Security Advisory
Microsoft Security Advisory 927891
Update for Windows Installer (MSI)
Published: May 22, 2007 | Updated: May 24, 2007
Today we are announcing the availability of an update that does not address a security vulnerability, but is a high priority for customers in keeping their systems updated. The update addresses the following issue:
Your system may appear to become unresponsive when Windows Update or Microsoft Update is scanning for updates that use Windows installer, and you may notice that the CPU usage for the svchost process is showing 100%.
When you try to install an update from Windows Update or from Microsoft Update, you experience the following symptoms:
- Your system may appear to become unresponsive when Windows Update or Microsoft Update is scanning for updates that use Windows Installer.
- You receive an access violation error in svchost.exe. This access violation stops the Server service and the Workstation service.
- A memory leak occurs when Windows Update or Microsoft Update is scanning for updates that use Windows Installer.
- Windows Update or Microsoft Update scans take a very long time, sometimes hours, to complete.
We encourage Windows customers to review and install this update. This update will be offered automatically through Automatic Updates. For more information about this issue, including download links for the available non-security update, please review Microsoft Knowledge Base Article 927891.
Please note that this update is the first part of a two-part update that is the comprehensive solution to the problem. In June, another update will involve the Windows Update client. The update for the Windows Update client will also be automatically offered through Automatic Updates.
General Information
Overview
Purpose of Advisory: To provide clarification and notification of the availability of the update to address this issue.
Advisory Status: Microsoft Knowledge Base Article and associated update were released.
Recommendation: Review the referenced Knowledge Base Article and apply the appropriate update.
| References | Identification |
|---|---|
| Microsoft Knowledge Base Article | 927891 |
This advisory discusses the following software.
| Related Software |
|---|
| Microsoft Windows 2000 Service Pack 4 |
| Microsoft Windows XP Service Pack 2 |
| Microsoft Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 |
| Microsoft Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 |
| Microsoft Windows Server 2003 x64 Edition Service Pack 1 and Windows Server 2003 x64 Edition Service Pack 2 |
Frequently Asked Questions
What is the scope of the advisory?
This advisory clarifies the Microsoft Knowledge Base Article and its associated update. The update does not correct a security vulnerability, but is instead an update for the error conditions that are described above. This update affects the software that is listed in the Overview section.
For more information, see Microsoft Knowledge Base Article 927891.
How do I know whether this issue affects me?
You may be affected by this issue if you observe the conditions, listed earlier, on your computer when trying to update by using Microsoft Update, Automatic Updates through the Internet or through Windows Server Update Services, Systems Management Server Inventory Tool for Microsoft Updates, or Windows Update.
Won’t this issue affect the installation of this update?
This update will install correctly even if the computer is already affected by this issue. However, you may be unable to install other updates until you install this update.
This is a security advisory about a non-security update. Isn’t that a contradiction?
Security advisories address security changes that may not require a security bulletin but may still affect customer’s overall security. Security advisories are a way for Microsoft to communicate security-related information to customers about issues that may not be classified as vulnerabilities and may not require a security bulletin, or about issues for which no security bulletin has been released. In this case, we are communicating the availability of an update that affects your ability to perform subsequent updates, including security updates. Therefore, this advisory does not address a specific security vulnerability; rather, it addresses your overall security.
Suggested Actions
Review the Microsoft Knowledge Base Article that is associated with this advisory
We encourage customers to install this update. Customers who are interested in learning more about this update should review Microsoft Knowledge Base Article 927891.
For more information about the terminology that appears in this advisory, such as update, see Microsoft Knowledge Base Article 824684.
Other Information
Resources:
- You can provide feedback by completing the form by visiting the following Web site.
- Customers in the United States and Canada can receive technical support from Microsoft Product Support Services. For more information about available support options, see the Microsoft Help and Support Web site.
- International customers can receive support from their local Microsoft subsidiaries. For more information about how to contact Microsoft for international support issues, visit the International Support Web site.
- The Microsoft TechNet Security Web site provides additional information about security in Microsoft products.
Disclaimer:
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Revisions:
- May 22, 2007: Advisory published.
- May 24, 2007: Advisory updated to change title from “Fix for Windows Installer (MSI)” to “Update for Windows Installer (MSI),” make minor edits, and remove unnecessary FAQ.
Built at 2014-04-18T13:49:36Z-07:00