Microsoft KB Archive/923723

= MS07-005: Vulnerability in Step-by-Step Interactive Training could allow remote code execution =

Article ID: 923723

Article Last Modified on 12/3/2007

-

APPLIES TO

 MSPRESS MS Press Step-By-Step Interactive series Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86) Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86) Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86) Microsoft Windows Server 2003 R2 Standard x64 Edition Microsoft Windows Server 2003 R2 Datacenter x64 Edition Microsoft Windows Server 2003 R2 Enterprise x64 Edition Microsoft Windows Server 2003, Standard Edition (32-bit x86)</li> Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)</li> Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)</li> Microsoft Windows Server 2003, Web Edition</li> Microsoft Windows Server 2003, Standard x64 Edition</li> Microsoft Windows Server 2003, Enterprise x64 Edition</li> Microsoft Windows Server 2003, Datacenter x64 Edition</li> Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems</li> Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems</li> Microsoft Windows Small Business Server 2003 Standard Edition</li> Microsoft Windows XP Service Pack 2, when used with: <ul> Microsoft Windows XP Home Edition</li></ul>

<ul> Microsoft Windows XP Professional</li></ul> </li> Microsoft Windows XP Professional x64 Edition</li> Microsoft Windows XP Tablet PC Edition 2005</li> Microsoft Windows XP Media Center Edition 2005</li> Microsoft Windows 2000 Professional Edition</li> <li>Microsoft Windows 2000 Advanced Server</li> <li>Microsoft Windows 2000 Datacenter Server</li></ul>

-

<div class="summary_section">

INTRODUCTION
Microsoft has released security bulletin MS07-005. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites: <ul> <li>Home users:

http://www.microsoft.com/athome/security/update/bulletins/200702.mspx

</li> <li>IT professionals:

http://www.microsoft.com/technet/security/bulletin/ms07-005.mspx

</li></ul>

<div class="moreinformation_section">

Known issue with this security update
When a user visits Windows Update, the Step-by-Step Interactive Training application is continuously reoffered, and the installation is always unsuccessful.

Note The symptoms occur when the user installs the Step-by-Step Interactive Training application that includes Lrun32.exe and then applies security update 923723.

Consider the following scenario:
 * 1) The user uninstalls the Step-by-Step Interactive Training application.

Note Because the Lrun32.exe file was modified by security update 923723, this operation leaves the updated file on the computer.
 * 1) The user enables the display of updates in the Add or remove programs dialog box.
 * 2) The user uninstalls the Step-by-Step Interactive Training security update.

Note The user must know which security update is associated with the Step-by-Step Interactive Training application. This operation makes the updated Lrun32.exe revert to the original version.
 * 1) The next time that the user visits Windows Update, the Step-by-Step Interactive Training application is reoffered. However, the installation is unsuccessful because the version of the Lrun32.exe file that is on the computer is a partially installed version of the Step-by-Step Interactive Training application.

In this scenario, the user is reoffered the Step-by-Step Interactive Training application every time that the user goes to Windows update.

Keywords: kbexpertiseinter kbexpertisebeginner kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix kbwin2000presp5fix kbpubtypekc KB923723

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.