompting the user.

/N:V No version checking - Install the program over any previous version.

Note These switches do not necessarily work with all updates. If a switch is not available, then that functionality is necessary for the correct installation of the update. Also, the use of the /N:V switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it failed to install.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Client Deployment Information

1. Download the client version of this security update.
2. Click Save this program to disk, and then click OK.
3. Click Save.
4. Using Windows Explorer, find the folder that contains the saved file, and then double-click the saved file.
5. If you are prompted to install the update, click Yes.
6. Click Yes to accept the License Agreement.
7. Insert your original source CD-ROM when you are prompted to do so, and then click OK.
8. When you receive a message that indicates the installation was successful, click OK.

Note If the security update is already installed on your computer, you receive the following error message: This update has already been applied or is included in an update that has already been applied.

Client Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Office 2003:

Date Time Version Size Filename
--------------------------------------------------------
28-Feb-2004 19:16 6.0.3264.0 1,773,568 gdiplus.dll

Verifying Update Installation

• Microsoft Baseline Security Analyzer

  To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

• File Version Verification

  Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.
  4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

     Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

  5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

     Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

If you installed your application from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.

Installation Information

The following setup switches are relevant to administrative installations as they allow an administrator to customize the manner in which the files are extracted from within the security update:

/? Displays the command line options

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Administrative Deployment Information

To update your administrative installation please perform the following procedure:

1. Download the administrative version of this security update.
2. Click Save this program to disk, and then click OK.
3. Click Save.
4. Using Windows Explorer, find the folder that contains the saved file, and then double-click the saved file.
5. If you are prompted to install the update, click Yes.
6. Click Yes to accept the License Agreement.
7. In the Type the location where you want to place the extracted files box, type c:\adminUpdate, and then click OK.
8. Click Yes when you are prompted to create the folder.
9. If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box

   msiexec /a Admin Path\MSI File /p C:\adminUpdate\MSP File SHORTFILENAMES=TRUE

   Where Admin Path is the path of your administrative installation point for your application (for example, C:\Office2003), MSI File is the .msi database package for the application (for example, Data1.msi), and MSP File is the name of the administrative update (for example, SHAREDff.msp).

   Note You can append /qb+ to the command line so that the Administrative Installation dialog box and the End User License Agreement dialog box do not appear.

10. Click Next in the provided dialog box. Do not change your CD Key, installation location, or company name in the provided dialog box.
11. Click I accept the terms in the License Agreement, and then click Install.

At this point, your administrative installation point is updated. Next, you must update the workstations that were originally installed from this administrative installation. To do this, please review the Workstation Deployment section. Any new installations that you run from this administrative installation point will include the update.

Warning Any workstation that was originally installed from this administrative installation before you installed the update cannot use this administrative installation for actions like repairing Office or adding new features until you complete the steps in the Workstation Deployment section for this workstation.

Workstation Deployment Information

To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box:

msiexec /i Admin Path\MSI File /qb REINSTALL=Feature List REINSTALLMODE=vomu /qb

where Admin Path is the path of your administrative installation point for your application (for example, C:\Office2003), MSI File is the MSI database package for the application (for example, Data1.msi), and Feature List is the list of feature names (case sensitive) that have to be reinstalled for the update. To install all features, you can use REINSTALL=ALL.

Note Additional instructions are provided in Microsoft Knowledge Base Article 838905. The Windows Installer Documentation also provides additional information about the parameters supported by the Windows Installer.

Administrative Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Office 2003:

Date Time Version Size Filename
--------------------------------------------------------
28-Feb-2004 19:16 6.0.3264.0 1,773,568 gdiplus.dll

Verifying Update Installation

• Microsoft Baseline Security Analyzer

  To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

• File Version Verification

  Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.
  4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

     Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

  5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

     Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

Important: Before you install this update, make sure that the following requirements have been met:

• Microsoft Windows Installer 2.0 must be installed. Microsoft Windows Server 2003, Windows XP and Microsoft Windows 2000 Service Pack 3 (SP3) include Windows Installer 2.0 or later. To install the latest version of the Windows Installer, visit one of the following Microsoft Web sites:

  Windows Installer 2.0 for Windows 95, Windows 98, and Windows Millennium

  Windows Installer 2.0 for Windows 2000 and Windows NT 4.0

• Microsoft Project Standard 2003 or Microsoft Project Professional 2003 must be installed.

