Microsoft KB Archive/911280

= MS06-025: Vulnerability in Routing and Remote Access could allow remote code execution =

Article ID: 911280

Article Last Modified on 12/3/2007

-

APPLIES TO

 Microsoft Windows Server 2003, Standard Edition (32-bit x86) Microsoft Windows Server 2003, Enterprise Edition (32-bit x86) Microsoft Windows Server 2003, Web Edition Microsoft Windows Server 2003, Datacenter Edition (32-bit x86) Microsoft Windows Server 2003, Standard x64 Edition Microsoft Windows Server 2003, Enterprise x64 Edition Microsoft Windows Server 2003, Datacenter x64 Edition Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems</li> Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems</li> Microsoft Windows Server 2003 Service Pack 1, when used with: <ul> Microsoft Windows Server 2003, Standard Edition (32-bit x86)</li></ul>

<ul> Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)</li></ul>

<ul> Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)</li></ul>

<ul> Microsoft Windows Server 2003, Web Edition</li></ul>

<ul> Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems</li></ul>

<ul> Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems</li></ul> </li> Microsoft Windows Small Business Server 2003 Premium Edition</li> Microsoft Windows Small Business Server 2003 Standard Edition</li> Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)</li> Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)</li> Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86)</li> Microsoft Windows Server 2003 R2 Standard x64 Edition</li> Microsoft Windows Server 2003 R2 Enterprise x64 Edition</li> Microsoft Windows Server 2003 R2 Datacenter x64 Edition</li> <li>Microsoft Windows XP Service Pack 1, when used with: <ul> <li>Microsoft Windows XP Home Edition</li></ul>

<ul> <li>Microsoft Windows XP Professional</li></ul>

<ul> <li>Microsoft Windows XP Media Center Edition 2002</li></ul>

<ul> <li>Microsoft Windows XP Tablet PC Edition</li></ul> </li> <li>Microsoft Windows XP Tablet PC Edition 2005</li> <li>Microsoft Windows XP Media Center Edition 2005</li> <li>Microsoft Windows XP Service Pack 2, when used with: <ul> <li>Microsoft Windows XP Professional</li></ul>

<ul> <li>Microsoft Windows XP Home Edition</li></ul> </li> <li>Microsoft Windows XP Professional x64 Edition</li> <li>Microsoft Windows 2000 Service Pack 4, when used with: <ul> <li>Microsoft Small Business Server 2000 Standard Edition</li></ul>

<ul> <li>Microsoft Windows 2000 Advanced Server</li></ul>

<ul> <li>Microsoft Windows 2000 Professional Edition</li></ul>

<ul> <li>Microsoft Windows 2000 Server</li></ul> </li> <li>Microsoft Windows Small Business Server 2003, Standard Edition Service Pack 1 (SP1), when used with: <ul> <li>Microsoft Windows Small Business Server 2003 Premium Edition</li></ul>

<ul> <li>Microsoft Windows Small Business Server 2003 Standard Edition</li></ul> </li></ul>

-

<div class="notice_section">

<div class="summary_section">

Microsoft has released security bulletin MS06-025. The security bulletin contains all the relevant information about the security update, including file manifest information and deployment options. To view the security bulletin, visit the following Microsoft Web sites: <ul> <li>Home users:

http://www.microsoft.com/athome/security/update/bulletins/200606.mspx

</li> <li>IT professionals:

http://www.microsoft.com/technet/security/bulletin/ms06-025.mspx

</li></ul>

Known issues
<ul> <li>Users who have installed the original version of security update 911280 (MS06-025) may have been affected by an issue involving dial-up connections that use a terminal window, or dial-up scripting. The original version of this security update was released on June 13, 2006. Dial-up scripting is an older technology that is rarely used by modern dial-up connections. If dial-up scripting is used in a connection, the connection may stop responding. This behavior does not affect any dial-up connections that do not use dial-up scripting. This issue may affect direct-dial connections to a corporate network, to a university network, or to some Internet service providers (ISPs). This issue was resolved in the version of the security update that was available from June 27, 2006. We recommend that users who are affected by the issue uninstall the older version of security update 911280 (MS06-025) and then install the latest version. For more information about dial-up scripting, visit the following Microsoft Web site:

http://www.microsoft.com/technet/archive/winntas/proddocs/network/xns10.mspx

Customers who have examined their infrastructure and do not use dial-up connections that use a post-connect terminal window or dial-up scripting should continue to deploy security update 911280. Customers who have verified that they are experiencing problems after they install security update 911280 should contact Microsoft Product Support Services for free security-related support from Microsoft. To do this, telephone +1 (866) 727-2338 in the US and Canada, or visit a local international subsidiary on the following Microsoft Web site:

http://support.microsoft.com/common/international.aspx

</li> <li>An issue has been confirmed that involves using scripts to change device configuration parameters such as parity checking or stop bits. This technology is used with legacy devices and connections. If scripts-making device configuration changes that use the set port parity command, the set port databits command, or the set port stopbits command are used as part of the connection process, connections will not be completed successfully. Microsoft is working to develop and test a revision to this update that will address this issue. If you must use a connection that relies on making device configuration changes, do not install security update 911280 (MS06-025) until the revised version is available. For more information about device configuration as part of connection, visit the following Microsoft Web site:

http://www.microsoft.com/technet/archive/winntas/deploy/confeat/x25ref.mspx?mfr=true

</li></ul>

Additional query words: update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE WinNT Win2000

Keywords: kbwinserv2003sp2fix kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix kbwinserv2003presp1fix kbwin2000presp5fix kbwinnt400presp7fix kbpubtypekc KB911280

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.