Security Bulletin
Microsoft Security Bulletin MS03-051 - Critical
Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)
Published: November 11, 2003 | Updated: February 10, 2004
Version: 2.0
Issued: November 11, 2003
Updated: February 10, 2004
Version: 2.0
Summary
Who should read this document: Customers using Microsoft® FrontPage Server Extensions ®
Impact of vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should install the security update immediately
Security Update Replacement: This update replaces the security updates contained in the following bulletins: MS01-035 and MS02-053.
Caveats: None
Tested Software and Security Update Download Locations:
Affected Software:
- Microsoft Windows 2000 Service Pack 2, Service Pack 3
- Microsoft Windows XP, Microsoft Windows XP Service Pack 1
- Microsoft Windows XP 64-Bit Edition, Microsoft Windows XP 64-Bit Edition Service Pack 1
- Microsoft Office XP, Microsoft Office XP Service Pack 1, Service Pack 2
- Microsoft Office 2000 Server Extensions
Non Affected Software:
- Microsoft Windows Millennium Edition
- Microsoft Windows NT Workstation 4.0, Service Pack 6a
- Microsoft Windows NT Server 4.0, Service Pack 6a
- Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Server 2003 (Windows SharePoint Services)
- Microsoft Windows Server 2003 64-Bit Edition (Windows SharePoint Services)
- Microsoft Office System 2003
Tested Microsoft Windows and Office Components:
Affected Components:
- Microsoft FrontPage Server Extensions 2000 (For Windows NT4) and Microsoft Office 2000 Server Extensions (Shipped with Office 2000)- Download the update
- Microsoft FrontPage Server Extensions 2000 (Shipped with Windows 2000) - Download the update
- Microsoft FrontPage Server Extensions 2000 (Shipped with Windows XP) - Download the update
- Microsoft FrontPage Server Extensions 2000 64-bit (Shipped with Windows XP 64-bit) - Download the update
- Microsoft FrontPage Server Extensions 2002 - Download the update
- Microsoft SharePoint Team Services 2002 (Shipped with Office XP) - Download the update
(To determine what version of FrontPage Server Extension that is installed on your system please see "How can I determine what version of FrontPage Server Extensions I am running?" in the FAQ Section of this bulletin.)
The software listed above has been tested to determine if the versions are affected. Other versions are no longer supported, and may or may not be affected.
General Information
Technical Details
Technical description:
Subsequent to the release of this bulletin, it was determined that the vulnerability addressed also affects other versions of the affected products and components. Microsoft has updated the bulletin with additional information about Windows XP 64-Bit Edition and Office 2000 Server Extensions and also to direct users to an update for these additional affected platforms.
This bulletin addresses two new security vulnerabilities in Microsoft FrontPage Server Extensions, the most serious of which could enable an attacker to run arbitrary code on a user's system.
The first vulnerability exists because of a buffer overrun in the remote debug functionality of FrontPage Server Extensions**.** This functionality enables users to remotely connect to a server running FrontPage Server Extensions and remotely debug content using, for example, Visual Interdev. An attacker who successfully exploited this vulnerability could be able to run code with IWAM_machinename account privileges on an affected system, or could cause FrontPage Server Extensions to fail.
The second vulnerability is a Denial of Service vulnerability that exists in the SmartHTML interpreter. This functionality is made up of a variety of dynamic link library files, and exists to support certain types of dynamic web content. An attacker who successfully exploited this vulnerability could cause a server running Front Page Server Extensions to temporarily stop responding to requests.
Mitigating factors:
- Administrators that have installed the Front Page Server extensions included in Windows and then applied Windows 2000 Service Pack 4 are not affected by these vulnerabilities
- Windows XP does not have FrontPage Server Extensions installed by default
- Windows NT 4.0 does not have FrontPage Server Extensions installed by default unless you have applied Windows NT4.0 Option Pack
Severity Rating:
| Microsoft FrontPage Server Extensions 2000 (For Windows NT4) and Microsoft Office 2000 Server Extensions (Shipped with Office 2000) | Critical |
| Microsoft FrontPage Server Extensions 2000 (Shipped with Windows 2000) | Critical |
| Microsoft FrontPage Server Extensions 2000 (Shipped with Windows XP) | Moderate |
| Microsoft FrontPage Server Extensions 2000 64-bit (Shipped with Windows XP 64-bit) | Moderate |
| Microsoft FrontPage Server Extensions 2002 | Critical |
| Microsoft SharePoint Team Services 2002 (Shipped with Office XP) | Critical |
The above assessment is based on the types of systems affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them.