Note The administrative version of this update includes the necessary files to support installation on localized versions of the affected product, although the security update installation user interface will be in English.

Inclusion in Future Service Packs:

The fix for this issue is included in Microsoft Project 2003 Service Pack 1.

Restart Requirement

No restart is required.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove the application, and then install it again from the original CD-ROM.

Office Update Web Site

Microsoft recommends that you install the Microsoft Project 2003 Service Pack 1 update by using the Office Update Web site. The Office Update Web site detects your particular installation and prompts you to install exactly what you must have to make sure that your installation is completely up-to-date.

To have the Office Update Web site detect the required updates that you must install on your computer, visit the Office Update Web site, and then click Check for Updates. After detection is complete, you will receive a list of recommended updates for your approval. Click Start Installation to complete the process.

For detailed information about how to manually install this update please review the following section.

Installation Information

The security update supports the following Setup switches:

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/Q:U Specifies user-quiet mode, which presents some dialog boxes to the user.

/Q:A Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

/R:N Never restarts the computer after installation.

/R:I Prompts the user to restart the computer if a restart is required, except when used with /Q:A.

/R:A Always restarts the computer after installation.

/R:S Restarts the computer after installation without prompting the user.

/N:V No version checking - Install the program over any previous version.

Note These switches do not necessarily work with all updates. If a switch is not available, then that functionality is necessary for the correct installation of the update. Also, the use of the /N:V switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it failed to install.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Client Deployment Information

1. Download the update.
2. Click Save this program to disk, and then click OK.
3. Click Save.
4. Using Windows Explorer, find the folder that contains the saved file, and then double-click the saved file.
5. If you are prompted to install the update, click Yes.
6. Click Yes to accept the License Agreement.
7. Insert your original source CD-ROM when you are prompted to do so, and then click OK.
8. When you receive a message that indicates the installation was successful, click OK.

Note If the security update is already installed on your computer, you receive the following error message: This update has already been applied or is included in an update that has already been applied.

Client Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table.

Project 2003:

Date Time Version Size Filename
--------------------------------------------------------
28-Feb-2004 19:16 6.0.3264.0 1,773,568 gdiplus.dll

Verifying Update Installation

• Microsoft Baseline Security Analyzer

  To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

• File Version Verification

  Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.
  4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

     Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

  5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

     Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

If you installed your application from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.

Installation Information

The following setup switches are relevant to administrative installations as they allow an administrator to customize the manner in which the files are extracted from within the security update:

/? Displays the command line options

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Administrative Deployment Information

To update your administrative installation please perform the following procedure:

1. In Windows Explorer, create a new folder on the C drive, and then name it KB838344.
2. Download the update.
3. Click Save this program to disk to save the Project2003-kb838344-fullfile-enu.exe file to the C:\KB838344 folder.
4. Click Start, click Run, type cmd in the Open box, and then click OK. (When using Windows 98, Windows 98 SE, or Windows Millennium Edition replace cmd with command.com.)
5. At the command prompt, type the following lines, and then press ENTER after each line:

   cd\kb838344

   Project2003-kb838344-FullFile-ENU.exe /c /t:c:\kb838344

6. Click Yes to accept the License Agreement.
7. At the command prompt, type the following line, and then press ENTER:

   exit

8. If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box

   msiexec /a Admin Path\MSI File /p C:\kb838344\MSP File SHORTFILENAMES=TRUE

   Where Admin Path is the path of your administrative installation point for your application (for example, C:\Project), MSI File is the .msi database package for the application (for example, Prjproe.msi), and MSP File is the name of the administrative update (for example, MSO.MSP).

   Note You can append /qb+ to the command line so that the Administrative Installation dialog box and the End User License Agreement dialog box do not appear.

9. Click Next in the provided dialog box. Do not change your CD Key, installation location, or company name in the provided dialog box.
10. Click I accept the terms in the License Agreement, and then click Install.

