Microsoft KB Archive/928365

= Description of the security update for the .NET Framework 2.0 for Windows Server 2003, Windows XP, and Windows 2000: July 10, 2007 =

Article ID: 928365

Article Last Modified on 12/3/2007

-

APPLIES TO

 Microsoft .NET Framework 2.0, when used with:  Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)

 Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)

 Microsoft Windows Server 2003, Standard Edition (32-bit x86)

 Microsoft Windows Server 2003, Web Edition</li></ul>

 Microsoft Windows XP Home Edition</li></ul>

 Microsoft Windows XP Media Center Edition 2002</li></ul>

 Microsoft Windows XP Professional</li></ul>

 Microsoft Windows XP Starter Edition</li></ul>

 Microsoft Windows XP Tablet PC Edition</li></ul>

 Microsoft Windows 2000 Advanced Server</li></ul>

 Microsoft Windows 2000 Datacenter Server</li></ul>

 Microsoft Windows 2000 Professional Edition</li></ul>

<ul> <li>Microsoft Windows 2000 Server</li></ul> </li></ul>

-

<div class="summary_section">

INTRODUCTION
Microsoft has released security bulletin MS07-040. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites: <ul> <li>Home users:

http://www.microsoft.com/protect/computer/updates/bulletins/200707.mspx

Skip the details: Download the updates for your home computer or laptop from the Microsoft Update Web site now:

http://update.microsoft.com/microsoftupdate/

</li> <li>IT professionals:

http://www.microsoft.com/technet/security/bulletin/ms07-040.mspx

</li></ul>

<div class="moreinformation_section">

Known issues
In the following section are the known issues with this security update. If you have problems with this security update that are not addressed by these known issues, no-charge support is available for consumers by calling 1-866-PCSAFETY in the United States and Canada or by contacting your local Microsoft subsidiary. For more information about how to contact your local Microsoft subsidiary for security update support issues, visit the International Support Web site:

http://support.microsoft.com/common/international.aspx

Enterprise customers can obtain support for security updates through their usual support contacts.

Known issues during installation of the update
<ul> <li>You receive a Windows Update error code &quot;0x643&quot; or a Windows Installer error code &quot;1603&quot; when you try to install an update for the .NET Framework 1.0, 1.1, or 2.0

For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

923100 When you try to install an update for the .NET Framework 1.0, 1.1, or 2.0, you may receive Windows Update error code&quot;0x643&quot; or Windows Installer error code&quot;1603&quot;

</li> <li>You receive a &quot;The folder 'Program Files' contains an invalid character&quot; error message when you try to install a security update for the .NET Framework 2.0

For more information about this issue when you install a security update on the 64-bit versions of Windows Server 2003, click the following article number to view the article in the Microsoft Knowledge Base:

923101 Error message when you try to install a security update for the .NET Framework 2.0 on a computer that is running Windows Server 2003 x64 Edition: &quot;Error 1324. The folder 'Program Files' contains an invalid character&quot;

</li></ul>

Known issues that may occur after the update is installed
<ul> <li>Certain Unicode characters in the path of the executable file are displayed as &quot;?&quot; when you create an application that is built on the Microsoft .NET Framework 2.0, and you use the Application.ExecutablePath property to obtain the path of the executable file

For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

943804 FIX: Certain Unicode characters returned by the Application.ExecutablePath property in the .NET Framework 2.0 are displayed as &quot;?&quot;

</li> <li>You receive a &quot;This application has requested the Runtime to terminate in an unusual way&quot; error message when you uninstall a security update for the Microsoft .NET Framework 1.1

For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

934711 Error message when you restart the computer after you uninstall a security update for the .NET Framework 1.1:&quot;This application has requested the Runtime to terminate in an unusual way&quot;

</li> <li>You receive error messages after you install security update 931212

For more information about the error messages, click the following article numbers to view the articles in the Microsoft Knowledge Base:

940947 Error message after you install security update 931212 (MS07-040) in Windows 2000 with Service Pack 4: &quot; Error 127: The specified procedure could not be found&quot;

