Microsoft Security Bulletin MS07-005 - Important

Published: February 13, 2007 | Updated: November 25, 2008

Version: 2.0

Who Should Read this Document: Customers who use Microsoft Windows and have Step-by-Step Interactive Training installed

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Important

Recommendation: Customers should apply the update at the earliest opportunity

Security Update Replacement: This bulletin replaces a prior security update. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

Caveats: None

Tested Software and Security Update Download Locations:

Affected Software:

• Step-by-Step Interactive Training when installed on Microsoft Windows 2000 Service Pack 4 — Download the update
• Step-by-Step Interactive Training when installed on Microsoft Windows XP Service Pack 2 and Microsoft Windows XP Service Pack 3 — Download the update
• Step-by-Step Interactive Training when installed on Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2— Download the update
• Step-by-Step Interactive Training when installed on Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 Service Pack 2 — Download the update
• Step-by-Step Interactive Training when installed on Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems — Download the update
• Step-by-Step Interactive Training when installed on Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2 — Download the update

The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site.

Note The Step-by-Step Interactive Training software is included with many Microsoft Press titles. Use the information in the section, “Frequently Asked Questions (FAQ) Related to This Security Update”, to help determine whether you require this security update.

Executive Summary:

This update resolves a newly discovered, privately reported vulnerability. The Step-by-Step Interactive Training has a remote code execution vulnerability that could allow an attacker to take complete control of an affected system. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.

If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

We recommend that customers apply the update at the earliest opportunity.

Severity Ratings and Vulnerability Identifiers:

This assessment is based on the types of systems that are affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them.

Note The security updates for Windows Server 2003, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition, and Windows Server 2003 x64 Edition Service Pack 2 also apply to Windows Server 2003 R2.

Note The severity ratings for non-x86 operating system versions map to the x86 operating systems versions as follows:

• The Windows XP Professional x64 Edition severity rating is the same as the Windows XP Service Pack 2 and Microsoft Windows XP Service Pack 3 severity rating.
• The Windows Server 2003 for Itanium-based Systems severity rating is the same as the Windows Server 2003 severity rating.
• The Windows Server 2003 with SP1 for Itanium-based Systems severity rating is the same as the Windows Server 2003 Service Pack 1 severity rating.
• The Windows Server 2003 with SP2 for Itanium-based Systems severity rating is the same as the Windows Server 2003 Service Pack 2 severity rating.
• The Windows Server 2003 x64 Edition severity rating is the same as the Windows Server 2003 Service Pack 1 severity rating.
• The Windows Server 2003 x64 Edition Service Pack 2 severity rating is the same as the Windows Server 2003 Service Pack 2 severity rating.

What updates does this release replace?
This security update replaces a prior security update. The security bulletin ID and affected operating systems are listed in the following table.

Does this update contain any changes to functionality?
Yes. This update also includes the change in functionality introduced in Microsoft Security Bulletin MS05-031. Bookmark links created by the Step-by-Step Interactive Training software before the installation of this security update may no longer function correctly. These bookmark links may have to be recreated to function correctly. In addition, bookmark files can now only be opened from within the Step-by-Step Interactive Training user interface.

Will this security update be offered through Windows Update and Automatic Update?
Yes. The Step-by-Step Interactive Training software is preinstalled by many computer manufacturers. The Step-by-Step Interactive Training software is also offered as part of hundreds of Microsoft Press titles. Because of the wide distribution of this software, we have decided to offer this security update on Windows Update to systems that have this software installed. This software is covered as part of the operating system license on systems where the software is preinstalled. If this software is not installed, this security update will not be offered and is not required on those systems. This software will be offered on Windows 2000, Windows XP, and Windows Server 2003 operating systems where required.

Note: A non-localized version of the security update may be offered through Windows Update when a localized version of the affected software is installed on a version of the operating system that contains a different localization. For example, customers using a Norwegian version of the operating system that are using the French version of the affected application will be offered the English version of the security update through Windows Update. Customers that require the French version of the affected application should download the French version of the security update using the download links provided in this security bulletin. If the security update is already installed, it will not be offered by Windows Update. No matter which language combination of the affected software you have installed, a security update will be offered to help protect against this vulnerability.

