Microsoft KB Archive/942416

= Detection-and-deployment guidance for security update MS07-054: Vulnerability in MSN Messenger and in Windows Live Messenger could allow remote code execution =

Article ID: 942416

Article Last Modified on 9/14/2007

-

APPLIES TO


 * MSN Messenger 6.2
 * MSN Messenger 7.0
 * MSN Messenger 7.5
 * Windows Live Messenger

-



Microsoft currently issues upgrades for MSN Messenger or for Windows Live Messenger by using the MSN Messenger service or the Windows Live Messenger service. These online services have their own client-deployment mechanisms. These client-deployment mechanisms are separate from the standard Windows Update mechanism or from the Microsoft Update mechanism for security updates.

Microsoft is delivering this detection-and-deployment guidance for security update MS07-054 because the Windows Update mechanism or the Microsoft Update mechanism for security updates cannot be used to detect, to download, or to install this update.



Initial setup and configuration
This section is intended for administrators who are using a startup script or a logon script to deploy this tool. To configure the server and the share, follow these steps:  Create a folder that is named &quot;BIN&quot; under the folder that represents the Netlogon share on your domain controller. For example, create the BIN folder under the following folder:

%WINDIR%\SYSVOL\sysvol\ \scripts

 Download the Windows XP Service Pack 2 Support Tools, extract the Filever.exe tool, and then copy this tool into the BIN folder that you created in step 1.

The Filever.exe tool is included with the Windows XP Service Pack 2 Support Tools. To obtain the Windows XP Service Pack 2 Support Tools, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38&displaylang=en

For more information about the Filever.exe tool, visit the following Microsoft Web site:

http://technet2.microsoft.com/windowsserver/en/library/1a9f06ba-ba52-49e7-baf3-5352cfd828991033.mspx?mfr=true

For more information about the Filever.exe tool, click the following article number to view the article in the Microsoft Knowledge Base:

913111 How to use the Filever.exe tool to obtain specific information about a file in Windows

 Download the Getver.exe tool, extract the tool, and then copy it to the BIN folder that you created in step 1.

The Getver.exe tool is included with the Microsoft Product Support Reporting Tool v5.2.2004.1. To obtain the Microsoft Product Support Reporting Tool v5.2.2004.1, visit the following Microsoft Web site:

http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd915706/MPSRPT_SETUPPerf.exe

To extract the Getver.exe tool, use the /C switch as follows:

MPSRPT_SETUPPerf.exe /C

 Download the version of Windows Live Messenger that is associated with the client base:  For Windows XP and later operating systems, download Windows Live Messenger 8.1.0178. To do this, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=d78f2ff1-79ea-4066-8ba0-ddbed94864fc&DisplayLang=en

 For Windows 2000-based systems, download MSN Messenger 7.0.0820. To do this, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=cf49c56c-8b3e-4eae-9904-9505f47bed45&displaylang=en

 </li> Run the installation package by using the /C switch to extract the MsnMsgs.msi file, and then copy the file to the BIN folder that you created in step 1.

Note If both packages are required, you must rename the MSN Messenger 7 installation file as &quot;MsnMsgs7.msi.&quot; You must make this change because both installer files use the same name.

</li> Designate a collection server to be used to deposit the log files that are created by the scripts that are referenced in this article.</li> Create a share that is named &quot;LOGS&quot; on the collection server. Then, apply the following permissions: <ol style="list-style-type: lower-alpha;"> Add the domain user account for the user who is managing this share, and then click Full Control.</li> If you use the computer startup script method, grant the Domain Computers group Modify permissions, Read & Execute permissions, List Folder Contents permissions, Read permissions, and Write permissions.</li> If you use the logon script method, grant the Authenticated Users group Modify permissions, Read & Execute permissions, List Folder Contents permissions, Read permissions, and Write permissions.</li></ol> </li></ol>

<div class="notice_section">

Usage
The MSNMsgrTest.bat file can be used to determine whether a vulnerable version of the Msnmsgr.exe file is installed in Windows 2000, in Windows XP, in Windows Server 2003, or in Windows Vista.

