Home > Microsoft Security > Microsoft Security Bulletin Ms06-078

Microsoft Security Bulletin Ms06-078

For more information about how to contact Microsoft for support issues, visit the International Support Web site. In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to attempt to exploit this vulnerability. Deployment Information To install the security update without any user intervention, use the following command at a command prompt for Windows 2000 Service Pack 4: WindowsMedia6-KB925398-v2-x86-ENU /quiet Windows2000-KB923689-x86-ENU /quiet Note Use It is used frequently on streaming video servers where multiple ASF files are to be played in succession. http://qaisoftware.com/microsoft-security/microsoft-security-bulletin-ms04-025.html

On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.Note To modify the Npdsplay.dll file, follow these steps.Click Start then click Run.Type cacls “%programfiles%\Windows Media Player\npdsplay.dll” /d everyone, and then click OK. What causes the vulnerability? The update removes the vulnerability by modifying the way that Windows Media Format Runtime validates the length of data in the before passing the data to the allocated buffer. https://technet.microsoft.com/en-us/library/security/ms06-078.aspx

It should be a priority for customers who have these operating system versions to migrate to supported versions to prevent potential exposure to vulnerabilities. Page generated 2016-06-07 13:03-07:00. When a workaround reduces functionality, it is identified in the following section. Microsoft received information about this vulnerability through responsible disclosure.

  • Click the Advanced tab.
  • For more information, see the Affected Software and Download Locations section.
  • Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be

Versions or editions that are not listed are either past their support life cycle or are not affected. An attacker could host a specially crafted Web site that is designed to exploit these vulnerabilities through Internet Explorer and then persuade a user to view the Web site. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. For backward compatibility, the security update also supports many of the setup switches that the earlier version of the Setup program uses.

Setup Modes /passive Unattended Setup mode. NETGEAR introduces new retail telephony gateway for Comcast [ComcastXFINITY] by telcodad286. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. https://technet.microsoft.com/en-us/library/security/ms06-006.aspx If a restart is required at the end of Setup, a dialog box will be presented to the user with a timer warning that the computer will restart in 30 seconds.

Customers who did experience this known issue and did not install this security update will be reoffered the security update included with this security bulletin. Office Update Software Update Services: By using Microsoft Software Update Services (SUS), administrators can quickly and reliably deploy the latest critical updates and security updates to Windows 2000 and Windows Server On the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.Note An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Other Information Acknowledgments Microsoft thanks the following for working with us to help protect customers: Urs Eichmann of PRISMA Informatik for reporting the NET 2.0 Application Folder Information Disclosure Vulnerability - https://technet.microsoft.com/en-us/library/security/ms06-041.aspx For more information about how to deploy this security update using Windows Server Update Services, visit the Windows Server Update Services Web site. Verifying that the Update Has Been Applied Microsoft Baseline Security Analyzer To verify that a security update has been applied to an affected system, you can use the Microsoft Baseline Security For more information about Qchain, visit this Web site.

Note Not all security updates support HotPatching, and some security updates that support HotPatching might require that you restart the server after you install the security update. this content Yes. Click Start, and then click Search. Security updates may not contain all variations of these files.

Customers without an Alliance, Premier, or Authorized Contract can contact their local Microsoft sales office. Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Windows Server Update Services: By using Windows Server Update Services (WSUS), administrators can quickly and reliably deploy the latest critical updates and security updates for Windows 2000 operating systems and later, weblink Also, this registry key may not be created correctly when an administrator or an OEM integrates or slipstreams the security update into the Windows installation source files.

For contact information, visit the Microsoft Worldwide Information Web site, select the country, and then click Go to see a list of telephone numbers. Product SMS 2.0 SMS 2003 Windows Media Player 6.4 on Microsoft Windows 2000 Service Pack 4 Yes Yes Windows Media Player 6.4 on Windows XP Service Pack 2 Yes Yes Windows To install the security update without forcing the system to restart, use the following command at a command prompt for Windows Server 2003: WindowsMedia6-KB925398-v2-x86-ENU /norestart WindowsMedia6-KB925398-v2-x64-ENU /norestart WindowsServer2003-KB923689-x86-ENU /norestart WindowsServer2003.WindowsXP-KB923689-x64-ENU /norestart

Also, in certain cases, files may be renamed during installation.

Microsoft received information about this vulnerability through responsible disclosure. Both RTSP and MMS streaming protocols are supported, as well as HTTP. With Winsock, programmers are provided access to advanced Microsoft® Windows® networking capabilities such as multicast and Quality of Service (QOS). For more information about the Update.exe installer, visit the Microsoft TechNet Web site.

It should be a priority for customers who have these operating system versions to migrate to supported versions to prevent potential exposure to vulnerabilities. Microsoft received information about this vulnerability through responsible disclosure. There is no charge for support that is associated with security updates. http://qaisoftware.com/microsoft-security/microsoft-security-bulletin-advance.html Removal Information To remove this security update, use the Add or Remove Programs tool in Control Panel.

For more information about how to obtain the latest service pack, see Microsoft Knowledge Base Article 260910. The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB921883$\Spuninst folder. What might an attacker use the vulnerability to do? An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

by tomron / December 20, 2006 1:23 AM PST In reply to: Thanks Donna! Registry Key Verification You may also be able to verify the files that this security update has installed by reviewing the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB920683\Filelist Note This registry key may When you call, ask to speak with the local Premier Support sales manager. IT Pro Security Zone Community: Learn to improve security and optimize your IT infrastructure, and participate with other IT Pros on security topics in the IT Pro Security Zone Web site.