Microsoft Security Bulletin MS03-051

2003-11-12T00:00:00
ID SECURITYVULNS:DOC:5375
Type securityvulns
Reporter Securityvulns
Modified 2003-11-12T00:00:00

Description

Microsoft Security Bulletin MS03-051 Print

Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360) Issued: November 11, 2003 Version: 1.0

Summary Who should read this document: Customers using Microsoft® FrontPage Server Extensions ®

Impact of vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should install the security update immediately

Security Update Replacement: This update replaces the security updates contained in the following bulletins: MS01-035 and MS02-053.

Caveats: None

Tested Software and Security Update Download Locations:

Affected Software:

Microsoft Windows 2000 Service Pack 2, Service Pack 3 Microsoft Windows XP, Microsoft Windows XP Service Pack 1 Microsoft Office XP, Microsoft Office XP Service Release 1 Non Affected Software:

Microsoft Windows Millennium Edition Microsoft Windows NT Workstation 4.0, Service Pack 6a Microsoft Windows NT Server 4.0, Service Pack 6a Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6 Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP 64-Bit Edition Version 2003 Microsoft Windows Server 2003 (Windows SharePoint Services) Microsoft Windows Server 2003 64-Bit Edition (Windows SharePoint Services) Microsoft Office System 2003 Tested Microsoft Windows and Office Components:

Affected Components:

Microsoft FrontPage Server Extensions 2000 - Download the update Microsoft FrontPage Server Extensions 2000 (Shipped with Windows 2000) – Download the update Microsoft FrontPage Server Extensions 2000 (Shipped with Windows XP) – Download the update Microsoft FrontPage Server Extensions 2002 - Download the update Microsoft SharePoint Team Services 2002 (shipped with Office XP) - Download the update (To determine what version of FrontPage Server Extension that is installed on your system please see the first question in the FAQ Section of this bulletin.) The software listed above has been tested to determine if the versions are affected. Other versions are no longer supported, and may or may not be affected.

Technical Details Technical description:

This bulletin addresses two new security vulnerabilities in Microsoft FrontPage Server Extensions, the most serious of which could enable an attacker to run arbitrary code on a user's system.

The first vulnerability exists because of a buffer overrun in the remote debug functionality of FrontPage Server Extensions. This functionality enables users to remotely connect to a server running FrontPage Server Extensions and remotely debug content using, for example, Visual Interdev. An attacker who successfully exploited this vulnerability could be able to run code with Local System privileges on an affected system, or could cause FrontPage Server Extensions to fail. The attacker could then take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges.

The second vulnerability is a Denial of Service vulnerability that exists in the SmartHTML interpreter. This functionality is made up of a variety of dynamic link library files, and exists to support certain types of dynamic web content. An attacker who successfully exploited this vulnerability could cause a server running Front Page Server Extensions to temporarily stop responding to requests.

Mitigating factors:

Administrators that have applied Service Pack 4 on Windows 2000 systems are not affected by these vulnerabilities Windows XP does not have FrontPage Server Extensions installed by default Windows NT 4.0 does not have FrontPage Server Extensions installed by default unless you have applied Windows NT4.0 Option Pack Severity Rating:

Microsoft FrontPage Server Extensions 2000 Critical Microsoft FrontPage Server Extensions 2000 (Shipped with Windows 2000) Critical Microsoft FrontPage Server Extensions 2000 (Shipped with Windows XP) Moderate Microsoft FrontPage Server Extensions 2002 (shipped with Office XP) Critical Microsoft SharePoint Team Services 2002 Critical

The above assessment is based on the types of systems affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them.

Vulnerability identifier for the Buffer Overrun vulnerability: CAN-2003-0822

Vulnerability identifier for SmartHTML interpreter vulnerability: CAN-2003-0824

Workarounds Microsoft has tested the following workarounds that apply across all the vulnerabilities. These workarounds help block known attack vectors, however they will not correct the underlying vulnerabilities. Workarounds may reduce functionality in some cases; in such cases, the reduction in functionality is identified below.