Does Step-By-Step Interactive Training ship as part of Windows?
No, Step-By-Step Interactive Training is not installed on Windows by default. Customers may have Step-By-Step Interactive Training preinstalled by computer OEM manufacturers or by installing Step-By-Step Interactive Training included with Microsoft Press titles.

Can I use the Microsoft Baseline Security Analyzer (MBSA) to determine whether this update is required?
The following table provides the MBSA detection summary for this security update.

For more information about MBSA, visit the MBSA Web site. For more information about the programs that Microsoft Update and MBSA 2.0 currently do not detect, see Microsoft Knowledge Base Article 895660.

For more detailed information, see Microsoft Knowledge Base Article 910723.

What is the Enterprise Update Scan Tool (EST)?
As part of an ongoing commitment to provide detection tools for bulletin-class security updates, Microsoft delivers a stand-alone detection tool whenever the Microsoft Baseline Security Analyzer (MBSA) and the Office Detection Tool (ODT) cannot detect whether the update is required for an MSRC release cycle. This stand-alone tool is called the Enterprise Update Scan Tool (EST) and is designed for enterprise administrators. When a version of the Enterprise Update Scan Tool is created for a specific bulletin, customers can run the tool from a command-line interface (CLI) and view the results of the XML output file. To help customers better utilize the tool, detailed documentation will be provided with the tool. There is also a version of the tool that offers an integrated experience for SMS administrators.

Can I use a version of the Enterprise Update Scan Tool (EST) to determine whether this update is required?
Yes. Microsoft has created a version of EST that will determine if you have to apply this update. For download links and more information about the version of EST that is being released this month, see Microsoft Knowledge Base Article 894193. SMS customers should review the following FAQ, “Can I use Systems Management Server (SMS) to determine whether this update is required?" for more information about SMS and EST.

Can I use Systems Management Server (SMS) to determine whether this update is required?
The following table provides the SMS detection summary for this security update.

SMS 2.0 and SMS 2003 Software Update Services (SUS) Feature Pack can use MBSA 1.2.1 for detection and therefore have the same limitation that is listed earlier in this bulletin related to programs that MBSA 1.2.1 does not detect.

For SMS 2.0, the SMS SUS Feature Pack, which includes the Security Update Inventory Tool (SUIT), can be used by SMS to detect security updates. SMS SUIT uses the MBSA 1.2.1 engine for detection. For more information about SUIT, visit the following Microsoft Web site. For more information about the limitations of SUIT, see Microsoft Knowledge Base Article 306460. The SMS SUS Feature Pack also includes the Microsoft Office Inventory Tool to detect required updates for Microsoft Office applications.

For SMS 2003, the SMS 2003 Inventory Tool for Microsoft Updates (ITMU) can be used by SMS to detect security updates that are offered by Microsoft Update and that are supported by Windows Server Update Services. For more information about the SMS 2003 ITMU, visit the following Microsoft Web site. SMS 2003 can also use the Microsoft Office Inventory Tool to detect required updates for Microsoft Office applications.

For more information about SMS, visit the SMS Web site.

For more detailed information, see Microsoft Knowledge Base Article 910723.

How do I know if I have Step-by-Step Interactive Training installed on my system?
You can refer to the list of titles provided in Microsoft Knowledge Base Article 898458.You can also use the Add or Remove Programs tool in Control Panel to determine whether “Microsoft Press Interactive Training” and “Interactive Training” are included in the list of installed software. However, this is not a complete method of verification, because “Microsoft Interactive Training” does not create an Add or Remove Programs entry. “Microsoft Interactive Training” is based on the Orun32.exe file. Therefore, you must also manually determine whether the Orun32.exe file is present on your system. Customers can also manually search for all the affected files. If any one of these files is present, the system is likely to be vulnerable to this issue. The affected files are any versions of the following files earlier than the file versions that were released as part of this security update:

If I have none of the above referenced files on my system, am I vulnerable?
No. Only the files listed in the above table are affected by this vulnerability and require an update. Customers who do not have these files on their system are not affected and will not need this update.

