Lucene search

K
mskbMicrosoftKB2686509
HistoryJan 07, 2017 - 12:00 a.m.

MS12-034: Description of the security update for CVE-2012-0181 in Windows XP and Windows Server 2003: May 8, 2012

2017-01-0700:00:00
Microsoft
support.microsoft.com
21

6 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

27.8%

MS12-034: Description of the security update for CVE-2012-0181 in Windows XP and Windows Server 2003: May 8, 2012

INTRODUCTION

Microsoft has released security bulletin MS12-034. To view the complete security bulletin, visit one of the following Microsoft websites:

How to obtain help and support for this security update

Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

More Information

This security update enables fixes to a problem that can occur with the loading of keyboard layout files. You must install this update and security update 2676562 to protect the system against vulnerabilities that could arise from loading keyboard layout files from untrusted locations.

What is this update?

The Windows Kernel Mode Driver (Win32k.sys) is responsible for loading keyboard layouts on a Windows based computer. Both security update 2676562 and security update 2686509 must be installed to protect the system from the keyboard layout vulnerabilities that are described in MSRC security bulletin MS12-034.

How does this update work?

This update enumerates all the keyboard layout files that are registered on your computer, and then it verifies that they are all in the %Windir%\System32 folder.

You may receive an error message that resembles the following when you try to install this security update:

Setup cannot continue because one or more prerequisites required to install KB2686509 failed (0x8007F0F4)

You receive this message if any registered keyboard layout files are not in the %Windir%\System32 folder. In this scenario, the computer is incompatible with the security updates.

Frequently Asked Questions

Why is this update re-offered multiple times?

Windows updates are reoffered until the update is installed on your computer. If this update is reoffered, maybe an installation failure has occurred. Check the KB installation log files for error codes. For example, the KB installation log file for this security update would probably be โ€œC:\Windows\ KB2686509.logโ€
For more information about how to resolve these issues, click the following article number to view the article in the Microsoft Knowledge Base:
958051 You may receive a โ€œ0x8007F0F4โ€ error code when you try to install updates from the Windows Update Web site or from the Microsoft Update Web site

What should I do if the installation of this security update fails with the โ€œ0x8007F0F4โ€ error?

If you receive the โ€œ0x8007F0F4โ€ error when you try to install this security update, check to see if the %windir%\FaultyKeyboard.log file was created on the computer.

If the %windir%\FaultyKeyboard.log file was created, follow these steps:

  1. Open the Faultykeyboard.log file that is in the %windir% folder. This log file contains information about registered keyboard layout files that are not in the %Windir%\System32 folder. The log file will resemble the following:
    Keyboard1.dll
    .\Layoutfiles\keyboard2.dll
    C:\Windows\System\Kbda1.dll
    Note In this example, the first entry is just a file name. The second entry includes a relative path with the file name. The third entry includes a full path of the file.
  2. Copy the files that are listed in the Faultykeyboard.log log file into the System32 folder.

How do I copy keyboard layout files into the System32 folder?

Notes

  • The following steps must be performed by an administrator.
  • %Windir%\System32 is a trusted folder. Therefore, make sure that any files that you copy into this folder are trusted by your organization. For example, the file should be provided to by a trusted software vendor.
  • Do not move keyboard layout files into the %Windir%\System32. Make sure that you copy the files when instructed instead of moving the files.

Use any of the following methods to copy the keyboard layout file into the System32 folder:

  • For any entry in the Faultykeyboard.log log file that uses a file name (and not full or relative path), locate and then copy the file into %Windir%\System32 folder. (Do not move the files.)

  • For any entry in the Faultykeyboard.log log file that uses a relative path, use either of the following methods:

    • If the entry exists in either of the following registry subkeys, you must locate the file on the hard disk, and then copy the file into the %Windir%\System32 folder:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts
    • If the entry does not exist in the previously mentioned registry subkeys, you must contact your software vendor to resolve the issue.

How do I un-register or remove keyboard layouts from my computer?

Consider removing any keyboard layout files that do not come from a trusted software vendor.

Notes

  • The following steps must be performed by an administrator.
  • Before you remove any keyboard layout files, verify that no trusted applications on the computer require the keyboard layout file.
    Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:322756How to back up and restore the registry in Windows
  1. Delete any registry entry that references the keyboard layout file in the following registry subkeys:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layout****HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts
  2. Delete the keyboard layout file.

Known issues with this security update

Some of your computer settings may cause this the security update to fail during installation. If an error occurs during installation, use one of the following methods to work around this issue.

Method 1. Work around the issue automatically

To do this, follow these steps:

  1. Run Microsoft Fix it 50882. To do this, click the Fix itbutton, click Runin the File Download dialog box, and then follow the steps in the Fix it wizard.

  2. Install the security update that is described in this article.

  3. Run Microsoft Fix it 50883. To do this, click the Fix itbutton, click Runin the File Download dialog box, and then follow the steps in the Fix it wizard.

Method 2. Work around the issue manually

To do this, follow these steps:

  1. Determine whether the registry entry โ€œIgnoreRemoteKeyboardLayoutโ€ or the registry entry โ€œScanCode Mapโ€ exists under the following registry subkey. Either of these registry entries may cause the installation of this security update to fail.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard layout 2. Back up this registry subkey. To do this, clickExporton theFile menu, and then save the .reg file to a safe location, such as a disk or a USB storage device.
  2. Delete the registry subkey.
  3. Install the security update that is described in this article.
  4. Restore the registry entry (the .reg file) that you saved in step 2. To do this, double-click the .reg file that you saved in step 2, and then click Yes in the dialog box that appears.
    If you still cannot install the security update, contact support.

FILE INFORMATION

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Windows XP and Windows Server 2003 file information

  • The files that apply to a specific milestone (SPn) and service branch (QFE, GDR) are noted in the โ€œSP requirementโ€ and โ€œService branchโ€ columns.
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. QFE service branches contain hotfixes in addition to widely released fixes.
  • In addition to the files that are listed in these tables, this software update also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.

For all supported x86-based versions of Windows XP

File name File version File size Date Time Platform
Kblchecker.dll 5.1.2600.6211 8,192 19-Apr-2012 11:26 x86

For all supported x64-based versions of Windows Server 2003 and of Windows XP Professional x64 edition

File name File version File size Date Time Platform
Kblchecker.dll 5.2.3790.4985 13,312 20-Apr-2012 00:25 x64

For all supported x86-based versions of Windows Server 2003

File name File version File size Date Time Platform
Kblchecker.dll 5.2.3790.4985 8,704 19-Apr-2012 11:39 x86

For all supported IA-64-based versions of Windows Server 2003

File name File version File size Date Time Platform
Kblchecker.dll 5.2.3790.4988 21,504 26-Apr-2012 01:19 IA-64

6 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

27.8%