Customers can use the IIS Lockdown Tool to disable FrontPage Server Extensions on an IIS Server.

In addition, FrontPage Server Extensions administrators can uninstall FrontPage Server Extensions in Add or Remove programs

From the Start button, choose Control Panel. Select Add or Remove programs. Select Add/Remove Windows Components. Select "Internet Information Services (IIS)" and choose "Details…". Uncheck "FrontPage 2000 Server Extensions" and choose OK. Choose Next in the Windows Components Wizard and choose Finish. Impact of workaround: With FrontPage Server Extensions uninstalled or disabled webpage and server functionality relying on them will be unavailable or will not operate as expected.

Frequently Asked Questions How can I determine what version of FrontPage Server Extensions I am running? To determine the version of FrontPage Server Extensions that is installed on your computer, follow these steps.

Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

Click Start, and then click Search. In the Search Results pane, click All files and folders under Search Companion. In the All or part of the file name box, type fp4awel.dll or fp5awel.dll, and then click Search. If you have the fp4awel.dll file you your system, you have FrontPage Server Extensions 2000 installed If you have the fp5awel.dll you have either FPSE 2002 or SharePoint Team Services installed. To differentiate FrontPage Server Extensions 2002 from SharePoint Team Services do the following:

Go to start, click programs Click on Administrative Tools, If you have the option to select Microsoft SharePoint Administrator you have SharePoint Team Services installed. If you do not have the option to select Microsoft SharePoint Administrator but you do have the fp5awel.dll on you machine, you have FrontPage Server Extensions 2002 installed.

Note: If you have both fp4awel.dll and fp5awel.dll you need to apply both the FrontPage Server Extension 2000 and FrontPage Server Extension 2002 update.

What are the FrontPage Server Extensions? FrontPage Server Extensions (FPSE) is a set of tools that can be installed on a web site. They serve two basic functions: to allow authorized personnel to manage the server, add or change content, and perform other tasks; and to add functions that are frequently used by web pages, such as search and forms support.

FPSE installs by default as part of IIS 4.0, 5.0 and 5.1. Only Windows 2000 Server, Windows 2000 Advanced Server, and Windows 2000 Datacenter install IIS by default. IIS can be uninstalled if desired. Microsoft recommends that web administrators uninstall FPSE if not needed.

CAN-2003-0822: BO in FrontPage Server Extensions

What's the scope of the remote debug vulnerability? This is a buffer overrun vulnerability. An attacker who successfully exploited this vulnerability could cause code of their choice to be executed as though it originated on the local machine. Such code could provide the attacker with the ability to take any desired action on the machine, including adding, deleting or modifying data on the system.

What causes the vulnerability? The vulnerability results because of an unchecked buffer in one of the FrontPage Server Extensions dll files.

What could the remote debug vulnerability enable an attacker to do? An attacker who successfully exploited this vulnerability could run code of his or her choice with Local System privileges on an affected system, or could cause FrontPage Server Extensions to fail. The attacker could then take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges.

Who could exploit the vulnerability? Any unauthenticated attacker that can connect to the FrontPage Server Extensions service could seek to exploit this vulnerability

How could an attacker exploit this vulnerability? An unauthenticated attacker could seek to exploit this vulnerability by sending a specially crafted request to FrontPage Server Extensions which would then cause FrontPage Server Extensions to fail in such a way that an attacker could execute code of his or her choice.

What steps could an administrator take to protect against the vulnerability? The simplest way to address the vulnerability is to install the update. However, if the update were not installed, a server wouldn't be at risk if FrontPage Server Extensions had been uninstalled.

What does the update do? The update addresses the vulnerability by removing the remote debugging functionality, as this functionality is no longer supported. Microsoft recommends that customers use the Terminal Server functionality for remote debugging.