Can I use SMS to determine if other programs are installed that have to be updated?
Yes. SMS can help detect if there are other programs installed that may have installed a version of the vulnerable component. SMS can search for the existence of the file Orun32.exe. Update all versions of Orun32.exe that are earlier than version 3.5.0.118. The registry key information available in this bulletin can also be used to write specific file/registry key collection queries in SMS to detect vulnerable systems.

A remote code execution vulnerability exists in Step-by-Step Interactive Training because of the way that Step-by-Step Interactive Training handles bookmark link files. An attacker could exploit the vulnerability by constructing a specially crafted bookmark link file that could potentially allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, user interaction is required to exploit this vulnerability.

• In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. Also, Web sites that accept or host user-provided content or advertisements, and compromised Web sites, may contain malicious content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail or Instant Messenger message that takes users to the attacker's Web site.
• An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• The vulnerability could not be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message or must click a link that is provided in an e-mail message.

Microsoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.

• Disable the handler for Step-by-Step Interactive Training bookmark link files by removing the related registry keys. Delete these keys to help reduce attacks. This workaround helps reduce attacks by preventing Step-by-Step Interactive Training from automatically opening the affected file types. The content can still be opened from within the Step-by-Step Interactive Training user interface. Important This bulletin contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, see Microsoft Knowledge Base Article 256986. Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

  1. Click Start, click Run, type regedt32, and then click OK.

  2. In Registry Editor, locate the following registry:

     HKEY_CLASSES_ROOT\.cbl (for “Microsoft Press Interactive Training”)HKEY_CLASSES_ROOT\.cbm (for “Interactive Training”)HKEY_CLASSES_ROOT\.cbo (for “Microsoft Interactive Training ”)

  3. For each subkey that is found, click the subkey, and then click DELETE.

  4. In the Confirm Key Delete dialog box, click OK.

  These actions can also be performed at a command prompt by using the following commands in the following order:

  reg.exe export HKCR\.cbl c:\cbl.regreg.exe delete HKCR\.cbl /freg.exe export HKCR\.cbm c:\cbm.regreg.exe delete HKCR\.cbm /freg.exe export HKCR\.cbo c:\cbo.regreg.exe delete HKCR\.cbo /f

  Impact of Workaround: Step-by-Step Interactive Training bookmark files can no longer be opened. The content can still be opened from within the Step-by-Step Interactive Training user interface.

• Do not open or save Step-by-Step Interactive Training bookmark link files (.cbo, .cbl, .cbm) that you receive from untrusted sources. This vulnerability could be exploited when a user opens a .cbo, .cbl, or .cbm file. Do not open files that use these file name extensions. This workaround does not cover other vectors of attack such as Web browsing.

• Remove Step-by-Step Interactive Training by using the Add or Remove Programs tool in Control Panel. To manually remove Step-by-Step Interactive Training from a system, follow these steps.

  1. Click Start, point to Settings, and then click Control Panel.
  2. Double-click Add or Remove Programs.
  3. In the Add or Remove Programs dialog box, click the name of the affected program and then click Remove.

  Note Affected versions are "Microsoft Press Interactive Training" and "Interactive Training." However, removing these programs may not be a complete workaround, because "Microsoft Interactive Training" does not create an Add or Remove Programs entry. "Microsoft Interactive Training" is based on the Orun32.exe file. Therefore, you must also manually verify that the Orun32.exe file is not present on your system.

• Follow the instructions to complete the removal.

  Impact of Workaround: After you remove the Step-by-Step Interactive Training application, any applications that depend on Step-by-Step Interactive Training will fail.

• Remove Step-by-Step Interactive Training. Removing Step-by-Step Interactive Training will help prevent attacks.To remove Step-by-Step Interactive Training, follow these steps:

  • Click Start, click Run, and type:

    %windir%\IsUninst.exe -x -y -a -f"%windir%\orun32.isu"

  Note You may have to replace "orun32.isu" with "mrun32.isu" or "lrun32.isu," depending on the version of Step-by-Step Interactive Training that is installed. If you have several of these versions installed, you must remove them all.

  Impact of Workaround: After you remove the Step-by-Step Interactive Training application, any applications that depend on Step-by-Step Interactive Training will fail.

