Microsoft KB Archive/811493

= MS03-013: Buffer overrun in Windows kernel message handling could lead to elevated privileges =

Article ID: 811493

Article Last Modified on 5/17/2007

-

APPLIES TO


 * Microsoft Windows XP Professional
 * Microsoft Windows XP Home Edition
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows NT Server 4.0, Terminal Server Edition
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition

-



May 28, 2003: Microsoft released an updated patch for Windows XP Service Pack 1 (SP1). This revised patch corrects the performance issues that some customers experienced with the original Windows XP Service Pack 1 patch.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

819634 You may experience performance issues after you install the 811493 (MS03-013) security update





SYMPTOMS
The Windows kernel is the core of the operating system. It provides system level services such as device and memory management, allocates processor time to processes, and manages error handling. There is a flaw in the way the kernel passes error messages to a debugger. This flaw causes a vulnerability. An attacker could write a program to exploit this flaw and run code of their choice. An attacker could exploit this vulnerability to take any action on the system including deleting data, adding accounts with administrative access, or reconfiguring the system.

For an attack to be successful, an attacker would have to be able to log on interactively to the system, either at the console or through a terminal session. Also, a successful attack would require the introduction of code to exploit this vulnerability. Security Best Practices resources recommend that you restrict the ability to log on interactively on servers. As a result, this issue most directly affects client systems and terminal servers. For more information about Security Best Practices resources, visit the following Microsoft Web site:

http://www.microsoft.com/security/guidance/default.mspx

Mitigating Factors
 * A successful attack requires the ability to log on interactively to the target computer, either directly at the console or through a terminal session.
 * Properly secured servers are at little risk from this vulnerability. Standard best practices resources recommend that you only allow trusted administrators to log on to these kinds of systems interactively. Without these privileges, an attacker could not exploit the vulnerability.



Windows XP
To resolve this problem, obtain the latest service pack for Microsoft Windows XP. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

322389 How to obtain the latest Windows XP service pack

Windows 2000
To resolve this problem, obtain the latest service pack for Microsoft Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

Security Patch Information
For more information about how to resolve this vulnerability, click the appropriate link below:
 * Windows XP (all versions)
 * Windows 2000 (all versions)
 * Windows NT 4.0 (all versions)

Windows XP (All Versions)
Download Information

The following files are available for download from the Microsoft Download Center:

Windows XP Professional and Windows XP Home Edition (all languages)

Download the 811493 package now.

Windows XP 64-bit Edition (all languages)

Download the 811493 package now.

Release Date: April 16, 2003 (Windows XP SP1 patch re-released May 28, 2003)

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Prerequisites

This patch requires the released version of Windows XP or Windows XP Service Pack 1 (SP1). For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

322389 How to Obtain the Latest Windows XP Service Pack

Installation Information

This patch supports the following Setup switches:
 * /? : Display the list of installation switches.
 * /u : Use Unattended mode.
 * /f : Force other programs to quit when the computer shuts down.
 * /n : Do not back up files for removal.
 * /o : Overwrite OEM files without prompting.
 * /z : Do not restart when installation is complete.
 * /q : Use Quiet mode (no user interaction).
 * /l : List installed hotfixes.
 * /x : Extract the files without running Setup.

To verify that the patch is installed on your computer, confirm that the following registry key exists:

Windows XP:

 

Windows XP with Service Pack 1 (SP1):

 

Deployment Information

To install the patch without any user intervention, use the following command line:

q811493_wxp_sp2_x86_enu /u /q

To install the patch without forcing the computer to restart, use the following command line:

q811493_wxp_sp2_x86_enu /z

Note These switches can be combined into one command line.

Restart Requirement

You must restart your computer after you apply this patch because this patch replaces core system binaries that are loaded during system startup.

Removal Information

To remove this update, use the Add/Remove Programs tool in Control Panel.

System administrators can use the Spunist.exe utility to remove this patch. Spuninst.exe is in the %Windir%\$NTUninstallQ811493$\Spuninst folder, and it supports the following Setup switches:
 * /? : Display the list of installation switches.
 * /u : Use unattended mode.
 * /f : Force other programs to quit when the computer shuts down.
 * /z : Do not restart when installation is complete.
 * /q : Use Quiet mode (no user interaction).