CAN-2003-0824: Denial of Service in SmartHTML interpreter

What's the scope of the SmartHTML interpreter vulnerability? This is a denial of service vulnerability. An attacker who successfully exploited this vulnerability could cause a server running Front Page Server Extensions to temporarily stop responding to requests.

What is the SmartHTML interpreter? The SmartHTML interpreter is part of FPSE, and supports certain types of dynamic web content. It is made up of a variety of dynamic link library files. Using SmartHTML, a web developer can build a web page that relies on FrontPage features. For example, a web developer might want to embed the current date and time in a web page. In order to do that, the developer might use one of the WebBot components that come with FrontPage.

When the web page author inserts a WebBot into an HTML page, what actually gets inserted is a specially formatted HTML comment. A WebBot comment looks like a standard HTML comment with special notation that identifies the WebBot and its properties. The web page author sets the property values from a dialog box when the WebBot gets inserted. Each WebBot has its own dialog. Microsoft calls the WebBot notation "SmartHTML", and HTML pages containing WebBots "SmartHTML pages".

A WebBot is "executed" when the FrontPage Editor saves the HTML page. A FrontPage Server Extensions application scans the page for embedded WebBot components and replaces them with standard HTML text. As a result of this scanning process, a new page is created containing the standard HTML text generated from the WebBot components and a visitor to the web page sees the date and time rendered on the web page.

What's wrong with the SmartHTML interpreter? If a request is made to a web server using FrontPage Server Extensions in a particular way, it could have the effect of causing the SmartHTML interpreter to cycle, temporarily consuming all of the server's CPU availability and preventing the server from performing useful work.

What could an attacker do via this vulnerability? An attacker who successfully exploited this vulnerability could cause a server running Front Page Server Extensions to temporarily stop responding to requests.

Who could exploit the vulnerability? Any unauthenticated attacker that can connect to the FrontPage Server Extensions service could seek to exploit this vulnerability

How might an attacker exploit the vulnerability? The attack itself would only require that the attacker send a particular type of request to the SmartHTML interpreter repeatedly.

What steps could an administrator take to protect against the vulnerability? The simplest way to address the vulnerability is to install the update. However, if the update were not installed, a server wouldn't be at risk if FPSE had been uninstalled, or if the SmartHTML interpreter were not in use. For instance, the IIS Lockdown Tool, if used to configure a static web server, disables the interpreter.

How does the update eliminate the vulnerability? The update causes the SmartHTML interpreter to properly validate the incoming requests and discard those that are not valid.

Security Update Information Installation platforms and Prerequisites:

For information about the specific security update for your platform, click the appropriate link:

Microsoft FrontPage Server Extensions 2000 Prerequisites

This security update requires Windows NT Workstation 4.0 Service Pack 6a (SP6a), Windows NT Server 4.0 Service Pack 6a (SP6a) or Windows NT Server 4.0, Terminal Server Edition, Service Pack 6 (SP6).

For information about the Windows desktop product life cycle, visit the following Microsoft Web site:

http://microsoft.com/windows/lifecycle/desktop/consumer/components.mspx

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

152734 How to Obtain the Latest Windows NT 4.0 Service Pack

Inclusion in future service packs:

This update will be included in any future service packs for FrontPage Server Extensions

Installation Information

This security update supports the following Setup switches:

/q Specifies quiet mode, or suppresses prompts, when files are being extracted. /q:u Specifies user-quiet mode, which presents some dialog boxes to the user. /q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user. /t:path Specifies the target folder for extracting files. /c Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder. /c:path Specifies the path and name of the Setup .inf or .exe file. /r:n Never restarts the computer after installation. /r:i Prompts the user to restart the computer if a restart is required, except when used with /q:a. /r:a Always restarts the computer after installation. /r:s Restarts the computer after installation without prompting the user. /n:v No version checking - Install the program over any previous version. Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.

Note: Before installing the Update, ensure the following conditions have been met.

