Article ID: 896905
Article Last Modified on 10/11/2007
APPLIES TO
- Microsoft Windows Server 2003 SP1, when used with:
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
- Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
- Microsoft Windows Server 2003, Standard x64 Edition
- Microsoft Windows Server 2003, Enterprise x64 Edition
- Microsoft Windows 2000 Professional Edition
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows XP for Itanium-based Systems Version 2003
- Microsoft Windows XP Professional 64-Bit Edition (Itanium)
- Microsoft Windows 98 Second Edition
- Microsoft Windows 98 Standard Edition
- Microsoft Windows Millennium Edition
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
SYMPTOMS
After you install Microsoft security update 896358 (MS05-026), Web applications that use the HTML Help ActiveX control (HHCTRL) to enable cross-frame navigation may not work correctly. The content that should be displayed in a different frame may be displayed in the same frame that contains the HTML Help ActiveX control.
Note This issue is relevant only if the registry has been modified so that URLs or Microsoft Internet Explorer security zones are authorized to host the HHCTRL. Otherwise, the HHCTRL is disabled by security update 890175 (MS05-001).
Note This article contains information that is supplemental to the following Microsoft Knowledge Base articles:
890175 MS05-001: Vulnerability in HTML Help could allow code execution
892675 Certain Web sites and HTML Help features may not work after you install security update 896358 or security update 890175
896358 MS05-026: A vulnerability in HTML Help could allow remote code execution
CAUSE
Security update 896358 disables cross-frame navigation because the feature is a potential security vulnerability. This restricted capability is an expected and intended effect of installing the security update. Depending on the URLs and Internet Explorer security zones that you have enabled to use the HHCTRL, you may want to re-enable this feature.
RESOLUTION
Warning The symptoms of this issue are an expected and intended effect of installing the security update. This workaround may make the computer more vulnerable to the threats that security update 896358 addresses. The safest course is not to use this workaround.
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
Consumers and non-enterprise customers
To re-enable cross-frame navigation, follow these steps:
- Click Start, click Run, type regedit, and then click OK.
- Locate and then right-click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\HHRestrictions
- Point to New, click DWORD Value, type EnableFrameNavigationInSafeMode to name the registry entry, and then press ENTER.
- Right-click EnableFrameNavigationInSafeMode, click Modify, type 1 in the Value data box, and then click OK.
Enterprise customers
To use Group Policy to re-enable cross-frame navigation across a domain, follow these steps:
Paste the following text into a text editor, such as Notepad:
REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\HHRestrictions] "EnableFrameNavigationInSafeMode"=dword:00000001
- Save the file as Hhctrl.reg.
Copy the following text, and then paste it into a text editor, such as Notepad:
REGEDIT.EXE /S Hhctrl.reg
- Save the file as Hhctrl.bat.
Note Before you deploy the batch file, make sure that the batch file works correctly by testing the file on a computer. - Import the batch file into the Group Policy object (GPO). To do this, follow these steps:
- Copy the Hhctrl.bat file and the Hhctrl.reg file to the \\
DomainName
\SysVol\DomainName
\Policies\GUID of the selected GPO
\Machine\Scripts\Startup folder. - Start the Active Directory Users and Computers snap-in. To do this, click Start on a domain controller, click Run, type dsa.msc, and then click OK.
- Right-click the domain, click Properties, and then click the Group Policy tab.
- Click New, type a descriptive name for the new Group Policy object (GPO), and then press ENTER. For example, click New, type re-enable cross-frame navigation, and then press ENTER.
- Click Edit to modify the new GPO that you created in step 5d.
- Expand Computer configuration, expand Windows Settings, click Scripts(Startup/Shutdown), click Startup, and then click Add.
- Locate and then click the batch file that you created in step 4, and then click Add.
- Click OK, click Yes, and then click OK two times.
- Copy the Hhctrl.bat file and the Hhctrl.reg file to the \\
MORE INFORMATION
Overview and examples for system administrators
For more information about security update 896358, click the following article number to view the article in the Microsoft Knowledge Base:
896358 MS05-026: Vulnerability in HTML Help could allow remote code execution
Group Policy
For more information about Group Policy, visit the following Microsoft Web sites:
- Group Policy collection
- Group Policy Object Editor
- Core Group Policy tools and settings
Technical support for x64-based versions of Microsoft Windows
On computers that are running x64-based versions of Microsoft Windows, you may have to adapt the instructions in the "Resolution" section about how to modify the registry. For example, you might have to modify a different part of the registry, depending on whether you want to modify the 32-bit or the 64-bit functionality. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
896459 Registry changes in x64-based versions of Windows Server 2003 and Windows XP Professional x64 Edition
Your hardware manufacturer provides technical support and assistance for x64-based versions of Windows. Your hardware manufacturer provides support because an x64-based version of Windows was included with your hardware. Your hardware manufacturer might have customized the installation of Windows with unique components. Unique components might include specific device drivers or might include optional settings to maximize the performance of the hardware. Microsoft will provide reasonable-effort assistance if you need technical help with your x64-based version of Windows. However, you might have to contact your manufacturer directly. Your manufacturer is best qualified to support the software that your manufacturer installed on the hardware.
For product information about Microsoft Windows XP Professional x64 Edition, visit the following Microsoft Web site:
For product information about x64-based versions of Microsoft Windows Server 2003, visit the following Microsoft Web site:
Keywords: kbtshoot kbbug kbsecurity kbprb kbexpertiseadvanced KB896905