• Delete or rename the Step-by-Step Interactive Training .ini program file. If Step-by-Step Interactive Training cannot be removed by using the methods that are documented in this section of the security bulletin, you may be able to help prevent attacks by deleting or renaming the physical file. Delete or rename the %windir%\Orun32.ini file.

  Note You may have to replace "Orun32.ini" with "Lrun32.ini” or “Mrun32.ini” depending on the version of Step-by-Step Interactive Training that is installed.

  Impact of Workaround: After you disable the Step-by-Step Interactive Training application, any applications that depend on Step-by-Step Interactive Training may fail.

What is the scope of the vulnerability?
This is a remote code execution vulnerability. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

What causes the vulnerability?
An unchecked buffer in the process that is used by Step-by-Step Interactive Training to validate bookmark link files.

What is a bookmark link file?
Bookmark link files are created by using the Step-by-Step Interactive Training user interface. These files allow a user the ability to quickly and easily link to a particular topic. Bookmark link files are text files that contain the information that is required by Step-by-Step Interactive Training to view a topic.

What is Step-by-Step Interactive Training?
Step-by-Step Interactive Training is used as the engine for hundreds of interactive training titles that are provided by Microsoft Press and other vendors. The list of known titles that contain this software is provided in Microsoft Knowledge Base Article 898458. For more information about other available Microsoft Press titles that may contain this software see the Microsoft Press Web site. This Web site will only document titles that may contain this software. Because of the nature of the distribution of this software by Microsoft, by our manufacturing partners, and by our publishing partners, there is no definitive list of all the titles that may have provided this software or of manufacturers that may have preinstalled this software. We recommend installing the available security update if you believe that this software may be installed on your system. You can also use the information provided in the "How do I know if I have Step-by-Step Interactive Training installed on my system?" frequently asked question to scan your enterprise for the affected files.

What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take complete control of the affected system.

Who could exploit the vulnerability?
An attacker that could construct a specially crafted file and then persuade a user to visit a malicious Web site that opened this file, or an attacker that could persuade a user to open a specially crafted attachment provided in an e-mail message, could try to exploit this vulnerability.

How could an attacker exploit the vulnerability?
An attacker could try to exploit the vulnerability by creating a specially crafted message and sending the message to an affected system. The message could then cause the affected system to execute code.

There are several additional ways that an attacker could try to exploit this vulnerability. However, user interaction is required to exploit this vulnerability in each of these ways. Some examples follow:

• An attacker could exploit the vulnerability by constructing a malicious Step-by-Step Interactive Training bookmark file (a .cbo, cbl, or .cbm file) and then persuade the user to open the file.
• An attacked could send a malicious file as an attachment to a user through e-mail and then convince a user to open the attachment.
• An attacker could host a malicious Web site that is designed to exploit this vulnerability through Internet Explorer and then persuade a user to view the Web site.
• In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker could also try to compromise a Web site to have it deliver a Web page that contains malicious content to try to exploit this vulnerability. An attacker would have no way to force users to visit a Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site or to a Web site that has been compromised by the attacker.

What systems are primarily at risk from the vulnerability?
Any operating system where Step-by-Step Interactive Training is installed is at risk from this vulnerability. Because this software is typically installed only on client systems, servers would typically not be at risk from the vulnerability.

What does the update do?
The update removes the vulnerability by modifying the way that Step-by-Step Interactive Training validates the contents of a bookmark file before Step-by-Step Interactive Training copies the content into the allocated buffer.

When this security bulletin was issued, had this vulnerability been publicly disclosed?
No. Microsoft received information about this vulnerability through responsible disclosure.

When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?
No. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.

Affected Software:

For information about the specific security update for your affected software, click the appropriate link:

Prerequisites You must have a version of Step-by-Step Interactive Training installed before you install this security update.

Installation Information

This security update supports the following setup switches.

Note You can combine these switches into one command. For backward compatibility, the security update also supports the setup switches that the earlier version of the Setup program uses. For more information about the supported installation switches, see Microsoft Knowledge Base Article 262841. For more information about the Update.exe installer, visit the Microsoft TechNet Web site. For more information about the terminology that appears in this bulletin, such as hotfix, see Microsoft Knowledge Base Article 824684.