You are logged on to the computer using an account with Administrative rights (Windows NT only). You have stopped all services related to the FrontPage 2000 Server Extensions. Note: If you do not stop all services related to the FrontPage 2000 Server Extensions or the file that is being updated is in use, you will be prompted to restart the computer after the update is installed. Deployment Information

To install the security update without any user intervention, use the following command line:

For Windows NT Workstation 4.0, Windows NT Server 4.0, Windows NT Server 4.0, Terminal Server Edition:

office2000-kb813379-client-enu.exe /q Restart Requirement

In some cases, this update does not require a reboot. The installer stops the needed services, applies the update, then restarts them. However, if the needed services cannot be stopped for any reason or if required files are in use, it will require a reboot. If this occurs, a prompt will be displayed advising of the need to reboot.

Removal Information

This security update can not be uninstalled

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table.

File Name Size Product Version admin.exe 16,439 4.00.02.7523 admin.dll 20,540 4.00.02.7523 author.exe 16,439 4.00.02.7523 author.dll 20,540 4.00.02.7523 cfgwiz.exe 188,480 4.00.02.7523 fp4Amsft.dll 184,435 4.00.02.7523 fp4Anscp.dll 82,035 4.00.02.7523 fp4Apws.dll 147,513 4.00.02.7523 fp4Areg.dll 49,210 4.00.02.7523 fp4Atxt.dll 102,509 4.00.02.7523 fp4Autl.dll 618,605 4.00.02.7523 fp4Avnb.dll 41,020 4.00.02.7523 fp4Avss.dll 32,826 4.00.02.7523 fp4Awebs.dll 49,212 4.00.02.7523 fp4Awel.dll 876,653 4.00.02.7802 fp98sadm.exe 14,608 3.00.02.1706 fp98swin.exe 109,328 3.00.02.1706 fpadmcgi.exe 24,632 4.00.02.7523 fpadmdll.dll 20,541 4.00.02.7523 fpcount.exe 188,494 4.00.02.7523 fpencode.dll 94,208 1.00.00.0000 fpexedll.dll 20,541 4.00.02.7523 fpmmc.dll 598,071 4.00.02.7523 fpmmcsat.dll 208,896 4.00.02.7523 fpremadm.exe 20,538 4.00.02.7523 fpsrvadm.exe 28,728 4.00.02.7523 shtml.exe 16,437 4.00.02.7523 shtml.dll 20,536 4.00.02.7523 stub_fpsrvadm.exe 16,449 4.00.02.7523 stub_fpsrvwin.exe 65,601 4.00.02.7523 tcptest.exe 32,827 4.00.02.7523 tcptsat.dll 16,384 4.00.02.7523

Verifying Update Installation

Verify that fp4awel.dll is version 4.0.2.7802

Microsoft FrontPage Server Extensions 2000 (Shipped with Windows 2000) Prerequisites

For Windows 2000 this security update requires Service Pack 2 (SP2), or Service Pack 3 (SP3).

For information about the Windows desktop product life cycle, visit the following Microsoft Web site:

http://microsoft.com/windows/lifecycle/desktop/consumer/components.mspx

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

Inclusion in future service packs:

The fix is already included in Windows 2000 Service Pack 4.

Installation Information

This security update supports the following Setup switches:

/help Displays the command line options Setup Modes

/quiet Quiet mode (no user interaction or display) /passive Unattended mode (progress bar only) /uninstall Uninstalls the package Restart Options

/norestart Do not restart when installation is complete /forcerestart Restart after installation Special Options

/l Lists installed Windows hotfixes or update packages /o Overwrite OEM files without prompting /n Do not backup files needed for uninstall /f Force other programs to close when the computer shuts down Note: For backwards compatibility, the security update also supports the setup switches used by the previous version of the setup utility, however usage of the previous switches should be discontinued as this support may be removed in future security updates.