Hotfix Replacement Information

This patch does not replace any other patches.

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

May 28, 2003 release of the Windows XP patch (contents of Setup package):   Date         Time   Version        Size       File name 12-Dec-2002 21:08  5.1.2600.108   1,848,320  Ntkrnlmp.exe  pre-SP1 12-Dec-2002 21:09  5.1.2600.108   1,902,080  Ntkrnlpa.exe  pre-SP1 12-Dec-2002 21:09  5.1.2600.108   1,874,944  Ntkrpamp.exe  pre-SP1 12-Dec-2002 21:08  5.1.2600.108   1,879,936  Ntoskrnl.exe  pre-SP1 24-Apr-2003 12:57  5.1.2600.1151  1,892,864  Ntkrnlmp.exe  with SP1 24-Apr-2003 12:57  5.1.2600.1151  1,949,440  Ntkrnlpa.exe  with SP1 24-Apr-2003 12:57  5.1.2600.1151  1,921,536  Ntkrpamp.exe  with SP1 24-Apr-2003 12:57  5.1.2600.1151  1,925,760  Ntoskrnl.exe  with SP1 May 28, 2003 release of the Windows XP patch (installed files, depending on the service pack level and the number of processors):   Date         Time   Version        Size       Path and File name              SP Level  Processor --  12-Dec-2002  21:08  5.1.2600.108   1,848,320  %Windir%\System32\Ntoskrnl.exe  pre-SP1   multiprocessor 12-Dec-2002 21:09  5.1.2600.108   1,874,944  %Windir%\System32\Ntkrnlpa.exe  pre-SP1   multiprocessor 12-Dec-2002 21:08  5.1.2600.108   1,879,936  %Windir%\System32\Ntoskrnl.exe  pre-SP1   uniprocessor 12-Dec-2002 21:09  5.1.2600.108   1,902,080  %Windir%\System32\Ntkrnlpa.exe  pre-SP1   uniprocessor 24-Apr-2003 12:57  5.1.2600.1151  1,892,864  %Windir%\System32\Ntoskrnl.exe  with SP1  multiprocessor 24-Apr-2003 12:57  5.1.2600.1151  1,921,536  %Windir%\System32\Ntkrnlpa.exe  with SP1  multiprocessor 24-Apr-2003 12:57  5.1.2600.1151  1,925,760  %Windir%\System32\Ntoskrnl.exe  with SP1  uniprocessor 24-Apr-2003 12:57  5.1.2600.1151  1,949,440  %Windir%\System32\Ntkrnlpa.exe  with SP1  uniprocessor May 28, 2003 release of the Windows XP 64-bit Edition patch (contents of Setup package):   Date         Time   Version        Size       File name     SP Level 12-Dec-2002 21:09  5.1.2600.108   5,734,400  Ntkrnlmp.exe  pre-SP1 12-Dec-2002 21:09  5.1.2600.108   5,677,568  Ntoskrnl.exe  pre-SP1 24-Apr-2003 12:57  5.1.2600.1151  5,793,536  Ntkrnlmp.exe  with SP1 24-Apr-2003 12:57  5.1.2600.1151  5,736,832  Ntoskrnl.exe  with SP1 May 28, 2003 release of the Windows XP 64-bit Edition patch (installed files, depending on the service pack level and the number of processors):   Date         Time   Version        Size       Path and File name              SP Level  Processor --  12-Dec-2002  21:09  5.1.2600.108   5,734,400  %Windir%\System32\Ntoskrnl.exe  pre-SP1   multiprocessor 12-Dec-2002 21:09  5.1.2600.108   5,677,568  %Windir%\System32\Ntoskrnl.exe  pre-SP1   uniprocessor 24-Apr-2003 12:57  5.1.2600.1151  5,793,536  %Windir%\System32\Ntoskrnl.exe  with SP1  multiprocessor 24-Apr-2002 12:57  5.1.2600.1151  5,736,832  %Windir%\System32\Ntoskrnl.exe  with SP1  uniprocessor April 16, 2003 release of the Windows XP patch (contents of Setup package):   Date         Time   Version        