MS13-036: Description of the security update for the Windows file system kernel-mode driver (ntfs.sys): April 9, 2013

2013-04-09T00:00:00
ID KB2840149
Type mskb
Reporter Microsoft
Modified 2013-05-07T22:31:46

Description

<html><body><p>Resolves vulnerabilities in Windows that could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.</p><h2>INTRODUCTION</h2><div class="kb-summary-section section">Microsoft has released security bulletin MS13-036. To view the complete security bulletin, visit one of the following Microsoft websites:<br/><ul class="sbody-free_list"><li>Home users:<br/><div class="indent"><a href="http://www.microsoft.com/security/pc-security/bulletins/201304.aspx" id="kb-link-1" target="_self">http://www.microsoft.com/security/pc-security/bulletins/201304.aspx</a></div><span class="text-base">Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br/><div class="indent"><a href="http://update.microsoft.com/microsoftupdate/" id="kb-link-2" target="_self">http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br/><div class="indent"><a href="http://technet.microsoft.com/security/bulletin/ms13-036" id="kb-link-3" target="_self">http://technet.microsoft.com/security/bulletin/MS13-036</a></div></li></ul><h3 class="sbody-h3">How to obtain help and support for this security update</h3> <br/><br/>Help installing updates: <br/><a href="https://support.microsoft.com/ph/6527" id="kb-link-4" target="_self">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <br/><a href="http://technet.microsoft.com/security/bb980617.aspx" id="kb-link-5" target="_self">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your Windows-based computer from viruses and malware: <a href="https://support.microsoft.com/contactus/cu_sc_virsec_master" id="kb-link-6" target="_self">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <br/><a href="https://support.microsoft.com/common/international.aspx" id="kb-link-7" target="_self">International Support</a><br/><br/></div><h2>FILE INFORMATION</h2><div class="kb-summary-section section">The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files. </div><h2>Windows Vista and Windows Server 2008 file information</h2><div class="kb-summary-section section"><ul class="sbody-free_list"><li>The files that apply to a specific product, milestone (SP<strong class="sbody-strong">n</strong>), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:<br/><div class="table-responsive"><table class="sbody-table table"><tr class="sbody-tr"><td class="sbody-td"><span class="text-base">Version</span></td><td class="sbody-td"><span class="text-base">Product</span></td><td class="sbody-td"><span class="text-base">Milestone</span></td><td class="sbody-td"><span class="text-base">Service branch</span></td></tr><tr class="sbody-tr"><td class="sbody-td">6.0.600<span class="text-base">2</span>.<span class="text-base">18</span><strong class="sbody-strong">xxx</strong></td><td class="sbody-td">Windows Vista SP2 and Windows Server 2008 SP2</td><td class="sbody-td">SP2</td><td class="sbody-td">GDR</td></tr><tr class="sbody-tr"><td class="sbody-td">6.0.600<span class="text-base">2</span>.<span class="text-base">23</span><strong class="sbody-strong">xxx</strong></td><td class="sbody-td">Windows Vista SP2 and Windows Server 2008 SP2</td><td class="sbody-td">SP2</td><td class="sbody-td">LDR</td></tr></table></div></li><li>GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.</li></ul><span class="text-base">Note</span> The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed. <br/><br/><div class="faq-section" faq-section=""><div class="faq-panel"><div class="faq-panel-heading" faq-panel-heading=""><span class="link-expand-image"><span class="faq-chevron win-icon win-icon-ChevronUpSmall"></span></span><span class="bold btn-link link-expand-text"><span class="bold btn-link">For all supported x86-based versions of Windows Vista and Windows Server 2008</span></span></div><div class="faq-panel-body" faq-panel-body=""><span><div class="kb-collapsible kb-collapsible-collapsed"><div class="table-responsive"><table class="sbody-table table"><tr class="sbody-tr"><th class="sbody-th">File name</th><th