At this point, your administrative installation point is updated. Next, you must update the workstations that were originally installed from this administrative installation. To do this, please review the Workstation Deployment section. Any new installations that you run from this administrative installation point will include the update.

WARNING: Any workstation that was originally installed from this administrative installation before you installed the update cannot use this administrative installation for actions like repairing Office or adding new features until you complete the steps in the Workstation Deployment section for this workstation.

Workstation Deployment Information

To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box:

msiexec /i Admin Path\MSI File /qb REINSTALL=Feature List REINSTALLMODE=vomu

where Admin Path is the path of your administrative installation point for your application (for example, C:\Project), MSI File is the MSI database package for the application (for example, Prjproe.msi), and Feature List is the list of feature names (case sensitive) that have to be reinstalled for the update. To install all features, you can use REINSTALL=ALL.

Note Additional instructions are provided in Microsoft Knowledge Base Article 838344. The Windows Installer Documentation also provides additional information about the parameters supported by the Windows Installer.

Administrative Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table.

Project 2003:

Date Time Version Size Filename
--------------------------------------------------------
28-Feb-2004 19:16 6.0.3264.0 1,773,568 gdiplus.dll

Verifying Update Installation

• Microsoft Baseline Security Analyzer

  To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

• File Version Verification

  Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.
  4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

     Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

  5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

     Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

Important: Before you install this update, make sure that the following requirements have been met:

• Microsoft Windows Installer 2.0 must be installed. Microsoft Windows Server 2003, Windows XP and Microsoft Windows 2000 Service Pack 3 (SP3) include Windows Installer 2.0 or later. To install the latest version of the Windows Installer, visit one of the following Microsoft Web sites:

  Windows Installer 2.0 for Windows 95, Windows 98, and Windows Millennium

  Windows Installer 2.0 for Windows 2000 and Windows NT 4.0

• Microsoft Visio 2003 Standard or Microsoft Visio 2003 Professional must be installed.

Note The administrative version of this update includes the necessary files to support installation on localized versions of the affected product, although the security update installation user interface will be in English.

Inclusion in Future Service Packs:

The fix for this issue will is included in Microsoft Visio 2003 Service Pack 1.

Restart Requirement

No restart is required.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove the application, and then install it again from the original CD-ROM.

Office Update Web Site

Microsoft recommends that you install the Microsoft Visio 2003 Service Pack 1 update by using the Office Update Web site. The Office Update Web site detects your particular installation and prompts you to install exactly what you must have to make sure that your installation is completely up-to-date.

To have the Office Update Web site detect the required updates that you must install on your computer, visit the Office Update Web site, and then click Check for Updates. After detection is complete, you will receive a list of recommended updates for your approval. Click Start Installation to complete the process.

For detailed information about how to manually install this update please review the following section.

Installation Information

The security update supports the following Setup switches:

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/Q:U Specifies user-quiet mode, which presents some dialog boxes to the user.

/Q:A Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

/R:N Never restarts the computer after installation.

/R:I Prompts the user to restart the computer if a restart is required, except when used with /Q:A.

/R:A Always restarts the computer after installation.

/R:S Restarts the computer after installation without prompting the user.

/N:V No version checking - Install the program over any previous version.

Note These switches do not necessarily work with all updates. If a switch is not available, then that functionality is necessary for the correct installation of the update. Also, the use of the /N:V switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it failed to install.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Client Deployment Information

1. Download the update.
2. Click Save this program to disk, and then click OK.
3. Click Save.
4. Using Windows Explorer, find the folder that contains the saved file, and then double-click the saved file.
5. If you are prompted to install the update, click Yes.
6. Click Yes to accept the License Agreement.
7. Insert your original source CD-ROM when you are prompted to do so, and then click OK.
8. When you receive a message that indicates the installation was successful, click OK.

Note If the security update is already installed on your computer, you receive the following error message: This update has already been applied or is included in an update that has already been applied.

Client Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Visio 2003:

Date Time Version Size Filename
--------------------------------------------------------
28-Feb-2004 19:16 6.0.3264.0 1,773,568 gdiplus.dll

Verifying Update Installation

• Microsoft Baseline Security Analyzer

  To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

• File Version Verification

  Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.
  4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

     Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

  5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

     Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

If you installed your application from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.