Size       File name     SP Level 12-Dec-2002 21:08  5.1.2600.108   1,848,320  Ntkrnlmp.exe  pre-SP1 12-Dec-2002 21:09  5.1.2600.108   1,902,080  Ntkrnlpa.exe  pre-SP1 12-Dec-2002 21:09  5.1.2600.108   1,874,944  Ntkrpamp.exe  pre-SP1 12-Dec-2002 21:08  5.1.2600.108   1,879,936  Ntoskrnl.exe  pre-SP1 12-Dec-2002 20:38  5.1.2600.1150  1,892,352  Ntkrnlmp.exe  with SP1 12-Dec-2002 20:38  5.1.2600.1150  1,948,288  Ntkrnlpa.exe  with SP1 12-Dec-2002 20:38  5.1.2600.1150  1,921,024  Ntkrpamp.exe  with SP1 12-Dec-2002 20:38  5.1.2600.1150  1,924,480  Ntoskrnl.exe  with SP1 April 16, 2003 release of the Windows XP patch (installed files, depending on the service pack level and the number of processors):   Date         Time   Version        Size       Path and File name              SP Level  Processor --  12-Dec-2002  21:08  5.1.2600.108   1,848,320  %Windir%\System32\Ntoskrnl.exe  pre-SP1   multiprocessor 12-Dec-2002 21:09  5.1.2600.108   1,874,944  %Windir%\System32\Ntkrnlpa.exe  pre-SP1   multiprocessor 12-Dec-2002 21:08  5.1.2600.108   1,879,936  %Windir%\System32\Ntoskrnl.exe  pre-SP1   uniprocessor 12-Dec-2002 21:09  5.1.2600.108   1,902,080  %Windir%\System32\Ntkrnlpa.exe  pre-SP1   uniprocessor 12-Dec-2002 20:38  5.1.2600.1150  1,892,352  %Windir%\System32\Ntoskrnl.exe  with SP1  multiprocessor 12-Dec-2002 20:38  5.1.2600.1150  1,921,024  %Windir%\System32\Ntkrnlpa.exe  with SP1  multiprocessor 12-Dec-2002 20:38  5.1.2600.1150  1,924,480  %Windir%\System32\Ntoskrnl.exe  with SP1  uniprocessor 12-Dec-2002 20:38  5.1.2600.1150  1,948,288  %Windir%\System32\Ntkrnlpa.exe  with SP1  uniprocessor April 16, 2003 release of the Windows XP 64-bit Edition patch (contents of Setup package):   Date         Time   Version        Size       File name     SP Level 12-Dec-2002 21:09  5.1.2600.108   5,734,400  Ntkrnlmp.exe  pre-SP1 12-Dec-2002 21:09  5.1.2600.108   5,677,568  Ntoskrnl.exe  pre-SP1 12-Dec-2002 20:38  5.1.2600.1150  5,791,744  Ntkrnlmp.exe  with SP1 12-Dec-2002 20:38  5.1.2600.1150  5,734,912  Ntoskrnl.exe  with SP1 April 16, 2003 release of the Windows XP 64-bit Edition patch (installed files, depending on the service pack level and the number of processors):   Date         Time   Version        Size       Path and File name              SP Level  Processor --  12-Dec-2002  21:09  5.1.2600.108   5,734,400  %Windir%\System32\Ntoskrnl.exe  pre-SP1   multiprocessor 12-Dec-2002 21:09  5.1.2600.108   5,677,568  %Windir%\System32\Ntoskrnl.exe  pre-SP1   uniprocessor 12-Dec-2002 20:38  5.1.2600.1150  5,791,744  %Windir%\System32\Ntoskrnl.exe  with SP1  multiprocessor 12-Dec-2002 20:38  5.1.2600.1150  5,734,912  %Windir%\System32\Ntoskrnl.exe  with SP1  uniprocessor You can also verify the files that this patch installed by reviewing the following registry key:

Windows XP:

 

Windows XP with Service Pack 1 (SP1):

 

Windows 2000
Download Information

The following files are available for download from the Microsoft Download Center:

All languages except Japanese NEC

Download the 811493 package now.