Vulnerability identifier for the Buffer Overrun vulnerability: CAN-2003-0822
Vulnerability identifier for SmartHTML interpreter vulnerability: CAN-2003-0824
Workarounds
Microsoft has tested the following workarounds that apply across all the vulnerabilities. These workarounds help block known attack vectors, however they will not correct the underlying vulnerabilities. Workarounds may reduce functionality in some cases; in such cases, the reduction in functionality is identified below.
FrontPage Server Extensions administrators can uninstall FrontPage Server Extensions in Add or Remove programs
- From the Start button, choose Control Panel.
- Select Add or Remove programs.
- Select Add/Remove Windows Components.
- Select "Internet Information Services (IIS)" and choose "Details...".
- Uncheck "FrontPage 2000 Server Extensions" and choose OK.
- Choose Next in the Windows Components Wizard and choose Finish.
Impact of workaround:
With FrontPage Server Extensions uninstalled or disabled webpage and server functionality relying on them will be unavailable or will not operate as expected.
Frequently Asked Questions
Why have you issued a version 2 of this bulletin?
Subsequent to the release of this bulletin, it was determined that the vulnerability addressed also affects other versions of the affected products and components. Microsoft has updated the bulletin with additional information about Windows XP 64-Bit Edition and Office 2000 Server Extensions and also to direct users to an update for these additional affected platforms.
I have been offered this update from Windows Update and I am running Windows XP, why am I being offered this update?
A change to the detection method that Windows Update uses to offer the update to customers was recently altered to provide it to customers who are not affected by this issue.
Have you re-released this patch?
No - A change in how Windows Update scans and offers this update was introduced on December 9th which prompted users who were not at risk to download it. There has been no change to the update, and customers who were vulnerable were offered the update when it was first released in November.
Are you changing Windows Update to correct the issue?
Yes - Microsoft is currently making a change to the Windows Update detection to correct this problem.
Do I need to install the patch if I have not already?
Microsoft recommends that customers install the update if prompted from Windows Update or Automatic Update. There are no known negative affects with installing this update if offered.
If I installed the update in November, do I need to install the patch again?
No - Customers who were at risk have been offered the update from Windows Update or the Microsoft Download Center since it was first released in November. The update is effective at addressing the issue and customers who have applied the update do not need to reapply it.
How can I determine what version of FrontPage Server Extensions I am running?
To determine the version of FrontPage Server Extensions that is installed on your computer, follow these steps.
Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
- Click Start, and then click Search.
- In the Search Results pane, click All files and folders under Search Companion.
- In the All or part of the file name box, type fp4awel.dll or fp5awel.dll, and then click Search.
- If you have the fp4awel.dll file you your system, you have FrontPage Server Extensions 2000 installed
- If you have the fp5awel.dll you have either FPSE 2002 or SharePoint Team Services installed.
To differentiate FrontPage Server Extensions 2002 from SharePoint Team Services do the following:
- Open the Control Panel task "Add or Remove Programs".
- Check whether "Microsoft SharePoint" is listed as installed software.
If a list entry called "Microsoft SharePoint" exists, then you do have SharePoint Team Services installed.
Note: If you have both fp4awel.dll and fp5awel.dll you need to apply both the FrontPage Server Extension 2000 and FrontPage Server Extension 2002 update.
What are the FrontPage Server Extensions?
FrontPage Server Extensions (FPSE) is a set of tools that can be installed on a web site. They serve two basic functions: to allow authorized personnel to manage the server, add or change content, and perform other tasks; and to add functions that are frequently used by web pages, such as search and forms support.
FPSE installs by default as part of IIS 4.0, 5.0 and 5.1. Only Windows 2000 Server, Windows 2000 Advanced Server, and Windows 2000 Datacenter install IIS by default. IIS can be uninstalled if desired. Microsoft recommends that web administrators uninstall FPSE if not needed.
If I have installed the stand-alone version of FrontPage Server extensions and then applied Windows 2000 Service Pack 4 am I vulnerable?
Yes - You need to install the separate stand-alone update for FrontPage Server Extensions
CAN-2003-0822: BO in FrontPage Server Extensions
What's the scope of the remote debug vulnerability?
This is a buffer overrun vulnerability. An attacker who successfully exploited this vulnerability could cause code of their choice to be executed as though it originated on the local machine. Such code could provide the attacker with the ability to take any desired action on the machine, including adding, deleting or modifying data on the system.
What causes the vulnerability?
The vulnerability results because of an unchecked buffer in one of the FrontPage Server Extensions dll files.
What could the remote debug vulnerability enable an attacker to do?
An attacker who successfully exploited this vulnerability could run code of his or her choice with IWAM_machinename account privileges on an affected system, or could cause FrontPage Server Extensions to fail.
Who could exploit the vulnerability?
Any unauthenticated attacker that can connect to the FrontPage Server Extensions service could seek to exploit this vulnerability
How could an attacker exploit this vulnerability?