Installation Information

The following setup switches are relevant to administrative installations as they allow an administrator to customize the manner in which the files are extracted from within the security update:

/? Displays the command line options

/Q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/T: <full path> Specifies the target folder for extracting files.

/C Extracts the files without installing them. If /T: path is not specified, you are prompted for a target folder.

/C: <Cmd> Override Install Command defined by author. Specifies the path and name of the Setup .inf or .exe file.

For additional information about the supported setup switches, see Microsoft Knowledge Base Article 197147.

Administrative Deployment Information

To update your administrative installation please perform the following procedure:

1. In Windows Explorer, create a new folder on the C drive, and then name it KB838345.
2. Download the update2
3. Click Save this program to disk to save the Visio2003-KB838345-FullFile-ENU.exe file to the C:\KB838345 folder.
4. Click Start, click Run, type cmd in the Open box, and then click OK. (When using Windows 98, Windows 98 SE, or Windows Millennium Edition replace cmd with command.com.)
5. At the command prompt, type the following lines, and then press ENTER after each line:

   cd\kb838345

   Visio2003-KB838345-FullFile-ENU.exe /c /t:c:\kb838345

6. Click Yes to accept the License Agreement.
7. At the command prompt, type the following line, and then press ENTER:

   exit

8. If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box

   msiexec /a Admin Path\MSI File /p C:\kb838345\Visio2003-KB838345-FullFile.MSP SHORTFILENAMES=TRUE

   Where Admin Path is the path of your administrative installation point for your application (for example, C:\Visio), MSI File is the .msi database package for the application (for example, Visio.msi), and MSP File is the name of the administrative update (for example, Visio2003-KB838345-FullFile.MSP).

   Note You can append /qb+ to the command line so that the Administrative Installation dialog box and the End User License Agreement dialog box do not appear.

9. Click Next in the provided dialog box. Do not change your CD Key, installation location, or company name in the provided dialog box.
10. Click I accept the terms in the License Agreement, and then click Install.

At this point, your administrative installation point is updated. Next, you must update the workstations that were originally installed from this administrative installation. To do this, please review the Workstation Deployment section. Any new installations that you run from this administrative installation point will include the update.

Warning Any workstation that was originally installed from this administrative installation before you installed the update cannot use this administrative installation for actions like repairing Office or adding new features until you complete the steps in the Workstation Deployment section for this workstation.

Workstation Deployment Information

To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box:

msiexec /i Admin Path\MSI File /qb REINSTALL=Feature List REINSTALLMODE=vomu

where Admin Path is the path of your administrative installation point for your application (for example, C:\Visio), MSI File is the MSI database package for the application (for example, Visio.msi), and Feature List is the list of feature names (case sensitive) that have to be reinstalled for the update. To install all features, you can use REINSTALL=ALL.

Note Additional instructions are provided in Microsoft Knowledge Base Article 838345. The Windows Installer Documentation also provides additional information about the parameters supported by the Windows Installer.

Administrative Installation File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Visio 2003:

Date Time Version Size Filename
--------------------------------------------------------
28-Feb-2004 19:16 6.0.3264.0 1,773,568 gdiplus.dll

Verifying Update Installation

• Microsoft Baseline Security Analyzer

  To verify that a security update is installed on an affected system you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool, which allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the Microsoft Baseline Security Analyzer Web site.

• File Version Verification

  Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.
  4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

     Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

  5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

     Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

Prerequisites
This security update requires a released version of the Microsoft .NET Framework or the Microsoft .NET Framework version 1.0 SDK.

This update is required on the following versions of Windows:

• Microsoft Windows 98
• Microsoft Windows 98 Second Edition
• Microsoft Windows Millennium Edition
• Microsoft Windows NT Server 4.0 Service Pack 6a
• Microsoft Windows NT Server 4.0 Terminal Server Edition, Service Pack 6
• Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

Note This update is not required if you are using these programs on Windows XP or Windows Sever 2003. When these programs are installed on Windows XP or Windows Server 2003 they use the operating system version of the vulnerable component. If you are using these programs on Windows XP or Windows Server 2003 make sure that you install the operating system version of the security update. If you are using these programs on other operating systems make sure that you install the update for this program.