941386 FIX: Error message when you run an ASP.NET 2.0 Web application that is built on the .NET Framework 2.0 after you install the MS07-040 security update: &quot;Type 'System.Web.HttpHeaderCollection' is not marked as serializable&quot;

941789 You receive error messages after you install security update 931212 (MS07-040) on a Windows SharePoint Services 3.0 Web front-end server or on a SharePoint Server 2007 Web front-end server

942086 FIX: Error message when you run an ASP.NET 2.0 Web application that is built on the .NET Framework 2.0: &quot;The constructor to deserialize an object of type ' ' was not found&quot;

</li> <li>Other issues that may occur after you install a security update for the .NET Framework 2.0 that is greater than or equal to build 2.0.50727.832 <ul> <li>The performance of the server may decrease and adding users or uploading files may fail with the error message &quot;403 Forbidden error&quot; after you install a Microsoft .NET Framework 2.0 hotfix

For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

934793 Description of the SharePoint Server 2007 hotfix package: April 12, 2007

</li> <li>You may be unable to execute SQL Server 2005 Integration Services (SSIS) packages that contain script tasks or script components

For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

931846 You may be unable to execute SQL Server 2005 Integration Services packages that contain script tasks or script components

</li> <li>When you run an application or try to access a Web site on the computer, you may receive the following error message:

[System.ArgumentException] : Culture name 'Culture' is not supported for the following 13 cultures: en-CB az-AZ-Latn uz-UZ-Latn sr-SP-Latn az-AZ-Cyrl uz-UZ-Cyrl sr-SP-Cyrl bs-BA-Cyrl sr-BA-Latn sr-BA-Cyrl bs-BA-Latn iu-CA-Latn div-Windows Vista

For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

939949 Error message when you run an application or try to access a Web site on a computer that has a particular .NET Framework 2.0 software update installed: &quot;Culture name 'Culture' is not supported&quot;

</li> <li>When you click Add Link to Site on the Sites page to add a new link to the Site Directory on a Microsoft Office SharePoint Portal Server 2003 portal site, and then you click either OK or Cancel, the &quot;Add Link to Site&quot; page stops responding.

Additionally, the link is not added to the Site Directory. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

934229 The &quot;Add Link to Site&quot; page stops responding, and the link is not added when you try to add a new link to the Site Directory in a SharePoint Portal Server 2003 site

</li></ul> </li></ul>

<div class="moreinformation_section">

More information about this security update
After you install this security update, the behavior of UTF8Encoding, UnicodeEncoding, and UTF32Encoding change to comply with the Unicode 5.0 requirements for Unicode encodings. Invalid bytes are not removed. Instead, they are replaced by the Unicode character U+FFFD, the Unicode replacement character.

For more information about this behavior, click the following article number to view the article in the Microsoft Knowledge Base:

940521 The behavior of UTF8Encoding, UnicodeEncoding, and UTF32Encoding changes to comply to the Unicode 5.0 requirements for Unicode encodings after you install the security update for the .NET Framework 2.0 that is described in security bulletin MS07-040

<div class="moreinformation_section">

Update removal information
To remove this security update, use the Add or Remove Programs item in Control Panel.

Prerequisites
To install this security update, you must have Microsoft Windows Installer 3.1 installed on the computer. To obtain the latest version of Windows Installer for the computer, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=889482fc-5f56-4a38-b838-de776fd4138c

Additionally, the computer must be running one of the following operating systems:
 * A 32-bit version of Windows Server 2003 with Service Pack 1 (SP1) or of Windows Server 2003 with Service Pack 2 (SP2)
 * An Itanium-based version of Windows Server 2003 with SP1 or of Windows Server 2003 with SP2
 * A 64-bit version of Windows Server 2003 with SP1 or of Windows Server 2003 with SP2
 * Microsoft Windows XP with Service Pack 2 (SP2)
 * Microsoft Windows 2000 with Service Pack 4 (SP4)

Additional query words: update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS security update patch bulletin .NET Framework 2.0 flaw vulnerability malicious attacker exploit

Keywords: kbresolve kbexpertisebeginner kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix kbpubtypekc KB928365

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.