An unauthenticated attacker could seek to exploit this vulnerability by sending a specially crafted request to FrontPage Server Extensions which would then cause FrontPage Server Extensions to fail in such a way that an attacker could execute code of his or her choice.
What steps could an administrator take to protect against the vulnerability?
The simplest way to address the vulnerability is to install the update. However, if the update were not installed, a server wouldn't be at risk if FrontPage Server Extensions had been uninstalled.
What does the update do?
The update addresses the vulnerability by removing the remote debugging functionality, as this functionality is no longer supported. Microsoft recommends that customers use the Terminal Server functionality for remote debugging.
CAN-2003-0824: Denial of Service in SmartHTML interpreter
What's the scope of the SmartHTML interpreter vulnerability?
This is a denial of service vulnerability. An attacker who successfully exploited this vulnerability could cause a server running Front Page Server Extensions to temporarily stop responding to requests.
What is the SmartHTML interpreter?
The SmartHTML interpreter is part of FPSE, and supports certain types of dynamic web content. It is made up of a variety of dynamic link library files. Using SmartHTML, a web developer can build a web page that relies on FrontPage features. For example, a web developer might want to embed the current date and time in a web page. In order to do that, the developer might use one of the WebBot components that come with FrontPage.
When the web page author inserts a WebBot into an HTML page, what actually gets inserted is a specially formatted HTML comment. A WebBot comment looks like a standard HTML comment with special notation that identifies the WebBot and its properties. The web page author sets the property values from a dialog box when the WebBot gets inserted. Each WebBot has its own dialog. Microsoft calls the WebBot notation "SmartHTML", and HTML pages containing WebBots "SmartHTML pages".
A WebBot is "executed" when the FrontPage Editor saves the HTML page. A FrontPage Server Extensions application scans the page for embedded WebBot components and replaces them with standard HTML text. As a result of this scanning process, a new page is created containing the standard HTML text generated from the WebBot components and a visitor to the web page sees the date and time rendered on the web page.
What's wrong with the SmartHTML interpreter?
If a request is made to a web server using FrontPage Server Extensions in a particular way, it could have the effect of causing the SmartHTML interpreter to cycle, temporarily consuming all of the server's CPU availability and preventing the server from performing useful work.
What could an attacker do via this vulnerability?
An attacker who successfully exploited this vulnerability could cause a server running Front Page Server Extensions to temporarily stop responding to requests.
Who could exploit the vulnerability?
Any unauthenticated attacker that can connect to the FrontPage Server Extensions service could seek to exploit this vulnerability
How might an attacker exploit the vulnerability?
The attack itself would only require that the attacker send a particular type of request to the SmartHTML interpreter repeatedly.
What steps could an administrator take to protect against the vulnerability?
The simplest way to address the vulnerability is to install the update. However, if the update were not installed, a server wouldn't be at risk if FPSE had been uninstalled, or if the SmartHTML interpreter were not in use. For instance, the IIS Lockdown Tool, if used to configure a static web server, disables the interpreter.
How does the update eliminate the vulnerability?
The update causes the SmartHTML interpreter to properly validate the incoming requests and discard those that are not valid.
Security Update Information
Installation platforms and Prerequisites:
For information about the specific security update for your platform, click the appropriate link:
Microsoft FrontPage Server Extensions 2000 (For Windows NT4) and Microsoft Office 2000 Server Extensions (Shipped with Office 2000)
Prerequisites
This security update requires Windows NT Workstation 4.0 Service Pack 6a (SP6a), Windows NT Server 4.0 Service Pack 6a (SP6a) or Windows NT Server 4.0, Terminal Server Edition, Service Pack 6 (SP6).
For information about the Windows desktop product life cycle, visit the following Microsoft Web site:
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
152734 How to Obtain the Latest Windows NT 4.0 Service Pack
Inclusion in future service packs:
This update will be included in any future service packs for FrontPage Server Extensions
Installation Information
This security update supports the following Setup switches:
/q Specifies quiet mode, or suppresses prompts, when files are being extracted.
/q:u Specifies user-quiet mode, which presents some dialog boxes to the user.
/q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user.
/t:path Specifies the target folder for extracting files.
/c Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder.
/c:path Specifies the path and name of the Setup .inf or .exe file.
/r:n Never restarts the computer after installation.
/r:i Prompts the user to restart the computer if a restart is required, except when used with /q:a.
/r:a Always restarts the computer after installation.
/r:s Restarts the computer after installation without prompting the user.
/n:v No version checking - Install the program over any previous version.
Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.
Note: Before installing the Update, ensure the following conditions have been met.
You are logged on to the computer using an account with Administrative rights (Windows NT only).