Inclusion in Future Service Packs:
The update for this issue is included in The Microsoft .NET Framework version 1.0 Service Pack 3.

Installation Information

This security update supports the following setup switches:

/? Show this information

/I Install (default action)

/u Uninstall (if installed)

/q Quiet mode

/l:logfile Generate log file

/ld Log package details

/lp Log affected products

/lf Log included files

/xp[:path] Extract MSP

Deployment Information

To install the security update without any user intervention, use the following command at a command prompt:

NDP1.0sp3-KB867461-X86-Enu.exe

For more information about how to deploy this security update with Software Update Services, visit the Software Update Services Web site.

Restart Requirement

This security update does not require a restart.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove the application, and then install it again.

File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

The Microsoft .NET Framework version 1.0 Service Pack 2 and the Microsoft .NET Framework version 1.0 SDK Service Pack 2:

Date Time Version Size File name
-------------------------------------------------------------
Updated installed file for verification:
04-May-2004 11:53 5.1.3102.1360 1,645,320 gdiplus.dll

Verifying Update Installation

• File Version Verification

  Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.
  4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

     Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

  5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

     Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

• Registry Key Verification

  You may also be able to verify the files that this security update has installed by reviewing the following registry keys:

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\.NETFramework\1.0\S867461

Prerequisites
This security update requires the Microsoft .NET Framework version 1.0 Service Pack 2 or the Microsoft .NET Framework 1.0 SDK Service Pack 2. This security update will not install and is not required on systems that already have installed The Microsoft .NET Framework version 1.0 Service Pack 3.

This update is required on the following versions of Windows:

• Microsoft Windows 98
• Microsoft Windows 98 Second Edition
• Microsoft Windows Millennium Edition
• Microsoft Windows NT Server 4.0 Service Pack 6a
• Microsoft Windows NT Server 4.0 Terminal Server Edition, Service Pack 6
• Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

Note This update is not required if you are using these programs on Windows XP or Windows Sever 2003. When these programs are installed on Windows XP or Windows Server 2003 they use the operating system version of the vulnerable component. If you are using these programs on Windows XP or Windows Server 2003 make sure that you install the operating system version of the security update. If you are using these programs on other operating systems make sure that you install the update for this program. Also, this security update is not necessary if you have already installed the Microsoft .NET Framework version 1.0 Service Pack 3.

Inclusion in Future Service Packs:
The update for this issue is included in The Microsoft .NET Framework version 1.0 Service Pack 3.

Installation Information

This security update supports the following setup switches:

/? Show this information

/I Install (default action)

/q Quiet mode

/l:logfile Generate log file

/ld Log package details

/lp Log affected products

/lf Log included files

/xp[:path] Extract MSP

Deployment Information

To install the security update without any user intervention, use the following command at a command prompt:

NDP1.0sp2-KB830348-X86-Enu.exe /q

Restart Requirement

This security update does not require a restart.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove the application, and then install it again.

File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

The Microsoft .NET Framework version 1.0 Service Pack 2 and the Microsoft .NET Framework version 1.0 SDK Service Pack 2:

Date Time Version Size File name
------------------------------------------------------------
04-May-2004 18:53 5.1.3102.1360 1,645,320 gdiplus.dll

Verifying Update Installation

• File Version Verification

  Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.
  4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.
  5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

     Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

• Registry Key Verification

  You may also be able to verify the files that this security update has installed by reviewing the following registry keys. The registry key is different for each language:

  ENU: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{752FCCBC-8F52-415A-95DE-A4209712935E}

  • ESN: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6F9E6C5C-1B99-470A-9B31-8040DD9465B2}
  • ITA: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{941D3326-4694-4509-AA11-89FDC9A5FD2A}
  • CHS: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48C0C360-F79D-4CC6-BE45-F6B9FC96765E}
  • CHT: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B79B6035-CD85-4FA7-B3F0-A60D178FFD09}
  • DEU: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{088368DE-42AB-4CFC-B096-484CF2886084}
  • FRA: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8E8C1A84-DB41-444C-BA4B-B45B73EED4DB}
  • JPN: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{147CFA12-C64E-41A8-93F6-AC3DE076C9BC}
  • KOR: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1FC6CE15-DE07-4C91-AFF8-D8249D46684A}

Prerequisites
This security update requires the released version of The Microsoft .NET Framework version 1.1.