Deployment Information

To install the security update without any user intervention, use the following command line:

For Windows 2000 Service Pack 2, Windows 2000 Service Pack 3:

Windows2000-KB810217-x86-ENU /passive /quiet To install the security update without forcing the computer to restart, use the following command line:

For Windows 2000 Service Pack 2, Windows 2000 Service Pack 3:

Windows2000-KB810217-x86-ENU /norestart Note: You can combine these switches into one command line.

For information about how to deploy this security update with Software Update Services, visit the following Microsoft Web site:

http://www.microsoft.com/windows2000/windowsupdate/sus/susoverview.asp

Restart Requirement

In some cases, this update does not require a reboot. The installer stops the needed services, applies the update, then restarts them. However, if the needed services cannot be stopped for any reason or if required files are in use, it will require a reboot. If this occurs, a prompt will be displayed advising of the need to reboot.

Removal Information

To remove this security update, use the Add/Remove Programs tool in Control Panel.

System administrators can use the Spuninst.exe utility to remove this security update. The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB810217$\Spuninst folder, and it supports the following Setup switches:

/?: Show the list of installation switches. /u: Use unattended mode. /f: Force other programs to quit when the computer shuts down. /z: Do not restart when the installation is complete. /q: Use Quiet mode (no user interaction). File Information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

File Name Size Product Version Spmsg.dll 6,656 5.03.16.0008 Spuninst.exe 89,088 5.03.16.0008 stub_fpsrvadm.exe 16,449 4.00.02.7523 stub_fpsrvwin.exe 65,601 4.00.02.7523 Tcptest.exe 32,827 4.00.02.7523 Windows2000-KB810217-x86-ENU.exe 1,450,032 5.03.16.0008 Admin.dll 20,540 4.00.02.7523 Admin.exe 16,439 4.00.02.7523 Author.dll 20,540 4.00.02.7523 Author.exe 16,439 4.00.02.7523 Cfgwiz.exe 188,480 4.00.02.7523 Empty.cat 5,149 0.00.00.0000 fp4amsft.dll 184,435 4.00.02.7523 fp4anscp.dll 82,035 4.00.02.7523 fp4apws.dll 147,513 4.00.02.7523 fp4areg.dll 49,210 4.00.02.7523 fp4atxt.dll 102,509 4.00.02.7523 fp4autl.dll 618,605 4.00.02.7523 fp4avnb.dll 41,020 4.00.02.7523 fp4avss.dll 32,826 4.00.02.7523 fp4awebs.dll 49,212 4.00.02.7523 fp4awel.dll 876,653 4.00.02.7802 fp40ext.inf 7,977 0.00.00.0000 fp98sadm.exe 14,608 3.00.02.1706 fp98swin.exe 109,328 3.00.02.1706 Fpadmcgi.exe 24,632 4.00.02.7523 Fpadmdll.dll 20,541 4.00.02.7523 Fpcount.exe 188,494 4.00.02.7523 Fpencode.dll 94,208 1997.05.27.0000 Fpexedll.dll 20,541 4.00.02.7523 Fpmmc.dll 598,071 4.00.02.7523 Fpremadm.exe 20,538 4.00.02.7523 Fpsrvadm.exe 28,728 4.00.02.7523 Shtml.dll 20,536 4.00.02.7523 Shtml.exe 16,437 4.00.02.7523

Verifying Update Installation

To verify that the security update is installed on your computer use the Microsoft Baseline Security Analyzer (MBSA) tool. For additional information about MBSA, click the following article number to view the article in the Microsoft Knowledge Base:

320454 Microsoft Baseline Security Analyzer Version 1.1.1 Is Available

You may also be able to verify the files that this security update installed by reviewing the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP4\KB810217\Filelist Note: This registry key may not be not created properly when an administrator or an OEM integrates or slipstreams the KB810217 security update into the Windows installation source files.