Deployment Information

To install the security update without any user intervention, use the following command at a command prompt for Windows 2000 Service Pack 4:

StepByStepInteractiveTraining-kb923723-x86-enu /quiet

Note Use of the /quiet switch will suppress all messages. This includes suppressing failure messages. Administrators should use one of the supported methods to verify the installation was successful when they use the /quiet switch. Administrators should also review the KB923723.log file for any failure messages when they use this switch.

To install the security update without forcing the system to restart, use the following command at a command prompt for Windows 2000 Service Pack 4:

StepByStepInteractiveTraining-kb923723-x86-enu /norestart

For more information about how to deploy this security update with Software Update Services, visit the Software Update Services Web site. For more information about how to deploy this security update using Windows Server Update Services, visit the Windows Server Update Services Web site. This security update will also be available through the Microsoft Update Web site.

Restart Requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Removal Information

To remove this security update, use the Add or Remove Programs tool in Control Panel.

System administrators can also use the Spuninst.exe utility to remove this security update. The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB923723$\Spuninst folder.

File Information

The English version of this security update has the file attributes that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Step-by-Step Interactive Training:

Verifying that the Update Has Been Applied

• Microsoft Baseline Security Analyzer

  To verify that a security update has been applied to an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. See the frequently asked question, “Can I use the Microsoft Baseline Security Analyzer (MBSA) to determine whether this update is required?” in the section, Frequently Asked Questions (FAQ) Related to This Security Update, earlier in this bulletin.

• File Version Verification

  Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.
  4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.
     Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.
  5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.
     Note Attributes other than the file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying that the update has been applied. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

• Registry Key Verification

  You may also be able to verify the files that this security update has installed by reviewing the following registry key:

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\StepbyStepInteractiveTraining\KB923723\Filelist

  Note This registry key may not contain a complete list of installed files. Also, this registry key may not be created correctly when an administrator or an OEM integrates or slipstreams the 923723 security update into the Windows installation source files.

Prerequisites You must have a version of Step-by-Step Interactive Training installed before you install this security update.

Installation Information

This security update supports the following setup switches.

Note You can combine these switches into one command. For backward compatibility, the security update also supports the setup switches that the earlier version of the Setup program uses. For more information about the supported installation switches, see Microsoft Knowledge Base Article 262841. For more information about the Update.exe installer, visit the Microsoft TechNet Web site. For more information about the terminology that appears in this bulletin, such as hotfix, see Microsoft Knowledge Base Article 824684.

Deployment Information

To install the security update without any user intervention, use the following command at a command prompt for Windows XP Service Pack 2 and Microsoft Windows XP Service Pack 3:

StepByStepInteractiveTraining-kb923723-x86-enu /quiet

Note Use of the /quiet switch will suppress all messages. This includes suppressing failure messages. Administrators should use one of the supported methods to verify the installation was successful when they use the /quiet switch. Administrators should also review the KB923723.log file for any failure messages when they use this switch.

To install the security update without forcing the system to restart, use the following command at a command prompt for Windows XP Service Pack 2 and Microsoft Windows XP Service Pack 3:

StepByStepInteractiveTraining-kb923723-x86-enu /norestart

For more information about how to deploy this security update with Software Update Services, visit the Software Update Services Web site. For more information about how to deploy this security update using Windows Server Update Services, visit the Windows Server Update Services Web site. This security update will also be available through the Microsoft Update Web site.

Restart Requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Removal Information

To remove this security update, use the Add or Remove Programs tool in Control Panel.

System administrators can also use the Spuninst.exe utility to remove this security update. The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB923723$\Spuninst folder.

File Information

The English version of this security update has the file attributes that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Windows XP Home Edition Service Pack 2, Windows XP Home Edition Service Pack 3, Windows XP Professional Service Pack 2, Windows XP Professional Service Pack 3, Windows XP Tablet PC Edition 2005, and Windows XP Media Center Edition 2005:

Windows XP Professional x64:

Verifying that the Update Has Been Applied

• Microsoft Baseline Security Analyzer

  To verify that a security update has been applied to an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. See the frequently asked question, “Can I use the Microsoft Baseline Security Analyzer (MBSA) to determine whether this update is required?” in the section, Frequently Asked Questions (FAQ) Related to This Security Update, earlier in this bulletin.