This update is required on the following versions of Windows:

• Microsoft Windows 98
• Microsoft Windows 98 Second Edition
• Microsoft Windows Millennium Edition
• Microsoft Windows NT Server 4.0 Service Pack 6a
• Microsoft Windows NT Server 4.0 Terminal Server Edition, Service Pack 6
• Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

Note This update is not required if you are using this program on Windows XP or Windows Sever 2003. When this program is installed on Windows XP or Windows Server 2003 it uses the operating system version of the vulnerable component. If you are using this program on Windows XP, Windows XP Service Pack 1, or Windows Server 2003 make sure that you install the operating system version of the security update. If you are using this program on other operating systems make sure that you install the update for this program.

Inclusion in Future Service Packs:
The update for this issue is included in The .Microsoft NET Framework version 1.1 Service Pack 1.

Installation Information

This security update supports the following setup switches:

/? Show this information

/I Install (default action)

/u Uninstall (if installed)

/q Quiet mode

/l:logfile Generate log file

/ld Log package details

/lp Log affected products

/lf Log included files

/xp[:path] Extract MSP

Deployment Information

To install the security update without any user intervention, use the following command at a command prompt:

NDP1.1sp1-KB867460-X86.exe /q

For more information about how to deploy this security update with Software Update Services, visit the Software Update Services Web site.

Restart Requirement

This security update does not require a restart.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove the application, and then install it again.

File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

The Microsoft .NET Framework version 1.1

Date Time Version Size File name
-------------------------------------------------------------
Updated installed file for verification:
04-May-2004 11:53 5.1.3102.1360 1,645,320 gdiplus.dll

Verifying Update Installation

• File Version Verification

  Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.
  4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.

     Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.

  5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

     Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

• Registry Key Verification

  You may also be able to verify the files that this security update has installed by reviewing the following registry key:

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\.NETFramework\1.1\S867460

Prerequisites
This security update requires the released version of The Microsoft .NET Framework version 1.1. This security update will not install and is not required on systems that already have installed the Microsoft .NET Framework version 1.1 Service Pack 1.

This update is required on the following versions of Windows:

• Microsoft Windows 98
• Microsoft Windows 98 Second Edition
• Microsoft Windows Millennium Edition
• Microsoft Windows NT Server 4.0 Service Pack 6a
• Microsoft Windows NT Server 4.0 Terminal Server Edition, Service Pack 6
• Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

Note This update is not required if you are using this program on Windows XP or Windows Sever 2003. When this program is installed on Windows XP or Windows Server 2003 it uses the operating system version of the vulnerable component. If you are using this program on Windows XP, Windows XP Service Pack 1, or Windows Server 2003 make sure that you install the operating system version of the security update. If you are using this program on other operating systems make sure that you install the update for this program. Also, this security update is not necessary if you have already installed the Microsoft .NET Framework version 1.1 Service Pack 1.

Inclusion in Future Service Packs:
The update for this issue is included in the .Microsoft NET Framework version 1.1 Service Pack 1.

Installation Information

This security update supports the following setup switches:

/? Show this information

/I Install (default action)

/q Quiet mode

/l:logfile Generate log file

/ld Log package details

/lp Log affected products

/lf Log included files

/xp[:path] Extract MSP

Deployment Information

To install the security update without any user intervention, use the following command at a command prompt:

NDP1.1-KB830348-X86.exe /q

Restart Requirement

This security update does not require a restart.

Removal Information

After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove the application, and then install it again.

File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

The Microsoft .NET Framework version 1.1

Date Time Version Size File name
------------------------------------------------------------
12-Oct-2004 15:57 5.1.3102.1360 1,645,320 gdiplus.dll

Verifying Update Installation

• File Version Verification

  Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.
  4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.
  5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.

     Note Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

• Registry Key Verification

  You may also be able to verify the files that this security update has installed by reviewing the following registry key:

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{738B5D5A-253B-4F2D-BA88-E81508DE71E3}