Microsoft FrontPage Server Extensions 2000 (Shipped with Windows XP) Prerequisites

This security update requires the released version of Windows XP or Windows XP Service Pack 1 (SP1). For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

322389 How to Obtain the Latest Windows XP Service Pack Inclusion in future service packs:

The fix for this issue will be included in Windows XP Service Pack 2.

Installation Information

This security update supports the following Setup switches:

/help Displays the command line options Setup Modes

/quiet Quiet mode (no user interaction or display) /passive Unattended mode (progress bar only) /uninstall Uninstalls the package Restart Options

/norestart Do not restart when installation is complete /forcerestart Restart after installation Special Options

/l Lists installed Windows hotfixes or update packages /o Overwrite OEM files without prompting /n Do not backup files needed for uninstall /f Force other programs to close when the computer shuts down Note: For backwards compatibility, the security update also supports the setup switches used by the previous version of the setup utility, however usage of the previous switches should be discontinued as this support may be removed in future security updates.

Deployment Information

To install the security update without any user intervention, use the following command line:

WindowsXP-KB810217-x86-ENU.exe /passive /quiet To install the security update without forcing the computer to restart, use the following command line:

WindowsXP-KB810217-x86-ENU.exe/norestart Note: You can combine these switches into one command line.

For information about how to deploy this security update with Software Update Services, visit the following Microsoft Web site:

http://www.microsoft.com/windows2000/windowsupdate/sus/susoverview.asp

Restart Requirement

In some cases, this update does not require a reboot. The installer stops the needed services, applies the update, then restarts them. However, if the needed services cannot be stopped for any reason or if required files are in use, it will require a reboot. If this occurs, a prompt will be displayed advising of the need to reboot.

Removal Information

To remove this security update, use the Add or Remove Programs tool in Control Panel.

System administrators can use the Spuninst.exe utility to remove this security update. The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB810217$\Spuninst folder, and it supports the following Setup switches:

/?: Show the list of installation switches. /u: Use unattended mode. /f: Force other programs to quit when the computer shuts down. /z: Do not restart when the installation is complete. /q: Use Quiet mode (no user interaction). File Information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Windows XP Home Edition, Windows XP Professional, Windows XP Tablet PC Edition, and Windows XP Media Center Edition:

File name Size Product Version admin.exe 16,439 4.0.2.7523 author.dll 20,540 4.0.2.7523 author.exe 16,439 4.0.2.7523 cfgwiz.exe 188,480 4.0.2.7523 fp40ext.inf 7,946
fp4amsft.dll 184,435 4.0.2.7523 fp4anscp.dll 82,035 4.0.2.7523 fp4apws.dll 147,513 4.0.2.7523 fp4areg.dll 49,210 4.0.2.7523 fp4atxt.dll 102,509 4.0.2.7523 fp4autl.dll 618,605 4.0.2.7523 fp4avnb.dll 41,020 4.0.2.7523 fp4avss.dll 32,826 4.0.2.7523 fp4awebs.dll 49,212 4.0.2.7523 fp4awel.dll 876,653 4.0.2.7802 fp98sadm.exe 14,608 3.0.2.1706 fp98swin.exe 109,328 3.0.2.1706 fpadmcgi.exe 24,632 4.0.2.7523 fpadmdll.dll 20,541 4.0.2.7523 fpcount.exe 188,494 4.0.2.7523 fpencode.dll 94,208 1997.5.27.0 fpexedll.dll 20,541 4.0.2.7523 fpmmc.dll 598,071 4.0.2.7523 fpremadm.exe 20,538 4.0.2.7523 fpsrvadm.exe 28,728 4.0.2.7523 shtml.dll 20,536 4.0.2.7523 shtml.exe 16,437 4.0.2.7523 spmsg.dll 6,656 4.0.2.7523 spuninst.exe 100,352 4.0.2.7523 stub_fpsrvadm.exe 16,449 4.0.2.7523 stub_fpsrvwin.exe 65,601 4.0.2.7523