The script does the following:  Determines whether the vulnerable version of the Msnmsgr.exe file is installed on the system</li> Outputs results to the screen</li> Outputs results to the following comma-delimited log file:

MSNMsgrTest_Results.csv

</li> Logs the computer name, the operating system (OS) version, the Msnmsgr.exe file version, the vulnerability status, and the date-and-time of the scan</li></ul>

Code example
The script and the steps that are provided here are intended only as examples. Make sure that you test these scripts and these steps, and then modify them appropriately to work in your specific environments. For example, you must change the server name and the share name according to the setup parameters in your environment. @echo off REM: MSNMsgrTest.bat to determine whether a vulnerable version of Msnmsgr.exe is installed in Windows 2000, in Windows XP, in Windows Server 2003, or in Windows Vista. REM: Output is displayed on the screen and is saved to a comma-delimited output log file: MSNMsgrTest_Results.csv. REM: This batch file script requires Filever.exe.

Set STDOUTPUT=YES

REM: Remove the &quot;REM:&quot; in the following line to suppress output to the screen (and to log only to the output log file). REM: Set STDOUTPUT=NO

REM: Edit the &quot;Set OutputLog&quot; line to change the location of the Output log file. REM: For example: Set OutputLog=\\Server_name\share\MSNMsgrTest_Results.csv. Set OutputLog=MSNMsgrTest_Results.csv

REM: If the output .csv file already exists, skip the addition of header information. if exist %OutputLog% GOTO RUNTEST

REM: Add header information to the output .csv file. echo Computername,OS Version,Msnmsgr.exe Fileversion,Vulnerable? (YES/NO),MS07-054 Status,Scan Date - Time > %OutputLog% echo ====================,==========================================,======================,====================,====================,============================ >> %OutputLog%


 * RUNTEST

REM: Determine OS version.

FOR /F &quot;skip=1 tokens=*&quot; %%a in ('ver') do SET OSVEROUT=%%a FOR /f &quot;tokens=3 delims=n&quot; %%b in (&quot;%OSVEROUT%&quot;) do set OSVER=%%b

REM: Determine processor architecture. if exist &quot;%ProgramFiles(x86)%&quot; GOTO X64 if exist &quot;%ProgramFiles%&quot; GOTO X86

GOTO x86


 * X64

REM: Determine the version of Msnmsgr.exe on x64 systems. if not exist &quot;%ProgramFiles(x86)%\msn messenger\msnmsgr.exe&quot; GOTO NOTFOUND FOR /F &quot;tokens=*&quot; %%i in ('filever.exe &quot;%ProgramFiles(x86)%\msn messenger\msnmsgr.exe&quot;') do SET FILEVEROUT=%%i FOR /f &quot;tokens=5 delims= &quot; %%i in (&quot;%FILEVEROUT%&quot;) do set MSNVer=%%i GOTO TESTOSVER


 * X86

REM: Determine the version of Msnmsgr.exe on x86 systems. if not exist &quot;%ProgramFiles%\msn messenger\msnmsgr.exe&quot; GOTO NOTFOUND FOR /F &quot;tokens=*&quot; %%i in ('filever.exe &quot;%ProgramFiles%\msn messenger\msnmsgr.exe&quot;') do SET FILEVEROUT=%%i FOR /f &quot;tokens=5 delims= &quot; %%i in (&quot;%FILEVEROUT%&quot;) do set MSNVer=%%i GOTO TESTOSVER


 * NOTFOUND

Echo %Computername%,%OSVEROUT%,File Not Found,NO,Not Required,%date% - %time% >> %OutputLog% if (%STDOUTPUT%)==(NO) GOTO END Echo Computername:     %Computername% Echo OS Version:       %OSVEROUT% Echo msnmsgr version:  Msnmsgr.exe Not Found Echo Status:       Security update MS07-054 not required... echo Results Output:       Saved to file: %OutputLog% echo. echo. echo. pause GOTO END


 * TESTOSVER

REM: Test whether the OS version is Windows 2000 (&quot;downlevel&quot;) or Windows XP or a later version (&quot;uplevel&quot;). if %OSVer% GEQ 5.1 GOTO TESTVER_UPLEVEL if %OSVer% LSS 5.1 GOTO TESTVER_DOWNLEVEL