class="sbody-th">File version</th><th class="sbody-th">File size</th><th class="sbody-th">Date</th><th class="sbody-th">Time</th><th class="sbody-th">Platform</th></tr><tr class="sbody-tr"><td class="sbody-td">Ntfs.sys</td><td class="sbody-td">6.0.6002.18799</td><td class="sbody-td">1,082,232</td><td class="sbody-td">03-Mar-2013</td><td class="sbody-td">19:07</td><td class="sbody-td">x86</td></tr><tr class="sbody-tr"><td class="sbody-td">Ntfs.sys</td><td class="sbody-td">6.0.6002.23070</td><td class="sbody-td">1,083,240</td><td class="sbody-td">03-Mar-2013</td><td class="sbody-td">19:07</td><td class="sbody-td">x86</td></tr></table></div></div><br/></span></div></div></div><div class="faq-section" faq-section=""><div class="faq-panel"><div class="faq-panel-heading" faq-panel-heading=""><span class="link-expand-image"><span class="faq-chevron win-icon win-icon-ChevronUpSmall"></span></span><span class="bold btn-link link-expand-text"><span class="bold btn-link">For all supported x64-based versions of Windows Vista and Windows Server 2008</span></span></div><div class="faq-panel-body" faq-panel-body=""><span><div class="kb-collapsible kb-collapsible-collapsed"><div class="table-responsive"><table class="sbody-table table"><tr class="sbody-tr"><th class="sbody-th">File name</th><th class="sbody-th">File version</th><th class="sbody-th">File size</th><th class="sbody-th">Date</th><th class="sbody-th">Time</th><th class="sbody-th">Platform</th></tr><tr class="sbody-tr"><td class="sbody-td">Ntfs.sys</td><td class="sbody-td">6.0.6002.18799</td><td class="sbody-td">1,513,320</td><td class="sbody-td">03-Mar-2013</td><td class="sbody-td">19:13</td><td class="sbody-td">x64</td></tr><tr class="sbody-tr"><td class="sbody-td">Ntfs.sys</td><td class="sbody-td">6.0.6002.23070</td><td class="sbody-td">1,501,032</td><td class="sbody-td">03-Mar-2013</td><td class="sbody-td">19:13</td><td class="sbody-td">x64</td></tr></table></div></div><br/></span></div></div></div><div class="faq-section" faq-section=""><div class="faq-panel"><div class="faq-panel-heading" faq-panel-heading=""><span class="link-expand-image"><span class="faq-chevron win-icon win-icon-ChevronUpSmall"></span></span><span class="bold btn-link link-expand-text"><span class="bold btn-link">For all supported IA-64-based versions of Windows Server 2008</span></span></div><div class="faq-panel-body" faq-panel-body=""><span><div class="kb-collapsible kb-collapsible-collapsed"><div class="table-responsive"><table class="sbody-table table"><tr class="sbody-tr"><th class="sbody-th">File name</th><th class="sbody-th">File version</th><th class="sbody-th">File size</th><th class="sbody-th">Date</th><th class="sbody-th">Time</th><th class="sbody-th">Platform</th></tr><tr class="sbody-tr"><td class="sbody-td">Ntfs.sys</td><td class="sbody-td">6.0.6002.18799</td><td class="sbody-td">3,282,280</td><td class="sbody-td">03-Mar-2013</td><td class="sbody-td">18:55</td><td class="sbody-td">IA-64</td></tr><tr class="sbody-tr"><td class="sbody-td">Ntfs.sys</td><td class="sbody-td">6.0.6002.23070</td><td class="sbody-td">3,285,352</td><td class="sbody-td">03-Mar-2013</td><td class="sbody-td">18:55</td><td class="sbody-td">IA-64</td></tr></table></div></div><br/></span></div></div></div></div><h2>Windows 7 and Windows Server 2008 R2 file information</h2><div class="kb-summary-section section"><ul class="sbody-free_list"><li>The files that apply to a specific product, milestone (RTM, SP<strong class="sbody-strong">n</strong>), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table: <br/><div class="table-responsive"><table class="sbody-table table"><tr class="sbody-tr"><td class="sbody-td"><span class="text-base">Version</span></td><td class="sbody-td"><span class="text-base">Product</span></td><td class="sbody-td"><span class="text-base">Milestone</span></td><td class="sbody-td"><span class="text-base">Service branch</span></td></tr><tr class="sbody-tr"><td class="sbody-td">6.1.760<span class="text-base">0</span>.<span class="text-base">17</span>xxx</td><td class="sbody-td">Windows 7 and Windows Server 2008 R2</td><td class="sbody-td">RTM</td><td class="sbody-td">GDR</td></tr><tr class="sbody-tr"><td class="sbody-td">6.1.760<span class="text-base">0</span>.