Verifying Update Installation

To verify that the security update is installed on your computer use the Microsoft Baseline Security Analyzer (MBSA) tool. For additional information about MBSA, click the following article number to view the article in the Microsoft Knowledge Base:

320454 Microsoft Baseline Security Analyzer Version 1.1.1 Is Available

You may also be able to verify the files that this security update installed by reviewing the following registry keys:

For Windows XP Home Edition SP1; Windows XP Professional SP1; Version 2002 SP1; Windows XP Tablet PC Edition; Windows XP Media Center Edition:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP2\ KB810217\Filelist

Note: This registry key may not be not created properly when an administrator or an OEM integrates or slipstreams the KB810217 security update into the Windows installation source files.

Microsoft FrontPage Server Extensions 2002 (Shipped with Office XP) Prerequisites

This update requires FrontPage Server Extensions 2002

Inclusion in future service packs:

This update will be included in any future service packs for FrontPage Server Extensions

Installation Information

This security update supports the following Setup switches:

/q Specifies quiet mode, or suppresses prompts, when files are being extracted. /q:u Specifies user-quiet mode, which presents some dialog boxes to the user. /q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user. /t:path Specifies the target folder for extracting files. /c Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder. /c:path Specifies the path and name of the Setup .inf or .exe file. /r:n Never restarts the computer after installation. /r:i Prompts the user to restart the computer if a restart is required, except when used with /q:a. /r:a Always restarts the computer after installation. /r:s Restarts the computer after installation without prompting the user. /n:v No version checking - Install the program over any previous version. Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.

Note: Before installing the Update, ensure the following conditions have been met.

You are logged on to the computer using an account with Administrative rights (Windows NT only). You have stopped all services related to the FrontPage 2000 Server Extensions. Note: If you do not stop all services related to the FrontPage 2000 Server Extensions or the file that is being updated is in use, you will be prompted to restart the computer after the update is installed. Deployment Information

To install the security update without any user intervention, use the following command line:

officexp-KB813380-client-ENG.exe /q Restart Requirement

In some cases, this update does not require a reboot. The installer stops the needed services, applies the update, then restarts them. However, if the needed services cannot be stopped for any reason or if required files are in use, it will require a reboot. If this occurs, a prompt will be displayed advising of the need to reboot.

Removal Information

This security update can not be uninstalled

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table.

File Name Size Product Version fp30reg.dll 36,424 10.00.4205.0000 FPcheck1003.exe 28,672 0.00.00.0000 Eula.txt 8,744 0.00.00.0000 fp5amsft.dll 137,824 10.00.4803.0000 fp5Areg.dll 36,424 10.00.4205.0000 fp5Awel.dll 1,382,984 10.00.4803.0000

Verifying Update Installation

Verify that the following files are installed on the system

Filename Size Product Version fp30reg.dll 36,424 10.00.4205.0000 fp5amsft.dll 137,824 10.00.4803.0000 fp5Areg.dll 36,424 10.00.4205.0000 fp5Awel.dll 1,382,984 110.00.4803.0000

Microsoft SharePoint Team Services 2002

Prerequisites

This security update requires Office XP SP2

Inclusion in future service packs:

The fix for this issue will be included in any future Service Pack for Office XP.

Installation Information

This security update supports the following Setup switches:

/q Specifies quiet mode, or suppresses prompts, when files are being extracted. /q:u Specifies user-quiet mode, which presents some dialog boxes to the user. /q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user. /t:path Specifies the target folder for extracting files. /c Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder. /c:path Specifies the path and name of the Setup .inf or .exe file. /r:n Never restarts the computer after installation. /r:i Prompts the user to restart the computer if a restart is required, except when used with /q:a. /r:a Always restarts the computer after installation. /r:s Restarts the computer after installation without prompting the user. /n:v No version checking - Install the program over any previous version. Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.

Note: Before installing the Patch, ensure the following conditions have been met.