 * TESTVER_UPLEVEL

REM: Test for vulnerable version of Msnmsgr.exe in Windows XP, in Windows Server 2003, and in Windows Vista. if %MSNVer% LSS 8.1 GOTO LESSER if %MSNVer% GEQ 8.1 GOTO GREATER


 * TESTVER_DOWNLEVEL

REM: Test for vulnerable version of Msnmsgr.exe in Windows 2000. if %MSNVer% LSS 7.0.0820 GOTO LESSER if %MSNVer% GEQ 7.0.0820 GOTO GREATER


 * LESSER

Echo %Computername%,%OSVEROUT%,%MSNVer%,YES,MS07-054 Required,%date% - %time% >> %OutputLog% if (%STDOUTPUT%)==(NO) GOTO END Echo Computername:     %Computername% Echo OS Version:       %OSVEROUT% Echo msnmsgr version:  %MSNVer% (Vulnerable!) Echo Status:       Security update MS07-054 required... echo Results Output:       Saved to file: %OutputLog% echo. echo. echo. pause GOTO END


 * GREATER

Echo %Computername%,%OSVEROUT%,%MSNVer%,NO,Not Required,%date% - %time% >> %OutputLog% if (%STDOUTPUT%)==(NO) GOTO END Echo Computername:     %Computername% Echo OS Version:       %OSVEROUT% Echo msnmsgr version:  %MSNVer% (Not Vulnerable) Echo Status:       Security update MS07-054 Not required... echo Results Output:       Saved to file: %OutputLog% echo. echo. echo. pause GOTO END


 * END

exit

Use a Group Policy-based computer startup script to determine whether the updated version of either MSN Messenger or Windows Live Messenger is installed
This method requires that you restart the client computer after you set up the script and after you apply the Group Policy setting. <ol> Set up the shares. To do this, follow the steps in the &quot;Initial setup and configuration&quot; section.</li> Set up the startup script. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> In the Active Directory Users and Computers MMC snap-in, right-click the domain name, and then click Properties.</li> Click the Group Policy tab, click New to create a new Group Policy object (GPO), and then type MSNMGR Detection for the name of the policy.</li> Click the new policy, and then click Edit.</li> <li>Expand Windows Settings for Computer Configuration, and then click Scripts (Startup/Shutdown).</li> <li>Double-click Startup, and then click Add. The Add a Script dialog box appears.</li> <li>In the Script Name box, type \\%USERDOMAIN%\netlogon\bin\MSNMsgrTest.bat .</li> <li>Click OK, and then click Apply.</li></ol> </li> <li>Restart the client computers that are members of this domain.</li></ol>

Use a Group Policy-based user logon script to determine whether the updated version of either MSN Messenger or Windows Live Messenger is installed
This method requires that the logon user account is a domain account and that this account is a member of the local administrator's group on the client computer. <ol> <li>Set up the shares. To do this, follow the steps in the &quot;Initial setup and configuration&quot; section.</li> <li>Set up the logon script. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>In the Active Directory Users and Computers MMC snap-in, right-click the domain name, and then click Properties.</li> <li>Click the Group Policy tab, click New to create a new Group Policy object (GPO), and then type MSNMGR Detection for the name of the policy.</li> <li>Click the new policy, and then click Edit.</li> <li>Expand Windows Settings for User Configuration, and then click Scripts (Logon/Logoff).</li> <li>Double-click Logon, and then click Add. The Add a Script dialog box appears.</li> <li>In the Script Name box, type \\%USERDOMAIN%\netlogon\bin\MSNMsgrTest.bat .</li> <li>Click OK, and then click Apply.</li></ol> </li> <li>Restart the client computers that are members of this domain.</li></ol>

In a situation that involves a logon script, the scripts and the tools will run under the context of the logged-on user. If this user does not belong to the local administrators group, or if this user does not have sufficient permissions, the tool will not run. Additionally, the tool will not return the appropriate return code. For more information about how to use startup scripts and logon scripts, click the following article numbers to view the articles in the Microsoft Knowledge Base:

198642 Overview of logon, logoff, startup, and shutdown scripts in Windows 2000

322241 How to assign scripts in Windows 2000

Results output
By default, the MSNMsgrTest.bat script displays a results output when it is executed. This output includes details such as the computer name, the operating system version, the Msnmsgr.exe file version, and the vulnerability status of the destination computer.