Japanese NEC

Download the 811493 package now.

Release Date: April 16, 2003

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Prerequisites

This patch requires Windows 2000 Service Pack 2 (SP2) or Windows 2000 Service Pack 3 (SP3). For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

Installation Information

This patch supports the following Setup switches:
 * /? : Display the list of installation switches.
 * /u : Use Unattended mode.
 * /f : Force other programs to quit when the computer shuts down.
 * /n : Do not back up files for removal.
 * /o : Overwrite OEM files without prompting.
 * /z : Do not restart when installation is complete.
 * /q : Use Quiet mode (no user interaction).
 * /l : List installed hotfixes.
 * /x : Extract the files without running Setup.

To verify that the patch is installed on your computer, confirm that the following registry key exists:

 

Deployment Information

To install the patch without any user intervention, use the following command line:

q811493_w2k_sp4_x86_en /u /q

To install the patch without forcing the computer to restart, use the following command line:

q811493_w2k_sp4_x86_en /z

Note These switches can be combined into one command line.

Restart Requirement

You must restart your computer after you apply this patch because this patch replaces core system binaries that are loaded during system startup.

Removal Information

To remove this update, use the Add/Remove Programs tool in Control Panel.

System administrators can use the Spunist.exe utility to remove this patch. Spuninst.exe is in the %Windir%\$NTUninstallQ811493$\Spuninst folder, and it supports the following Setup switches:
 * /? : Display the list of installation switches.
 * /u : Use unattended mode.
 * /f : Force other programs to quit when the computer shuts down.
 * /z : Do not restart when installation is complete.
 * /q : Use Quiet mode (no user interaction).

Hotfix Replacement Information

This patch replaces the patch discussed in the following Microsoft Knowledge Base article:

815021 MS03-007: Unchecked Buffer in Windows Component May Cause Web Server

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

NOTE: Unless specifically noted, files will be targeted to systems independent of service pack level, encryption level, or number of processors.

