MS11-017: Vulnerability in Remote Desktop client could allow remote code execution: March 8, 2011

<html><body><p>Resolves a vulnerability in Windows Remote Desktop Client that could allow remote code execution if a user opens a legitimate Remote Desktop configuration (.rdp) file that is located in the same network folder as a specially crafted library file.</p><h2></h2><div><span>Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure you’re running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: <a href=“http://windows.microsoft.com/en-us/windows/help/end-support-windows-xp-sp2-windows-vista-without-service-packs” target=“_self”>Support is ending for some versions of Windows</a></span>.</div><h2>INTRODUCTION</h2><div>Microsoft has released security bulletin MS11-017. To view the complete security bulletin, visit one of the following Microsoft websites:<br /><ul><li>Home users:<br /><div><a href=“http://www.microsoft.com/security/pc-security/bulletins/201103.aspx” target=“_self”>http://www.microsoft.com/security/pc-security/bulletins/201103.aspx</a></div><span>Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br /><div><a href=“http://update.microsoft.com/microsoftupdate/” target=“_self”>http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br /><div><a href=“http://www.microsoft.com/technet/security/bulletin/ms11-017.mspx” target=“_self”>http://www.microsoft.com/technet/security/bulletin/MS11-017.mspx</a></div></li></ul><span><h3>How to obtain help and support for this security update</h3> <br />Help installing updates: <br /><a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <br /><a href=“http://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your computer that is running Windows from viruses and malware:<br /><a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country: <br /><a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a><br /><br /></span></div><h2>More Information</h2><div><h3>Known issues and additional information about this security update</h3>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<br /><ul><li><a href=“https://support.microsoft.com/en-us/help/2483614”>2483614 </a> MS11-017: Description of the security update for Remote Desktop client 7.0: March 08, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2483618”>2483618 </a> MS11-017: Description of the security update for Remote Desktop client 5.2: March 08, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2483619”>2483619 </a> Description of the Remote Desktop Connection 6.1 MUI (upgrade for RDP 6.0) <br /><br />Known issues in update 2483619:  <ul><li>After you install this update, the Remote Desktop Connection shortcut text on the Start menu always appears in English. </li><li>Consider the following scenario: You upgrade from Remote Desktop Connection 6.0 to Remote Desktop Connection 6.1. Then you run a system restore procedure. In this scenario, the system restore procedure fails to restore the Remote Desktop Connection client to Remote Desktop Connection 6.0 together with the Remote Desktop Connection 6.0 MUI. <br /><br /></li></ul><span>Frequently asked questions about update 2483619</span><ul><li><span>Question</span> Before I installed update 2483619, I had RDC 6.0 MUI running on Windows Server 2003. After I installed the update, I am running RDC 6.1. Why? <br /><span>Answer</span> Microsoft does not service RDC 6.0. Customers are migrated to RDC 6.1 with this update.<br /></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2481109”>2481109 </a> MS11-017: Description of the security update for Remote Desktop client 6.0: March 08, 2011<br /><br /><br /><br />Known issues in security update 2481109:<br /><br /> <ul><li>After you install this security update on a Windows XP-based computer, you may receive an error message that resembles the following:<br /><br /><br /><br /><div> <br />:5.375: FileVersion of C:\WINDOWS\system32\mstscax.dll is Less Than 6.0.6001.0 for QFE branch<br /></div>This problem only affects Windows XP based computers that were updated by using updates to address specific issues that are not delivered by Windows Update. For example, computers that have “Limited Distribution Release” (LDR) branch updates installed.<br /><br /><br /><br /><br />To work around this problem, use either of the following methods: <br /><br /><ul><li>Uninstall security update <a href=“https://support.microsoft.com/help/956744” target=“_self”>956744</a>, and then install security update 2481109.</li><li> Alternatively, if you already have security update 956744 installed, you can install hotfix <a href=“https://support.microsoft.com/help/967885” target=“_self”>967885</a>. Then you can successful install security update 2481109. </li></ul></li><li>If you have the Remote Desktop Connection 6.0 Multilingual User Interface Pack (MUI) installed, you must install the RDC 6.1 MUI for RDC to work with MUI. <br /><br />For more information about the Remote Desktop Connection 6.0 MUI, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/925877”>925877 </a> Description of the Remote Desktop Connection 6.0 MUI</div><br /><br />For more information about the RDC 6.0 MUI, click the following article number to view the article in the Microsoft Knowledge Base: <div><a href=“https://support.microsoft.com/en-us/help/2483619”>2483619 </a> MS11-017: Description of the security update for Remote Desktop client 6.0 Client Multilingual User Interface (MUI): March 08, 2011</div></li><li>Connections from the Remote Desktop Microsoft Management Console (MMC) snap-in on computers that have RDC 6.1 installed do not connect to the console session on the server. (The console session is also known as the “admin” session).<br /></li><li>Consider the following scenario: You upgrade from Remote Desktop Connection 6.0 to Remote Desktop Connection 6.1. Then you run a system restore procedure. In this scenario, the system restore procedure fails to restore the Microsoft Terminal Services Client (MSTSC) Remote Desktop Connection 6.0. <br /><br /></li><li>After you install this security update (the security update for MUI for Remote Desktop Connection 6.1), the Remote Desktop Connection shortcut text on the <span>Start </span>menu always appears in English. </li></ul><span>Frequently asked questions about security update 2481109</span><ul><li><span>Question </span> Before I installed security update 2481109, I had RDC 6.0 running. After I installed the security update, I am running RDC 6.1. Why? <br /><br /><span>Answer </span> Microsoft does not service RDC 6.0. Customers are migrated to RDC 6.1 with this update.<br /> </li></ul></li></ul></div></body></html>