Description of the security update for the Windows COM elevation of privilege vulnerability in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009: November 13, 2018

2018-11-14T01:05:55
ID KB4466388
Type mskb
Reporter Microsoft
Modified 2018-11-14T01:06:17

Description

<html><body><p>Resolves a vulnerability in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009.</p><h2>Summary</h2><div class="kb-summary-section section">An elevation of privilege exists in Windows COM Aggregate Marshaler. An elevation of privilege vulnerability exists when Windows does not validate input correctly before it loads type libraries.<br/><br/>To learn more about the vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE):<ul class="sbody-free_list"><li><a href="https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0213" id="kb-link-2" target="_self">CVE-2017-0213</a></li><li><a href="https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0214" id="kb-link-2" target="_self">CVE-2017-0214</a></li></ul></div><h2>Fixes that are included in this security update</h2><ul><li>Addresses an issue in which some scanners and serial devices may stop working after security update <a aria-live="assertive" data-bi-name="content-anchor-link" href="https://support.microsoft.com/en-us/help/4074852/security-update-for-vulnerabilities-in-windows-wes09-and-posready-2009" managed-link="" tabindex="0" target="_blank">4074852</a> is applied.</li></ul><h2>How to obtain and install the update</h2><div class="kb-resolution-section section"><h3>Method 1: Windows Update</h3><div class="kb-collapsible kb-collapsible-expanded">This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see <a href="https://support.microsoft.com/en-us/help/12373/windows-update-faqx" id="kb-link-13" target="_self">Windows Update: FAQ</a>.</div><h3 class="sbody-h3">Method 2: Microsoft Update Catalog</h3><div class="kb-collapsible kb-collapsible-expanded">To get the stand-alone package for this update, go to the <a href="http://catalog.update.microsoft.com/v7/site/search.aspx?q=4466388" id="kb-link-14" target="_self">Microsoft Update Catalog</a> website.</div></div><p><strong class="sbody-strong">Important </strong></p><ul class="sbody-free_list"><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a href="https://technet.microsoft.com/en-us/library/hh825699" id="kb-link-5" target="_self">Add language packs to Windows</a>.</li></ul><h2>More information</h2><h3>Prerequisites</h3><p>There are no prerequisites for installing this update.</p><h3>Restart information</h3><p>You may have to restart the computer after you apply this update.</p><h3>Update replacement information</h3><p>This update doesn't replace a previously released update.</p><h2>More information</h2><div class="kb-moreinformation-section section"><table class="faq-section" faq-section=""><tbody class="faq-panel"><tr><td faq-panel-heading=""><span class="bold btn-link">How to obtain help and support for this security update</span></td></tr><tr><td faq-panel-body=""><div class="kb-collapsible kb-collapsible-collapsed"><span>Help for installing updates: <a bookmark-id="" data-content-id="" data-content-type="" href="https://www.microsoft.com/en-us/safety/pc-security/updates.aspx" managed-link="" target="_blank">Protect yourself online</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a href="https://support.microsoft.com/contactus/cu_sc_virsec_master" id="kb-link-17" target="_self">Microsoft Secure</a><br/><br/>Local support according to your country: <a href="https://www.microsoft.com/en-us/locale.aspx" id="kb-link-18" target="_self">International Support</a></span></div><span> </span></td></tr></tbody></table></div><h2>File Information</h2><table class="faq-section" faq-section=""><tbody class="faq-panel"><tr><td faq-panel-heading="">File hash information</td></tr><tr><td faq-panel-body=""><table class="table"><tbody><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>WindowsXP-KB4466388-x86-Embedded-ENU.exe</td><td>A55F6E9011156548AB9722DE332F609B17B415D0</td><td>A742F8B84FF530CC7A0205B629C9677352EA85B258DE020224AC6D9E279A8A02</td></tr></tbody></table></td></tr></tbody></table><p><span>The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.</span><br/><br/><strong>Windows XP</strong></p><table class="faq-section" faq-section=""><tbody class="faq-panel"><tr><td faq-panel-heading="">x86 Windows XP</td></tr><tr><td faq-panel-body=""><table class="table"><tbody><tr><td><strong class="sbody-strong">File name</strong></td><td><strong class="sbody-strong">File version</strong></td><td><strong class="sbody-strong">File size</strong></td><td><strong class="sbody-strong">Date</strong></td><td><strong class="sbody-strong">Time</strong></td><td><strong class="sbody-strong">Platform</strong></td><td><strong class="sbody-strong">SP requirement</strong></td><td><strong class="sbody-strong">Service branch</strong></td></tr><tr><td>Kernel32.dll</td><td>5.1.2600.7593</td><td>993,792</td><td>06-Nov-2018</td><td>22:52</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Ntdll.dll</td><td>5.1.2600.7593</td><td>720,384</td><td>06-Nov-2018</td><td>22:52</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Ole32.dll</td><td>5.1.2600.7593</td><td>1,299,968</td><td>06-Nov-2018</td><td>06:52</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Oleaut32.dll</td><td>5.1.2600.7593</td><td>563,200</td><td>06-Nov-2018</td><td>22:52</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Rpcss.dll</td><td>5.1.2600.7593</td><td>404,480</td><td>06-Nov-2018</td><td>22:52</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Updspapi.dll</td><td>6.3.13.0</td><td>382,840</td><td>01-Feb-2018</td><td>21:28</td><td>x86</td><td>None</td><td>Not applicable</td></tr></tbody></table></td></tr></tbody></table></body></html>