• File Version Verification

  Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.
  4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.
     Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.
  5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.
     Note Attributes other than the file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying that the update has been applied. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

• Registry Key Verification

  You may also be able to verify the files that this security update has installed by reviewing the following registry key:

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\StepbyStepInteractiveTraining\KB923723\Filelist

  Note This registry key may not contain a complete list of installed files. Also, this registry key may not be created correctly when an administrator or an OEM integrates or slipstreams the 923723 security update into the Windows installation source files.

Prerequisites You must have a version of Step-by-Step Interactive Training installed before you install this security update.

Installation Information

This security update supports the following setup switches.

Note You can combine these switches into one command. For backward compatibility, the security update also supports the setup switches that the earlier version of the Setup program uses. For more information about the supported installation switches, see Microsoft Knowledge Base Article 262841. For more information about the Update.exe installer, visit the Microsoft TechNet Web site. For more information about the terminology that appears in this bulletin, such as hotfix, see Microsoft Knowledge Base Article 824684.

Deployment Information

To install the security update without any user intervention, use the following command at a command prompt for Windows Server 2003:

StepByStepInteractiveTraining-kb923723-x86-enu /quiet

Note Use of the /quiet switch will suppress all messages. This includes suppressing failure messages. Administrators should use one of the supported methods to verify the installation was successful when they use the /quiet switch. Administrators should also review the KB923723.log file for any failure messages when they use this switch.

To install the security update without forcing the system to restart, use the following command at a command prompt for Windows Server 2003:

StepByStepInteractiveTraining-kb923723-x86-enu /norestart

For more information about how to deploy this security update with Software Update Services, visit the Software Update Services Web site. For more information about how to deploy this security update using Windows Server Update Services, visit the Windows Server Update Services Web site. This security update will also be available through the Microsoft Update Web site.

Restart Requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart.

Removal Information

To remove this security update, use the Add or Remove Programs tool in Control Panel.

System administrators can also use the Spuninst.exe utility to remove this security update. The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB923723$\Spuninst folder.

File Information

The English version of this security update has the file attributes that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Windows Server 2003, Web Edition; Windows Server 2003, Standard Edition; Windows Server 2003, Datacenter Edition; Windows Server 2003, Enterprise Edition; Windows Small Business Server 2003; Windows Server 2003, Web Edition with SP1; Windows Server 2003, Standard Edition with SP1; Windows Server 2003, Enterprise Edition with SP1; Windows Server 2003, Datacenter Edition with SP1; Windows Server 2003, Web Edition with SP2; Windows Server 2003, Standard Edition with SP2; Windows Server 2003, Enterprise Edition with SP2; Windows Server 2003, Datacenter Edition with SP2; Windows Server 2003 R2, Web Edition; Windows Server 2003 R2, Standard Edition; Windows Server 2003 R2, Datacenter Edition; Windows Server 2003 R2, Enterprise Edition; and Windows Small Business Server 2003 R2:

Windows Server, 2003 Enterprise Edition for Itanium-based Systems; Windows Server 2003, Datacenter Edition for Itanium-based Systems; Windows Server 2003, Enterprise Edition with SP1 for Itanium-based Systems; Windows Server 2003, Datacenter Edition with SP1 for Itanium-based Systems; Windows Server 2003, Enterprise Edition with SP2 for Itanium-based Systems; and Windows Server 2003, Datacenter Edition with SP2 for Itanium-based Systems:

Windows Server 2003, Standard x64 Edition; Windows Server 2003, Enterprise x64 Edition; Windows Server 2003, Datacenter x64 Edition; Windows Server 2003, Standard x64 Edition Service Pack 2; Windows Server 2003, Enterprise x64 Edition Service Pack 2; Windows Server 2003, Datacenter x64 Edition Service Pack 2; Windows Server 2003 R2, Standard x64 Edition; Windows Server 2003 R2, Enterprise x64 Edition; and Windows Server 2003 R2, Datacenter x64 Edition:

Verifying that the Update Has Been Applied

• Microsoft Baseline Security Analyzer

  To verify that a security update has been applied to an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. See the frequently asked question, “Can I use the Microsoft Baseline Security Analyzer (MBSA) to determine whether this update is required?” in the section, Frequently Asked Questions (FAQ) Related to This Security Update, earlier in this bulletin.