The following are samples of the various outputs you might see on the screen: <ul> <li> …If a vulnerable version of Msnmsgr.exe is found on the destination computer: <pre class="fixed_text">Computer name:     COMPUTER-789 OS Version:    Microsoft Windows [Version 5.2.3790] manmsgr version:   7.0.816.0 <Vulnerable!> Status:        Security update MS07-054 required... Results Output:    Save to file: \\gc-xp\c$\MSNMsgrTest_Results.csv

Press any key to continue. . . </li> <li> …If the version of Msnmsgr.exe if not vulnerable: <pre class="fixed_text">Computer name:      COMPUTER-456 OS Version:    Microsoft Windows [Version 5.1.2600] manmsgr version:   8.1.178.0  <Not Vulnerable> Status:        Security update MS07-054 Not required... Results Output:    Save to file: \\gc-xp\c$\MSNMsgrTest_Results.csv

Press any key to continue. . . </li> <li> … If Msnmsgr.exe is not found on the system in its installed location: <pre class="fixed_text">Computer name:     COMPUTER-123 OS Version:    Microsoft Windows [Version 5.2.3790] manmsgr version:   Msnmsgr.exe Not Found Status:        Security update MS07-054 not required... Results Output:    Save to file: \\gc-xp\c$\MSNMsgrTest_Results.csv

Press any key to continue. . . </li></ul>

Note In most enterprise environments, you will want to suppress this output screen. You will want to output the findings to only a single location on a network share.

If you do not want to see any local output on the screen, edit the script to make the following change:

Delete &quot;REM&quot; from the following line in the script: REM: Set STDOUT=N Change this line to the following: Set STDOUT=N

CSV log file output
By default, the script creates a comma-delimited output log file that is named &quot;MSNMsgrTest_Results.csv&quot; in the same location from which the batch script is run.

For an enterprise environment, where multiple computers are being scanned, you will want all scan result to be logged to a single output log that is located on a share. Make sure that this share can be accessed by all users or by all destination computers. If you want to customize the location of the output log file, edit the script to specify the location. For example, edit the following line in the script to customize the name and the location of the output log file: Set OutputLog=MSNMsgrTest_Results.csv For example, you might edit this line in one of the following ways: Set OutputLog=\\Server_name\share\MSNMsgrTest_Results.csv Set OutputLog=C:\TEMP\MSNMsgrTest_Results.csv Set OutputLog=%systemdrive%\MSNMsgrTest_Results.csv The following is a sample of the MSNMsgrTest_Results.csv output .csv file, where multiple destination computers have logged test results to a single log file. The output is comma delimited, and it can be opened and sorted by using any spreadsheet program, such as Microsoft Office Excel.

<div class="notice_section">

MSNUpdate.bat script
The MSNUpdate.bat script in this section can be used to do the following:
 * Detect vulnerable versions of MSN Messenger and of Windows Live Messenger
 * Deploy the MS07-054 security update

Usage
Before you implement the MSNUpdate.bat script, make sure that the following conditions are true:
 * A share that is named &quot;bin&quot; has been created under the default Netlogon share on your domain controller.
 * The MsnMsgs.msi file, the MsnMsgs7.msi file, and the Getver.exe file have been saved on the bin share.

Code example
REM In this example, the script is named MSNUpdate.bat. REM Create a share that is named &quot;bin&quot; under the default Netlogon share on your domain controller. REM Use the share &quot;bin&quot; to hold the files: Getver.exe, MsnMsgs.msi, MsnMsgs7.msi. REM and any other support tools that are used in the script.