You have stopped all services related to the FrontPage 2000 Server Extensions.
Note: If you do not stop all services related to the FrontPage 2000 Server Extensions or the file that is being updated is in use, you will be prompted to restart the computer after the update is installed.
Deployment Information
To install the security update without any user intervention, use the following command line:
For Windows NT Workstation 4.0, Windows NT Server 4.0, Windows NT Server 4.0, Terminal Server Edition:
office2000-kb813379-client-enu.exe /q
Restart Requirement
In some cases, this update does not require a reboot. The installer stops the needed services, applies the update and then restarts them. However, if the needed services cannot be stopped for any reason or if required files are in use, it will require a reboot. If this occurs, a prompt will be displayed advising of the need to reboot.
Removal Information
This security update can not be uninstalled
File Information
The English version of this fix has the file attributes (or later) that are listed in the following table.
| File Name | Size | Product Version |
|---|---|---|
| admin.exe | 16,439 | 4.00.02.7523 |
| admin.dll | 20,540 | 4.00.02.7523 |
| author.exe | 16,439 | 4.00.02.7523 |
| author.dll | 20,540 | 4.00.02.7523 |
| cfgwiz.exe | 188,480 | 4.00.02.7523 |
| fp4Amsft.dll | 184,435 | 4.00.02.7523 |
| fp4Anscp.dll | 82,035 | 4.00.02.7523 |
| fp4Apws.dll | 147,513 | 4.00.02.7523 |
| fp4Areg.dll | 49,210 | 4.00.02.7523 |
| fp4Atxt.dll | 102,509 | 4.00.02.7523 |
| fp4Autl.dll | 618,605 | 4.00.02.7523 |
| fp4Avnb.dll | 41,020 | 4.00.02.7523 |
| fp4Avss.dll | 32,826 | 4.00.02.7523 |
| fp4Awebs.dll | 49,212 | 4.00.02.7523 |
| fp4Awel.dll | 876,653 | 4.00.02.7802 |
| fp98sadm.exe | 14,608 | 3.00.02.1706 |
| fp98swin.exe | 109,328 | 3.00.02.1706 |
| fpadmcgi.exe | 24,632 | 4.00.02.7523 |
| fpadmdll.dll | 20,541 | 4.00.02.7523 |
| fpcount.exe | 188,494 | 4.00.02.7523 |
| fpencode.dll | 94,208 | 1.00.00.0000 |
| fpexedll.dll | 20,541 | 4.00.02.7523 |
| fpmmc.dll | 598,071 | 4.00.02.7523 |
| fpmmcsat.dll | 208,896 | 4.00.02.7523 |
| fpremadm.exe | 20,538 | 4.00.02.7523 |
| fpsrvadm.exe | 28,728 | 4.00.02.7523 |
| shtml.exe | 16,437 | 4.00.02.7523 |
| shtml.dll | 20,536 | 4.00.02.7523 |
| stub_fpsrvadm.exe | 16,449 | 4.00.02.7523 |
| stub_fpsrvwin.exe | 65,601 | 4.00.02.7523 |
| tcptest.exe | 32,827 | 4.00.02.7523 |
| tcptsat.dll | 16,384 | 4.00.02.7523 |
Verifying Update Installation
Verify that fp4awel.dll is version 4.0.2.7802
Microsoft FrontPage Server Extensions 2000 (Shipped with Windows 2000)
Prerequisites
For Windows 2000 this security update requires Service Pack 2 (SP2), or Service Pack 3 (SP3).
For information about the Windows desktop product life cycle, visit the following Microsoft Web site:
</https:>https:
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
Inclusion in future service packs:
The fix is already included in Windows 2000 Service Pack 4.
Installation Information
This security update supports the following Setup switches:
/? Display the list of installation switches.
/u Use Unattended mode.
/f Force other programs to quit when the computer shuts down.
/n Do not back up files for removal.
/o Overwrite OEM files without prompting.
/z Do not restart when the installation is complete.
/q Use Quiet mode (no user interaction).
/l List the installed hotfixes.
/x Extract the files without running Setup.
Deployment Information
To install the security update without any user intervention, use the following command line:
For Windows 2000 Service Pack 2, Windows 2000 Service Pack 3:
Windows2000-KB810217-x86-ENU /u /q
To install the security update without forcing the computer to restart, use the following command line:
For Windows 2000 Service Pack 2, Windows 2000 Service Pack 3:
Windows2000-KB810217-x86-ENU /z
Note: You can combine these switches into one command line.
Restart Requirement
In some cases, this update does not require a reboot. The installer stops the needed services, applies the update, then restarts them. However, if the needed services cannot be stopped for any reason or if required files are in use, it will require a reboot. If this occurs, a prompt will be displayed advising of the need to reboot.