Windows 2000 (contents of Setup package):   Date         Time   Version        Size       File name     Processor -  15-Aug-2002  11:34  5.0.2195.5265     42,256  Basesrv.dll 17-Jan-2003 12:06  5.0.2195.6656    236,304  Cmd.exe 15-Aug-2002 11:34  5.0.2195.5907    222,992  Gdi32.dll 15-Aug-2002 11:34  5.0.2195.6011    708,880  Kernel32.dll  uniprocessor 04-Feb-2003 16:15  5.0.2195.6661     29,264  Mountmgr.sys 15-Aug-2002 11:34  5.0.2195.4733    332,560  Msgina.dll 27-Mar-2003 16:13  5.0.2195.6685    476,944  Ntdll.dll     uniprocessor 12-Dec-2002 18:22  5.0.2195.6159  1,689,216  Ntkrnlmp.exe  multiprocessor 12-Dec-2002 18:22  5.0.2195.6159  1,688,832  Ntkrnlpa.exe  uniprocessor 12-Dec-2002 18:22  5.0.2195.6159  1,709,440  Ntkrpamp.exe  multiprocessor 12-Dec-2002 18:22  5.0.2195.6159  1,666,944  Ntoskrnl.exe  uniprocessor 21-Mar-2003 17:43  5.0.2195.6692     90,232  Rdpwd.sys     128-bit 15-Aug-2002 11:34  5.0.2195.6000    379,664  User32.dll 15-Aug-2002 11:34  5.0.2195.5968    369,936  Userenv.dll 08-Aug-2002 18:23  5.0.2195.6003  1,642,416  Win32k.sys    uniprocessor 15-Aug-2002 11:30  5.0.2195.6013    179,472  Winlogon.exe 15-Aug-2002 11:34  5.0.2195.5935    243,472  Winsrv.dll    uniprocessor 27-Mar-2003 16:14  5.0.2195.6692     90,200  Rdpwd.sys     56-bit 15-Aug-2002 11:34  5.0.2195.6011    708,880  Kernel32.dll  multiprocessor 02-Apr-2003 15:56  5.0.2195.6685    476,944  Ntdll.dll     multiprocessor 15-Aug-2002 11:34  5.0.2195.6003  1,642,416  Win32k.sys    multiprocessor 15-Aug-2002 11:34  5.0.2195.5935    243,472  Winsrv.dll    multiprocessor Windows 2000 (installed files, depending on the encryption level and the number of processors):   Date         Time   Version        Size       Path and File name                     Processor/Encryption Level ---  15-Aug-2002  11:34  5.0.2195.5265     42,256  %Windir%\System32\Basesrv.dll 17-Jan-2003 12:06  5.0.2195.6656    236,304  %Windir%\System32\Cmd.exe 15-Aug-2002 11:34  5.0.2195.5907    222,992  %Windir%\System32\Gdi32.dll 04-Feb-2003 16:15  5.0.2195.6661     29,264  %Windir%\System32\Drivers\Mountmgr.sys 15-Aug-2002 11:34  5.0.2195.4733    332,560  %Windir%\System32\Msgina.dll 21-Mar-2003 17:43  5.0.2195.6692     90,232  %Windir%\System32\Drivers\Rdpwd.sys    128-bit 15-Aug-2002 11:34  5.0.2195.6000    379,664  %Windir%\System32\User32.dll 15-Aug-2002 11:34  5.0.2195.5968    369,936  %Windir%\System32\Userenv.dll 15-Aug-2002 11:30  5.0.2195.6013    179,472  %Windir%\System32\Winlogon.exe 27-Mar-2003 16:14  5.0.2195.6692     90,200  %Windir%\System32\drivers\Rdpwd.sys    56-bit 15-Aug-2002 11:34  5.0.2195.6011    708,880  %Windir%\System32\Kernel32.dll         multiprocessor 27-Mar-2003 16:13  5.0.2195.6685    476,944  %Windir%\System32\Ntdll.dll            multiprocessor 08-Aug-2002 18:23  5.0.2195.6003  1,642,416  %Windir%\System32\Win32k.sys           multiprocessor 15-Aug-2002 11:34  5.0.2195.5935    243,472  %Windir%\System32\Winsrv.dll           multiprocessor 12-Dec-2002 18:22  5.0.2195.6159  1,709,440  %Windir%\System32\Ntkrnlpa.exe         multiprocessor 12-Dec-2002 18:22  5.0.2195.6159  1,689,216  %Windir%\System32\Ntoskrnl.exe         multiprocessor 15-Aug-2002 11:34  5.0.2195.6011    708,880  %Windir%\System32\Kernel32.dll         uniprocessor 02-Apr-2003 15:56  5.0.2195.6685    476,944  %Windir%\System32\Ntdll.dll            uniprocessor 15-Aug-2002 11:34  5.0.2195.6003  1,642,416  %Windir%\System32\Win32k.sys           uniprocessor 15-Aug-2002 11:34  5.0.2195.5935    243,472  %Windir%\System32\Winsrv.dll           uniprocessor 12-Dec-2002 18:22  5.0.2195.6159  1,688,832  %Windir%\System32\Ntkrnlpa.exe         uniprocessor 12-Dec-2002 18:22  5.0.2195.6159  1,666,944  %Windir%\System32\Ntoskrnl.exe         uniprocessor You can also verify the files that this patch installed by reviewing the following registry key:

 

Windows NT 4.0 (all versions)
Download Information

The following files are available for download from the Microsoft Download Center:

Windows NT 4.0 Server and Windows NT 4.0 Workstation (all languages except Japanese NEC and Chinese - Hong Kong)

Download the 811493 package now.

Windows NT 4.0 Server and Windows NT 4.0 Workstation (Japanese NEC)

Download the 811493 package now.

Windows NT 4.0 Server and Windows NT 4.0 Workstation (Chinese - Hong Kong)

Download the 811493 package now.