You are logged on to the computer using an account with Administrative rights (Windows NT only). You have stopped all services related to the FrontPage 2000 Server Extensions. Note: If you do not stop all services related to the FrontPage 2000 Server Extensions or the file that is being updated is in use, you will be prompted to restart the computer after the patch is installed. Deployment Information

To install the security update without any user intervention, use the following command line:

OWS1002.exe /q Restart Requirement

In some cases, this update does not require a reboot. The installer stops the needed services, applies the update, then restarts them. However, if the needed services cannot be stopped for any reason or if required files are in use, it will require a reboot. If this occurs, a prompt will be displayed advising of the need to reboot.

Removal Information

This security update can not be uninstalled

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table.

File Name Size Product Version fp5Awel.dll 1,351 10.0.4803.0 Fpeditax.dll 4,155 10.0.4622.0 Owssvr.dll 815 10.0.4921.0 fp5Autl.dll 931 10.0.4406.0 fp5Awec.dll 604,744 10.0.4406.0 Fp5amsft.dll 135 10.0.4803.0

Verifying Update Installation

Verify that the following files are installed on the system

File name Size Product Version Fp5awel.dll 1,351 10.0.4803.0 Fp5amsft.dll 135 10.0.4803.0 Fp5areg.dll 10.0.4205.0 Fp30reg.dll 10.0.4205.0

Acknowledgments

Microsoft http://www.microsoft.com/technet/security/bulletin/policy.asp for working with us to protect customers:

Brett Moore of Security-Assessment.com for reporting the issue in MS03-051. Obtaining other security updates:

Updates for other security issues are available from the following locations:

Security updates are available from the Microsoft Download Center, and can be most easily found by doing a keyword search for "security_patch". Updates for consumer platforms are available from the WindowsUpdate web site Updates for Microsoft Office Family products are available from the Office Update web site. Support:

Technical support is available from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls associated with security patches. International customers can get support from their local Microsoft subsidiaries. There is no charge for support associated with security updates. Information on how to contact Microsoft support is available at http://support.microsoft.com/common/international.aspx Security Resources: The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products. Microsoft Software Update Services: http://www.microsoft.com/sus/ Microsoft Baseline Security Analyzer (MBSA) details: http://www.microsoft.com/mbsa. Please see http://support.microsoft.com/default.aspx?scid=kb;EN-US;306460 for list of security updates that have detection limitations with MBSA tool. Windows Update Catalog: http://support.microsoft.com/default.aspx?scid=kb;EN-US;323166 Windows Update: http://windowsupdate.microsoft.com Office Update: http://office.microsoft.com/officeupdate/ Software Update Services (SUS):

Microsoft Software Update Services (SUS) enables administrators to quickly and reliably deploy the latest critical updates and security updates to Windows® 2000 and Windows Server™ 2003-based servers, as well as to desktop computers running Windows 2000 Professional or Windows XP Professional.

For information about how to deploy this security patch with Software Update Services, visit the following Microsoft Web site:

http://www.microsoft.com/sus/

Systems Management Server (SMS):

Systems Management Server can provide assistance deploying this security update. For information about Systems Management Server visit the SMS Web Site. SMS also provides several additional tools to assist administrators in the deployment of security updates such as the SMS 2.0 Software Update Services Feature Pack and the SMS 2.0 Administration Feature Pack. The SMS 2.0 Software Update Services Feature Pack utilizes the Microsoft Baseline Security Analyzer and the Microsoft Office Detection Tool to provide broad support for security bulletin remediation. Some software updates may require administrative rights following a restart of the computer.

Note: The inventory capabilities of the SMS 2.0 Software Update Services Feature Pack may be used for targeting updates to specific computers, and the SMS 2.0 Administration Feature Pack's Elevated Rights Deployment Tool can be used for installation. This provides optimal deployment for updates that require explicit targeting using Systems Management Server and administrative rights after the computer has been restarted.

Disclaimer: The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions:

V1.0 (November 11, 2003): Bulletin published.