Removal Information
To remove this security update, use the Add/Remove Programs tool in Control Panel.
System administrators can use the Spuninst.exe utility to remove this security update. The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB810217$\Spuninst folder, and it supports the following Setup switches:
/?: Show the list of installation switches.
/u: Use unattended mode.
/f: Force other programs to quit when the computer shuts down.
/z: Do not restart when the installation is complete.
/q: Use Quiet mode (no user interaction).
File Information
The English version of this fix has the file attributes (or later) that are listed in the following table.
| File Name | Size | Product Version |
|---|---|---|
| Spmsg.dll | 6,656 | 5.03.16.0008 |
| Spuninst.exe | 89,088 | 5.03.16.0008 |
| stub_fpsrvadm.exe | 16,449 | 4.00.02.7523 |
| stub_fpsrvwin.exe | 65,601 | 4.00.02.7523 |
| Tcptest.exe | 32,827 | 4.00.02.7523 |
| Admin.dll | 20,540 | 4.00.02.7523 |
| Admin.exe | 16,439 | 4.00.02.7523 |
| Author.dll | 20,540 | 4.00.02.7523 |
| Author.exe | 16,439 | 4.00.02.7523 |
| Cfgwiz.exe | 188,480 | 4.00.02.7523 |
| Empty.cat | 5,149 | 0.00.00.0000 |
| fp4amsft.dll | 184,435 | 4.00.02.7523 |
| fp4anscp.dll | 82,035 | 4.00.02.7523 |
| fp4apws.dll | 147,513 | 4.00.02.7523 |
| fp4areg.dll | 49,210 | 4.00.02.7523 |
| fp4atxt.dll | 102,509 | 4.00.02.7523 |
| fp4autl.dll | 618,605 | 4.00.02.7523 |
| fp4avnb.dll | 41,020 | 4.00.02.7523 |
| fp4avss.dll | 32,826 | 4.00.02.7523 |
| fp4awebs.dll | 49,212 | 4.00.02.7523 |
| fp4awel.dll | 876,653 | 4.00.02.7802 |
| fp40ext.inf | 7,977 | 0.00.00.0000 |
| fp98sadm.exe | 14,608 | 3.00.02.1706 |
| fp98swin.exe | 109,328 | 3.00.02.1706 |
| Fpadmcgi.exe | 24,632 | 4.00.02.7523 |
| Fpadmdll.dll | 20,541 | 4.00.02.7523 |
| Fpcount.exe | 188,494 | 4.00.02.7523 |
| Fpencode.dll | 94,208 | 1997.05.27.0000 |
| Fpexedll.dll | 20,541 | 4.00.02.7523 |
| Fpmmc.dll | 598,071 | 4.00.02.7523 |
| Fpremadm.exe | 20,538 | 4.00.02.7523 |
| Fpsrvadm.exe | 28,728 | 4.00.02.7523 |
| Shtml.dll | 20,536 | 4.00.02.7523 |
| Shtml.exe | 16,437 | 4.00.02.7523 |
Verifying Update Installation
To verify that the security update is installed on your computer use the Microsoft Baseline Security Analyzer (MBSA) tool. For additional information about MBSA, click the following article number to view the article in the Microsoft Knowledge Base:
320454 Microsoft Baseline Security Analyzer Version 1.1.1 Is Available
You may also be able to verify the files that this security update installed by reviewing the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP4\KB810217\Filelist
Note: This registry key may not be not created properly when an administrator or an OEM integrates or slipstreams the KB810217 security update into the Windows installation source files.
Microsoft FrontPage Server Extensions 2000 (Shipped with Windows XP)
Prerequisites
This security update requires the released version of Windows XP or Windows XP Service Pack 1 (SP1). For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
322389 How to Obtain the Latest Windows XP Service Pack
Inclusion in future service packs:
The fix for this issue will be included in Windows XP Service Pack 2.
Installation Information
This security update supports the following Setup switches:
/? Display the list of installation switches.
/u Use Unattended mode.
/f Force other programs to quit when the computer shuts down.
/n Do not back up files for removal.
/o Overwrite OEM files without prompting.
/z Do not restart when the installation is complete.
/q Use Quiet mode (no user interaction).
/l List the installed hotfixes.
/x Extract the files without running Setup.
Deployment Information
To install the security update without any user intervention, use the following command line:
WindowsXP-KB810217-x86-ENU.exe /u /q
To install the security update without forcing the computer to restart, use the following command line:
WindowsXP-KB810217-x86-ENU.exe/z
Note: You can combine these switches into one command line.
Restart Requirement
In some cases, this update does not require a reboot. The installer stops the needed services, applies the update and then restarts them. However, if the needed services cannot be stopped for any reason or if required files are in use, it will require a reboot. If this occurs, a prompt will be displayed advising of the need to reboot.