<span class="text-base">21</span>xxx</td><td class="sbody-td">Windows 7 and Windows Server 2008 R2</td><td class="sbody-td">RTM</td><td class="sbody-td">LDR</td></tr><tr class="sbody-tr"><td class="sbody-td">6.1.760<span class="text-base">1</span>.<span class="text-base">18</span>xxx</td><td class="sbody-td">Windows 7 and Windows Server 2008 R2</td><td class="sbody-td">SP1</td><td class="sbody-td">GDR</td></tr><tr class="sbody-tr"><td class="sbody-td">6.1.760<span class="text-base">1</span>.<span class="text-base">22</span>xxx</td><td class="sbody-td">Windows 7 and Windows Server 2008 R2</td><td class="sbody-td">SP1</td><td class="sbody-td">LDR</td></tr></table></div></li><li>GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.</li></ul><span class="text-base">Note</span> The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed. <br/><br/><div class="faq-section" faq-section=""><div class="faq-panel"><div class="faq-panel-heading" faq-panel-heading=""><span class="link-expand-image"><span class="faq-chevron win-icon win-icon-ChevronUpSmall"></span></span><span class="bold btn-link link-expand-text"><span class="bold btn-link">For all supported x86-based versions of Windows 7</span></span></div><div class="faq-panel-body" faq-panel-body=""><span><div class="kb-collapsible kb-collapsible-collapsed"><div class="table-responsive"><table class="sbody-table table"><tr class="sbody-tr"><th class="sbody-th">File name</th><th class="sbody-th">File version</th><th class="sbody-th">File size</th><th class="sbody-th">Date</th><th class="sbody-th">Time</th><th class="sbody-th">Platform</th></tr><tr class="sbody-tr"><td class="sbody-td">Ntfs.sys</td><td class="sbody-td">6.1.7600.17281</td><td class="sbody-td">1,210,728</td><td class="sbody-td">12-Apr-2013</td><td class="sbody-td">13:58</td><td class="sbody-td">x86</td></tr><tr class="sbody-tr"><td class="sbody-td">Ntfs.sys</td><td class="sbody-td">6.1.7600.21499</td><td class="sbody-td">1,211,240</td><td class="sbody-td">12-Apr-2013</td><td class="sbody-td">15:59</td><td class="sbody-td">x86</td></tr><tr class="sbody-tr"><td class="sbody-td">Ntfs.sys</td><td class="sbody-td">6.1.7601.18127</td><td class="sbody-td">1,211,752</td><td class="sbody-td">12-Apr-2013</td><td class="sbody-td">13:45</td><td class="sbody-td">x86</td></tr><tr class="sbody-tr"><td class="sbody-td">Ntfs.sys</td><td class="sbody-td">6.1.7601.22297</td><td class="sbody-td">1,213,288</td><td class="sbody-td">12-Apr-2013</td><td class="sbody-td">13:53</td><td class="sbody-td">x86</td></tr></table></div></div><br/></span></div></div></div><div class="faq-section" faq-section=""><div class="faq-panel"><div class="faq-panel-heading" faq-panel-heading=""><span class="link-expand-image"><span class="faq-chevron win-icon win-icon-ChevronUpSmall"></span></span><span class="bold btn-link link-expand-text"><span class="bold btn-link">For all supported x64-based versions of Windows 7 and Windows Server 2008 R2</span></span></div><div class="faq-panel-body" faq-panel-body=""><span><div class="kb-collapsible kb-collapsible-collapsed"><div class="table-responsive"><table class="sbody-table table"><tr class="sbody-tr"><th class="sbody-th">File name</th><th class="sbody-th">File version</th><th class="sbody-th">File size</th><th class="sbody-th">Date</th><th class="sbody-th">Time</th><th class="sbody-th">Platform</th></tr><tr class="sbody-tr"><td class="sbody-td">Ntfs.sys</td><td class="sbody-td">6.1.7600.17281</td><td class="sbody-td">1,653,096</td><td class="sbody-td">12-Apr-2013</td><td class="sbody-td">14:36</td><td class="sbody-td">x64</td></tr><tr class="sbody-tr"><td class="sbody-td">Ntfs.sys</td><td class="sbody-td">6.1.7600.21499</td><td class="sbody-td">1,679,208</td><td class="sbody-td">12-Apr-2013</td><td class="sbody-td">14:36</td><td class="sbody-td">x64</td></tr><tr class="sbody-tr"><td class="sbody-td">Ntfs.sys</td><td class="sbody-td">6.1.7601.18127</td><td class="sbody-td">1,656,680</td><td class="sbody-td">12-Apr-2013</td><td class="sbody-td">14:45</td><td class="sbody-td">x64</td></tr><tr