Windows NT 4.0 Server, Terminal Server Edition (all languages)

Paket 811493 jetzt downloaden.

Release Date: April 16, 2003

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Prerequisites

This patch requires Windows NT 4.0 Service Pack 6a (SP6a) or Windows NT Server 4.0, Terminal Server Edition Service Pack 6 (SP6). For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

152734 How to Obtain the Latest Windows NT 4.0 Service Pack

Installation Information

This patch supports the following Setup switches:


 * /y : Perform removal (only with /m or /q ).
 * /f : Force programs to be closed at shutdown.
 * /n : Do not create an Uninstall folder.
 * /z : Do not restart when update completes.
 * /q : Use Quiet or Unattended mode with no user interface (this switch is a superset of /m ).
 * /m : Use Unattended mode with user interface.
 * /l : List installed hotfixes.
 * /x : Extract the files without running Setup.

Deployment Information

To install the patch without any user intervention, use the following command line:

q811493i /q

To install the patch without forcing the computer to restart, use the following command line:

q811493i /z

Note These switches can be combined into one command line.

Restart Requirement

You must restart your computer after you apply this patch because this patch replaces core system binaries that are loaded during system startup.

Removal Information

To remove this update, use the Add/Remove Programs tool in Control Panel.

System administrators can use the Spunist.exe utility to remove this patch. Spuninst.exe is in the %Windir%\$NTUninstallQ811493$\Spuninst folder, and it supports the following Setup switches:
 * /? : Display the list of installation switches.
 * /u : Use unattended mode.
 * /f : Force other programs to quit when the computer shuts down.
 * /z : Do not restart when installation is complete.
 * /q : Use Quiet mode (no user interaction).

Hotfix Replacement Information

This patch does not replace any other patches.

File Information

The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

NOTE: Unless specifically noted, files will be targeted to systems independent of service pack level, encryption level, or number of processors.

Windows NT 4.0 (contents of Setup package):   Date         Time   Version        Size     File name 12-Dec-2002 18:16  4.0.1381.7203  957,504  Ntkrnlmp.exe 12-Dec-2002 18:16  4.0.1381.7203  937,280  Ntoskrnl.exe Windows NT 4.0 (installed files, depending on the encryption level and the number of processors):   Date         Time   Version        Size     Path and File name              Processor --  12-Dec-2002  18:16  4.0.1381.7203  957,504  %Windir%\System32\Ntoskrnl.exe  multiprocessor 12-Dec-2002 18:16  4.0.1381.7203  937,280  %Windir%\System32\Ntoskrnl.exe  uniprocessor Windows NT Server 4.0, Terminal Server Edition (contents of Setup package): <pre class="fixed_text">  Date         Time   Version         Size       File name ---  12-Dec-2002  18:29  4.0.1381.33545  1,004,160  Ntkrnlmp.exe 12-Dec-2002 18:29  4.0.1381.33545    983,168  Ntoskrnl.exe Windows NT Server 4.0, Terminal Server Edition (installed files, depending on the encryption level and the number of processors): <pre class="fixed_text">  Date         Time   Version         Size       Path and File name              Processor -  12-Dec-2002  18:29  4.0.1381.33545  1,004,160  %Windir%\System32\Ntoskrnl.exe  multiprocessor 12-Dec-2002 18:29  4.0.1381.33545    983,168  %Windir%\System32\Ntoskrnl.exe  uniprocessor

<div class="status_section">

STATUS
Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed at the beginning of this article.

Windows 2000 Only
This problem was first corrected in Microsoft Windows 2000 Service Pack 4.

Windows XP Only
This problem was first corrected in Microsoft Windows XP Service Pack 2.

<div class="moreinformation_section">

MORE INFORMATION
For more information about this vulnerability, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS03-013.mspx

Additional query words: security_patch

Keywords: kbhotfixserver kbqfe atdownload kbwinxpsp2fix kbenv kbwin2ksp4fix kbwin2000presp4fix kbfix kbbug kbwinxppresp2fix kbsecvulnerability kbsecbulletin kbsecurity KB811493

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.