Removal Information
To remove this security update, use the Add or Remove Programs tool in Control Panel.
System administrators can use the Spuninst.exe utility to remove this security update. The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB810217$\Spuninst folder, and it supports the following Setup switches:
/?: Show the list of installation switches.
/u: Use unattended mode.
/f: Force other programs to quit when the computer shuts down.
/z: Do not restart when the installation is complete.
/q: Use Quiet mode (no user interaction).
File Information
The English version of this fix has the file attributes (or later) that are listed in the following table.
Windows XP Professional, Windows XP Tablet PC Edition, and Windows XP Media Center Edition:
| File name | Size | File Version |
|---|---|---|
| admin.exe | 16,439 | 4.0.2.7523 |
| author.dll | 20,540 | 4.0.2.7523 |
| author.exe | 16,439 | 4.0.2.7523 |
| cfgwiz.exe | 188,480 | 4.0.2.7523 |
| fp40ext.inf | 7,946 | N/A |
| fp4amsft.dll | 184,435 | 4.0.2.7523 |
| fp4anscp.dll | 82,035 | 4.0.2.7523 |
| fp4apws.dll | 147,513 | 4.0.2.7523 |
| fp4areg.dll | 49,210 | 4.0.2.7523 |
| fp4atxt.dll | 102,509 | 4.0.2.7523 |
| fp4autl.dll | 618,605 | 4.0.2.7523 |
| fp4avnb.dll | 41,020 | 4.0.2.7523 |
| fp4avss.dll | 32,826 | 4.0.2.7523 |
| fp4awebs.dll | 49,212 | 4.0.2.7523 |
| fp4awel.dll | 876,653 | 4.0.2.7802 |
| fp98sadm.exe | 14,608 | 3.0.2.1706 |
| fp98swin.exe | 109,328 | 3.0.2.1706 |
| fpadmcgi.exe | 24,632 | 4.0.2.7523 |
| fpadmdll.dll | 20,541 | 4.0.2.7523 |
| fpcount.exe | 188,494 | 4.0.2.7523 |
| fpencode.dll | 94,208 | 1997.5.27.0 |
| fpexedll.dll | 20,541 | 4.0.2.7523 |
| fpmmc.dll | 598,071 | 4.0.2.7523 |
| fpremadm.exe | 20,538 | 4.0.2.7523 |
| fpsrvadm.exe | 28,728 | 4.0.2.7523 |
| shtml.dll | 20,536 | 4.0.2.7523 |
| shtml.exe | 16,437 | 4.0.2.7523 |
| spmsg.dll | 6,656 | 4.0.2.7523 |
| spuninst.exe | 100,352 | 4.0.2.7523 |
| stub_fpsrvadm.exe | 16,449 | 4.0.2.7523 |
| stub_fpsrvwin.exe | 65,601 | 4.0.2.7523 |
Windows XP 64-Bit Edition:
| File name | Size | File Version |
|---|---|---|
| admin.dll | 14,336 | 4.00.02.8312 |
| admin.exe | 13,312 | 4.00.02.8312 |
| author.dll | 14,336 | 4.00.02.8312 |
| author.exe | 13,312 | 4.00.02.8312 |
| cfgwiz.exe | 747,008 | 4.00.02.8312 |
| fp4Amsft.dll | 647,168 | 4.00.02.8312 |
| fp4Areg.dll | 82,035 | 4.0.2.7523 |
| fp4Atxt.dll | 254,464 | 4.00.02.8312 |
| fp4Autl.dll | 2,651,136 | 4.00.02.8312 |
| fp4Avnb.dll | 103,424 | 4.00.02.8312 |
| fp4Avss.dll | 72,192 | 4.00.02.8312 |
| fp4Awel.dll | 4,045,824 | 4.00.02.8312 |
| fpadmcgi.exe | 129,536 | 4.00.02.8312 |
| fpadmdll.dll | 14,336 | 4.00.02.8312 |
| fpcount.exe | 415,744 | 4.00.02.8312 |
| fpexedll.dll | 9,728 | 4.00.02.8312 |
| fpmmc.dll | 1,816,576 | 4.00.02.8312 |
| fpmmcsat.dll | 204,800 | 4.00.02.4707 |
| fpremadm.exe | 16,896 | 4.00.02.8312 |
| fpsrvadm.exe | 166,912 | 4.00.02.8312 |
| shtml.dll | 14,336 | 4.00.02.8312 |
| shtml.exe | 13,312 | 4.00.02.8312 |
| tcptest.exe | 58,368 | 4.00.02.8312 |
| tcptsat.dll | 5,632 | 4.00.02.4707 |
Verifying Update Installation
To verify that the security update is installed on your computer use the Microsoft Baseline Security Analyzer (MBSA) tool. For additional information about MBSA, click the following article number to view the article in the Microsoft Knowledge Base:
320454 Microsoft Baseline Security Analyzer Version 1.1.1 Is Available
You may also be able to verify the files that this security update installed by reviewing the following registry keys:
Windows XP Professional; Windows XP Professional SP1; Windows XP 64-Bit Edition; Windows XP 64-Bit Edition SP1; Windows XP Tablet PC Edition; Windows XP Media Center Edition:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB810217\Filelist
Note: This registry key may not be not created properly when an administrator or an OEM integrates or slipstreams the KB810217 security update into the Windows installation source files.