• File Version Verification

  Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.
  4. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.
     Note Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.
  5. On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.
     Note Attributes other than the file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying that the update has been applied. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.

• Registry Key Verification

  You may also be able to verify the files that this security update has installed by reviewing the following registry key:

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\StepbyStepInteractiveTraining\KB923723\Filelist

  Note This registry key may not contain a complete list of installed files. Also, this registry key may not be created correctly when an administrator or an OEM integrates or slipstreams the 923723 security update into the Windows installation source files.

Acknowledgments

Microsoft thanks the following for working with us to help protect customers:

• Brett Moore of Security-Assessment.com for reporting the Interactive Training Vulnerability (CVE-2006-3448).

Obtaining Other Security Updates:

Updates for other security issues are available at the following locations:

• Security updates are available at the Microsoft Download Center. You can find them most easily by doing a keyword search for "security_patch."
• Updates for consumer platforms are available at the Microsoft Update Web site.

Support:

• Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.
• International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.

Security Resources:

• The Microsoft TechNet Security Web site provides additional information about security in Microsoft products.
• TechNet Update Management Center
• Microsoft Software Update Services
• Microsoft Windows Server Update Services
• Microsoft Baseline Security Analyzer (MBSA)
• Windows Update
• Microsoft Update
• Windows Update Catalog: For more information about the Windows Update Catalog, see Microsoft Knowledge Base Article 323166.
• Office Update

Software Update Services:

By using Microsoft Software Update Services (SUS), administrators can quickly and reliably deploy the latest critical updates and security updates to Windows 2000 and Windows Server 2003-based servers, and to desktop systems that are running Windows 2000 Professional or Windows XP Professional.

For more information about how to deploy security updates by using Software Update Services, visit the Software Update Services Web site.

Windows Server Update Services:

By using Windows Server Update Services (WSUS), administrators can quickly and reliably deploy the latest critical updates and security updates for Windows 2000 operating systems and later, Office XP and later, Exchange Server 2003, and SQL Server 2000 onto Windows 2000 and later operating systems.

For more information about how to deploy security updates using Windows Server Update Services, visit the Windows Server Update Services Web site.

Systems Management Server:

Microsoft Systems Management Server (SMS) delivers a highly configurable enterprise solution for managing updates. By using SMS, administrators can identify Windows-based systems that require security updates and can perform controlled deployment of these updates throughout the enterprise with minimal disruption to end users. For more information about how administrators can use SMS 2003 to deploy security updates, visit the SMS 2003 Security Patch Management Web site. SMS 2.0 users can also use Software Updates Service Feature Pack to help deploy security updates. For information about SMS, visit the SMS Web site.

Note SMS uses the Microsoft Baseline Security Analyzer, the Microsoft Office Detection Tool, and the Enterprise Update Scan Tool to provide broad support for security bulletin update detection and deployment. Some software updates may not be detected by these tools. Administrators can use the inventory capabilities of the SMS in these cases to target updates to specific systems. For more information about this procedure, visit the following Web site. Some security updates require administrative rights following a restart of the system. Administrators can use the Elevated Rights Deployment Tool (available in the SMS 2003 Administration Feature Pack and in the SMS 2.0 Administration Feature Pack) to install these updates.

Disclaimer:

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions:

• V1.0 (February 13, 2007): Bulletin published.
• V1.1 (May 8, 2007): Bulletin updated: added Windows Server 2003 Service Pack 2 as an Affected Product. Step-by-Step Interactive Training is not installed on Windows by default and therefore this security update should be applied to systems running Windows Server 2003 Service Pack 2.
• V2.0 (November 25, 2008): Bulletin updated: added Windows XP Service Pack 3 as an Affected Product. Step-by-Step Interactive Training is not installed on Windows by default and therefore this security update should be applied to systems running Windows XP Service Pack 3.

Built at 2014-04-18T13:49:36Z-07:00