Microsoft KB Archive/943460

= MS07-061: Vulnerability in Windows URI Handling could allow remote code execution =

Article ID: 943460

Article Last Modified on 12/18/2007

-

APPLIES TO

 Microsoft Windows Server 2003 R2 Standard x64 Edition Microsoft Windows Server 2003 R2 Enterprise x64 Edition Microsoft Windows Server 2003 R2 Datacenter x64 Edition Microsoft Windows Server 2003, Standard x64 Edition Microsoft Windows Server 2003, Enterprise x64 Edition Microsoft Windows Server 2003, Datacenter x64 Edition Microsoft Windows Server 2003 Service Pack 1, when used with:  Microsoft Windows Server 2003, Standard Edition (32-bit x86)</li></ul>

<ul> Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)</li></ul>

<ul> Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)</li></ul>

<ul> Microsoft Windows Server 2003, Web Edition</li></ul>

<ul> Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems</li></ul>

<ul> Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems</li></ul>

<ul> Microsoft Windows Small Business Server 2003 Standard Edition</li></ul> </li> Microsoft Windows Server 2003 Service Pack 2, when used with: <ul> Microsoft Windows Server 2003, Standard Edition (32-bit x86)</li></ul>

<ul> Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)</li></ul>

<ul> Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)</li></ul>

<ul> Microsoft Windows Server 2003, Web Edition</li></ul>

<ul> Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems</li></ul>

<ul> Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems</li></ul>

<ul> Microsoft Windows Server 2003, Standard x64 Edition</li></ul>

<ul> Microsoft Windows Server 2003, Enterprise x64 Edition</li></ul>

<ul> Microsoft Windows Server 2003, Datacenter x64 Edition</li></ul>

<ul> <li>Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)</li></ul>

<ul> <li>Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)</li></ul>

<ul> <li>Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86)</li></ul>

<ul> <li>Microsoft Windows Server 2003 R2 Standard x64 Edition</li></ul>

<ul> <li>Microsoft Windows Server 2003 R2 Enterprise x64 Edition</li></ul>

<ul> <li>Microsoft Windows Server 2003 R2 Datacenter x64 Edition</li></ul> </li> <li>Microsoft Windows XP Tablet PC Edition 2005</li> <li>Microsoft Windows XP Media Center Edition 2005</li> <li>Microsoft Windows XP Professional x64 Edition</li> <li>Microsoft Windows XP Service Pack 2, when used with: <ul> <li>Microsoft Windows XP Professional</li></ul>

<ul> <li>Microsoft Windows XP Home Edition</li></ul>

<ul> <li>Microsoft Windows XP Professional x64 Edition</li></ul> </li></ul>

-

<div class="notice_section">

Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry

<div class="notice_section">

Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.

<div class="summary_section">

INTRODUCTION
Microsoft has released security bulletin MS07-061. This security bulletin contains all the relevant information about the corresponding security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites: <ul> <li>Home users:

http://www.microsoft.com/protect/computer/updates/bulletins/200710.mspx

Skip the details

Download the updates for your home computer or for your mobile PC now. To do this, visit the following Microsoft Update Web site:

http://update.microsoft.com/microsoftupdate

</li> <li>IT professionals:

http://www.microsoft.com/technet/security/bulletin/ms07-061.mspx

</li></ul>

How to obtain help and support for this security update

For home users, no-charge support is available by calling 1-866-PCSAFETY in the United States and Canada or by contacting your local Microsoft subsidiary. For more information about how to contact your local Microsoft subsidiary for security update support issues, visit the International Support Web site:

http://support.microsoft.com/common/international.aspx

For enterprise customers, support for security updates is available through your usual support contacts.

<div class="moreinformation_section">

MORE INFORMATION
The update that is provided by security bulletin MS07-061 addresses only those Universal Resource Identifiers (URIs) that are passed to the Windows Shell. Applications that are enabled to pass URIs to the Windows Shell32 ShellExecute function for execution must be carefully designed to protect against this threat. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

943522 How to implement URL validation in application development for Windows XP or for Windows Server 2003

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

More information about this security update
If an application no longer works after you install this security update, you can configure the registry to exempt the application from the update. To do this, use either of the following methods.

For applications
Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk. To configure an application to exempt itself from this security update, follow these steps: <ol> <li>Click Start, click Run, type regedit in the Open box, and then click OK.</li> <li>Locate and then click the following registry subkey, where  is the name of the application that you want to exempt:

Note You may have to create the  subkey. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>On the Edit menu, point to New, and then click Key.</li> <li>Type a name for the Application subkey, and then press ENTER.

Note The name for the Application subkey must match the name of the executable file for the application. The name must also include the three-letter extension of the executable file for the application. For example, Microsoft Office Excel uses the following  subkey:

</li></ol> </li> <li>On the Edit menu, point to New, and then click DWORD Value.</li> <li>Type AllowShellExecHandleCIFFailure for the name of the DWORD value, and then press ENTER.</li> <li>Right-click AllowShellExecHandleCIFFailure, and then click Modify.</li> <li>In the Value data box, type 1, and then click OK.</li> <li>Exit Registry Editor.</li></ol>

For administrators
Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk. Administrators can disable the security update for specific applications. To do this, follow these steps: <ol> <li>Click Start, click Run, type regedit in the Open box, and then click OK.</li> <li>Locate and then click the following registry subkey:

</li> <li>On the Edit menu, point to New, and then click Key.</li> <li>Type AllowShellExecHandleCIFFailure for the name of the subkey, and then press ENTER.</li> <li>Locate and then click the following registry subkey:

</li> <li>On the Edit menu, point to New, and then click DWORD Value.</li> <li>Type .exe for the name of the DWORD value, where   is the name of the application, and then press ENTER.</li> <li>Right-click, and then click Modify.</li> <li>In the Value data box, type 1, and then click OK.</li> <li>Exit Registry Editor.</li></ol>

Known issues with this security update
<ul> <li>After you install this security update on a Windows XP Service Pack 2 (SP2)-based computer that has an Arabic Multilingual User Interface Pack (MUI) or a Hebrew MUI installed, English text may appear on the menu bars and on the Start menu. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

945648 After you install security update 943460 on a Windows XP Service Pack 2-based computer that has an Arabic MUI or a Hebrew MUI installed, English text may appear on the menu bars and on the Start menu

</li></ul>

Additional query words: update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE WinNT

Keywords: kbregistry kbexpertiseinter kbexpertisebeginner kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix kbwin2000presp5fix kbpubtypekc KB943460

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.