Microsoft FrontPage Server Extensions 2002 (Shipped with Office XP)
Prerequisites
This update requires FrontPage Server Extensions 2002
Inclusion in future service packs:
This update will be included in any future service packs for FrontPage Server Extensions
Installation Information
This security update supports the following Setup switches:
/q Specifies quiet mode, or suppresses prompts, when files are being extracted.
/q:u Specifies user-quiet mode, which presents some dialog boxes to the user.
/q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user.
/t:path Specifies the target folder for extracting files.
/c Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder.
/c:path Specifies the path and name of the Setup .inf or .exe file.
/r:n Never restarts the computer after installation.
/r:i Prompts the user to restart the computer if a restart is required, except when used with /q:a.
/r:a Always restarts the computer after installation.
/r:s Restarts the computer after installation without prompting the user.
/n:v No version checking - Install the program over any previous version.
Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.
Note: Before installing the Update, ensure the following conditions have been met.
You are logged on to the computer using an account with Administrative rights (Windows NT only).
You have stopped all services related to the FrontPage 2000 Server Extensions.
Note: If you do not stop all services related to the FrontPage 2000 Server Extensions or the file that is being updated is in use, you will be prompted to restart the computer after the update is installed.
Deployment Information
To install the security update without any user intervention, use the following command line:
officexp-KB813380-client-ENG.exe /q
Restart Requirement
In some cases, this update does not require a reboot. The installer stops the needed services, applies the update, then restarts them. However, if the needed services cannot be stopped for any reason or if required files are in use, it will require a reboot. If this occurs, a prompt will be displayed advising of the need to reboot.
Removal Information
This security update can not be uninstalled
File Information
The English version of this fix has the file attributes (or later) that are listed in the following table.
| File Name | Size | Product Version |
|---|---|---|
| fp30reg.dll | 36,424 | 10.00.4205.0000 |
| FPcheck1003.exe | 28,672 | 0.00.00.0000 |
| Eula.txt | 8,744 | 0.00.00.0000 |
| fp5amsft.dll | 137,824 | 10.00.4803.0000 |
| fp5Areg.dll | 36,424 | 10.00.4205.0000 |
| fp5Awel.dll | 1,382,984 | 10.00.4803.0000 |
Verifying Update Installation
Verify that the following files are installed on the system
| Filename | Size | Product Version |
|---|---|---|
| fp30reg.dll | 36,424 | 10.00.4205.0000 |
| fp5amsft.dll | 137,824 | 10.00.4803.0000 |
| fp5Areg.dll | 36,424 | 10.00.4205.0000 |
| fp5Awel.dll | 1,382,984 | 10.00.4803.0000 |
Microsoft SharePoint Team Services 2002
Prerequisites
This security update requires Office XP SP2
Inclusion in future service packs:
The fix for this issue will be included in any future Service Pack for Office XP.
Installation Information
This security update supports the following Setup switches:
/q Specifies quiet mode, or suppresses prompts, when files are being extracted.
/q:u Specifies user-quiet mode, which presents some dialog boxes to the user.
/q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user.
/t:path Specifies the target folder for extracting files.
/c Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder.
/c:path Specifies the path and name of the Setup .inf or .exe file.
/r:n Never restarts the computer after installation.
/r:i Prompts the user to restart the computer if a restart is required, except when used with /q:a.
/r:a Always restarts the computer after installation.
/r:s Restarts the computer after installation without prompting the user.
/n:v No version checking - Install the program over any previous version.
Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.
Note: Before installing the Patch, ensure the following conditions have been met.
You are logged on to the computer using an account with Administrative rights (Windows NT only).
You have stopped all services related to the FrontPage 2000 Server Extensions.
Note: If you do not stop all services related to the FrontPage 2000 Server Extensions or the file that is being updated is in use, you will be prompted to restart the computer after the patch is installed.