class="sbody-tr"><td class="sbody-td">Ntfs.sys</td><td class="sbody-td">6.1.7601.22297</td><td class="sbody-td">1,686,888</td><td class="sbody-td">12-Apr-2013</td><td class="sbody-td">14:16</td><td class="sbody-td">x64</td></tr></table></div></div><br/></span></div></div></div><div class="faq-section" faq-section=""><div class="faq-panel"><div class="faq-panel-heading" faq-panel-heading=""><span class="link-expand-image"><span class="faq-chevron win-icon win-icon-ChevronUpSmall"></span></span><span class="bold btn-link link-expand-text"><span class="bold btn-link">For all supported IA-64-based versions of Windows Server 2008 R2</span></span></div><div class="faq-panel-body" faq-panel-body=""><span><div class="kb-collapsible kb-collapsible-collapsed"><div class="table-responsive"><table class="sbody-table table"><tr class="sbody-tr"><th class="sbody-th">File name</th><th class="sbody-th">File version</th><th class="sbody-th">File size</th><th class="sbody-th">Date</th><th class="sbody-th">Time</th><th class="sbody-th">Platform</th></tr><tr class="sbody-tr"><td class="sbody-td">Ntfs.sys</td><td class="sbody-td">6.1.7600.17281</td><td class="sbody-td">3,549,032</td><td class="sbody-td">12-Apr-2013</td><td class="sbody-td">14:43</td><td class="sbody-td">IA-64</td></tr><tr class="sbody-tr"><td class="sbody-td">Ntfs.sys</td><td class="sbody-td">6.1.7600.21499</td><td class="sbody-td">3,553,128</td><td class="sbody-td">12-Apr-2013</td><td class="sbody-td">13:44</td><td class="sbody-td">IA-64</td></tr><tr class="sbody-tr"><td class="sbody-td">Ntfs.sys</td><td class="sbody-td">6.1.7601.18127</td><td class="sbody-td">3,552,616</td><td class="sbody-td">12-Apr-2013</td><td class="sbody-td">13:36</td><td class="sbody-td">IA-64</td></tr><tr class="sbody-tr"><td class="sbody-td">Ntfs.sys</td><td class="sbody-td">6.1.7601.22297</td><td class="sbody-td">3,557,736</td><td class="sbody-td">12-Apr-2013</td><td class="sbody-td">13:24</td><td class="sbody-td">IA-64</td></tr></table></div></div><br/></span></div></div></div><div class="faq-section" faq-section=""><div class="faq-panel"><div class="faq-panel-heading" faq-panel-heading=""><span class="link-expand-image"><span class="faq-chevron win-icon win-icon-ChevronUpSmall"></span></span><span class="bold btn-link link-expand-text"><span class="bold btn-link">File hash information</span></span></div><div class="faq-panel-body" faq-panel-body=""><span><div class="kb-collapsible kb-collapsible-collapsed"><div class="table-responsive"><table class="sbody-table table"><tr class="sbody-tr"><th class="sbody-th">File name</th><th class="sbody-th">SHA1 hash</th><th class="sbody-th">SHA256 hash</th></tr><tr class="sbody-tr"><td class="sbody-td">Windows6.0-KB2840149-ia64.msu</td><td class="sbody-td">12B3FF426B8576895BC7AF453A0A87EC822A4630</td><td class="sbody-td">8E3080D4208A2EE096143A445DD84E84BDFB923A24DCAEC765821976770CE7E5</td></tr><tr class="sbody-tr"><td class="sbody-td">Windows6.0-KB2840149-x64.msu</td><td class="sbody-td">9DDAC99CE19F23FF8ED2684FCC01F4C536CF6730</td><td class="sbody-td">47A631DFFD5F5B0A6DFB173EA70F0352CEB669A4FA8004E546794D6006D91F4B</td></tr><tr class="sbody-tr"><td class="sbody-td">Windows6.0-KB2840149-x86.msu</td><td class="sbody-td">15698A1599CB15E37D85457922912F2E04A70F82</td><td class="sbody-td">E9809C574833A4BB93A7E19206ED65D7F017BBA24A1C4696C49B5DA25D37D758</td></tr><tr class="sbody-tr"><td class="sbody-td">Windows6.1-KB2840149-ia64.msu</td><td class="sbody-td">1B608428F316B84985108C49C7F2199123EE0F1A</td><td class="sbody-td">FCF64586BA92F4C54B9789CC82CB67A4B45B59A856B74D1251E45461E0E85D11</td></tr><tr class="sbody-tr"><td class="sbody-td">Windows6.1-KB2840149-x64.msu</td><td class="sbody-td">753747776A2CD6D81EF4C9B0B945C116E480FE83</td><td class="sbody-td">69788F4979E1A577667FA3A349ABE284C8C8B59D1CD1C00732A4F91C8C4F5AD8</td></tr><tr class="sbody-tr"><td class="sbody-td">Windows6.1-KB2840149-x86.msu</td><td class="sbody-td">CA80B6689AD97EA0D3AE81ACFBFDB01DBC8BA18F</td><td class="sbody-td">C3798FB9EBC66F2A6414D7F59B536781FB4FC7452E48E54CEB7C2B5A0B135C13</td></tr></table></div></div><br/></span></div></div></div></div></body></html>