If exist &quot;%ProgramFiles%\MSN Messenger&quot; GOTO WHATOS If not exist &quot;%ProgramFiles%\MSN Messenger&quot; GOTO END


 * WHATOS

\\%USERDOMAIN%\netlogon\bin\GETVER.EXE

IF %ERRORLEVEL% LEQ 50 GOTO UPDATE_MSN7x IF %ERRORLEVEL% GEQ 51 GOTO UPDATE_MSN81


 * UPDATE_MSN81

If exist &quot;%WINDIR%\Installer\MSN Messenger 8.1.0178&quot; goto End If not exist &quot;%WINDIR%\Installer\MSN Messenger 8.1.0178&quot; goto MSN81


 * MSN81

Start /wait \\%USERDOMAIN%\netlogon\bin\MsnMsgs.Msi /quiet

GOTO UPDATED


 * UPDATED

echo &quot;MSN has been updated on %computername%&quot; > \\%COLLECTIONSERVER%\logs\%computername%_updated.log

GOTO END


 * UPDATE_MSN7x

If exist &quot;%WINDIR%\Installer\MSN Messenger 7.0.0820&quot; goto End If not exist &quot;%WINDIR%\Installer\MSN Messenger 7.0.0820&quot; goto MSN81


 * MSN7x

Start /wait \\%USERDOMAIN%\netlogon\bin\MsnMsgs7.Msi /quiet

GOTO UPDATED


 * UPDATED

echo &quot;MSN has been updated on %computername%&quot; > \\%COLLECTIONSERVER%\logs\%computername%_updated.log


 * End

Use a Group Policy-based computer startup script to update either MSN Messenger or Windows Live Messenger to MS07-054
This method requires that you restart the client computer after you set up the script and after you apply the Group Policy setting. <ol> <li>Set up the shares. To do this, follow the steps in the &quot;Initial setup and configuration&quot; section.</li> <li>Set up the startup script. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>In the Active Directory Users and Computers MMC snap-in, right-click the domain name, and then click Properties.</li> <li>Click the Group Policy tab, click New to create a new Group Policy object (GPO), and then type MSNMGR Deployment for the name of the policy.</li> <li>Click the new policy, and then click Edit.</li> <li>Expand Windows Settings for Computer Configuration, and then click Scripts (Startup/Shutdown).</li> <li>Double-click Startup, and then click Add. The Add a Script dialog box appears.</li> <li>In the Script Name box, type \\%USERDOMAIN%\netlogon\bin\MSNUpdate.bat .</li> <li>Click OK, and then click Apply.</li></ol> </li> <li>Restart the client computers that are members of this domain.</li></ol>

Use a Group Policy-based user logon script to update either MSN Messenger or Windows Live Messenger to MS07-054
This method requires that the logon user account is a domain account and that this account is a member of the local administrator's group on the client computer. <ol> <li>Set up the shares. To do this, follow the steps in the &quot;Initial setup and configuration&quot; section.</li> <li>Set up the logon script. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>In the Active Directory Users and Computers MMC snap-in, right-click the domain name, and then click Properties.</li> <li>Click the Group Policy tab, click New to create a new Group Policy object (GPO), and then type MSNMGR Deployment for the name of the policy.</li> <li>Click the new policy, and then click Edit.</li> <li>Expand Windows Settings for User Configuration, and then click Scripts (Logon/Logoff).</li> <li>Double-click Logon, and then click Add. The Add a Script dialog box appears.</li> <li>In the Script Name box, type \\%USERDOMAIN%\netlogon\bin\MSNUpdate.bat .</li> <li>Click OK, and then click Apply.</li></ol> </li> <li>Restart the client computers that are members of this domain.</li></ol>

In a situation that involves a logon script, the scripts and the tools will run under the context of the logged-on user. If this user does not belong to the local administrators group, or if this user does not have sufficient permissions, the tool will not run. Additionally, the tool will not return the appropriate return code. For more information about how to use startup scripts and logon scripts, click the following article numbers to view the articles in the Microsoft Knowledge Base:

198642 Overview of logon, logoff, startup, and shutdown scripts in Windows 2000

322241 How to assign scripts in Windows 2000

Keywords: kbinfo kbhowto kbexpertiseinter kbcode kbsecurity kbpubtypekc KB942416

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.