Deployment Information
To install the security update without any user intervention, use the following command line:
OWS1002.exe /q
Restart Requirement
In some cases, this update does not require a reboot. The installer stops the needed services, applies the update, then restarts them. However, if the needed services cannot be stopped for any reason or if required files are in use, it will require a reboot. If this occurs, a prompt will be displayed advising of the need to reboot.
Removal Information
This security update can not be uninstalled
File Information
The English version of this fix has the file attributes (or later) that are listed in the following table.
| File Name | Size | Product Version |
|---|---|---|
| fp5Awel.dll | 1,351 | 10.0.4803.0 |
| Fpeditax.dll | 4,155 | 10.0.4622.0 |
| Owssvr.dll | 815 | 10.0.4921.0 |
| fp5Autl.dll | 931 | 10.0.4406.0 |
| fp5Awec.dll | 604,744 | 10.0.4406.0 |
| Fp5amsft.dll | 135 | 10.0.4803.0 |
Verifying Update Installation
Verify that the following files are installed on the system
| File name | Size | Product Version |
|---|---|---|
| Fp5awel.dll | 1,351 | 10.0.4803.0 |
| Fp5amsft.dll | 135 | 10.0.4803.0 |
| Fp5areg.dll | 10.0.4205.0 | |
| Fp30reg.dll | 10.0.4205.0 |
Other Information
Acknowledgments
Microsoft thanks for working with us to protect customers:
- Brett Moore of Security-Assessment.com for reporting the issue in MS03-051.
Obtaining other security updates:
Updates for other security issues are available from the following locations:
- Security updates are available from the Microsoft Download Center, and can be most easily found by doing a keyword search for "security_patch".
- Updates for consumer platforms are available from the Windows Update web site
- Updates for Microsoft Office Family products are available from the Office Update web site.
Support:
- Technical support is available from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls associated with security patches.
- International customers can get support from their local Microsoft subsidiaries. There is no charge for support associated with security updates. Information on how to contact Microsoft support is available at </https:>https:
Security Resources:
- The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products.
- Microsoft Software Update Services: </https:>https:
- Microsoft Baseline Security Analyzer (MBSA) details: https://www.microsoft.com/mbsa. Please see https://support.microsoft.com/default.aspx?scid=kb;EN-US;306460 for list of security updates that have detection limitations with MBSA tool.
- Windows Update Catalog: https://support.microsoft.com/default.aspx?scid=kb;EN-US;323166
- Windows Update: https://windowsupdate.microsoft.com
- Office Update: </https:>https:
Software Update Services (SUS):
Microsoft Software Update Services (SUS) enables administrators to quickly and reliably deploy the latest critical updates and security updates to Windows® 2000 and Windows Server™ 2003-based servers, as well as to desktop computers running Windows 2000 Professional or Windows XP Professional.
For information about how to deploy this security patch with Software Update Services, visit the following Microsoft Web site:
</https:>https:
Systems Management Server (SMS):
Systems Management Server can provide assistance deploying this security update. For information about Systems Management Server visit the SMS Web Site. SMS also provides several additional tools to assist administrators in the deployment of security updates such as the SMS 2.0 Software Update Services Feature Pack and the SMS 2.0 Administration Feature Pack. The SMS 2.0 Software Update Services Feature Pack utilizes the Microsoft Baseline Security Analyzer and the Microsoft Office Detection Tool to provide broad support for security bulletin remediation. Some software updates may require administrative rights following a restart of the computer.
Note: The inventory capabilities of the SMS 2.0 Software Update Services Feature Pack may be used for targeting updates to specific computers, and the SMS 2.0 Administration Feature Pack's Elevated Rights Deployment Tool can be used for installation. This provides optimal deployment for updates that require explicit targeting using Systems Management Server and administrative rights after the computer has been restarted.
Disclaimer:
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Revisions:
- V1.0 November 11, 2003: Bulletin published.
- V1.1 November 12, 2003: Updated information on what actions an attacker could take if they were to successfully exploit this vulnerability.
- V1.2 November 14, 2003: Updated information on affected versions of Microsoft Office, updated information in the workarounds section.
- V1.3 November 19, 2003: Updated information on setup switches in the Security Update Information section and corrected text in Severity Rating section for SharePoint Team Services 2002.
- V1.4 December 10, 2003: Updated the FAQ section to reflect a new Windows Update offering on Windows XP.
- V1.5 January 13, 2004: Added a FAQ about FrontPage Server Extensions and Service Pack 4 for Windows 2000. Updated file version in the FrontPage Server Extensions 2002 section. Corrected setup switches in the FrontPage Server Extensions stand-alone and Windows 2000 section.
- V2.0 February 10, 2004: Updated to reflect that the bulletin also affects Office 2000 Server Extensions and Windows XP 64-bit Edition.
Built at 2014-04-18T13:49:36Z-07:00 </https:>