Home > Microsoft Security > Kb942831

Kb942831

Contents

HotpatchingThis security update does not support HotPatching. For more information, see the Microsoft Support Lifecycle Policy FAQ. The following mitigating factors may be helpful in your situation: In order to elevate privileges on Windows Vista and Windows Server 2008, an attacker must have valid logon credentials and be The links provided point to pages on the vendors' websites.

If a restart is required at the end of Setup, a dialog box will be presented to the user with a timer warning that the computer will restart in 30 seconds. We appreciate your feedback. When this security bulletin was issued, had this vulnerability been publicly disclosed? Yes. By default, Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security https://technet.microsoft.com/en-us/library/security/ms08-006.aspx

Kb942831

Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. If your Microsoft Silverlight 5 version number is higher than or equal to this version number, your system is not vulnerable. Security updates are available from Microsoft Update and Windows Update. See the section, Detection and Deployment Tools and Guidance, earlier in this bulletin for more information.

Restart Options /norestart Does not restart when installation has completed /forcerestart Restarts the computer after installation and force other applications to close at shutdown without saving open files first. /warnrestart[:x] Presents When the file appears under Programs, right-click the file name and click Properties. On the Version tab, determine the version of the file that is installed on your system by comparing it to the version that is documented in the appropriate file information table.Note Ms16-099 When the file appears under Programs, right-click the file name and click Properties.

For more information about available support options, see Microsoft Help and Support. Ms16-109 Windows Vista (all editions) Reference Table The following table contains the security update information for this software. For more information, see the Windows Operating System Product Support Lifecycle FAQ. More Bonuses Versions or editions that are not listed are either past their support life cycle or are not affected.

Microsoft Baseline Security Analyzer Microsoft Baseline Security Analyzer (MBSA) allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations. Ms16-095 Supported Spuninst.exe Switches SwitchDescription /help Displays the command-line options. Comparing other file attributes to the information in the file information table is not a supported method of verifying that the update has been applied. For more information about the supported installation switches, see Microsoft Knowledge Base Article 262841.

Ms16-109

Click Start, and then click Search. https://technet.microsoft.com/en-us/library/security/ms13-006.aspx Name the new folder Server. Kb942831 Note You can combine these switches into one command. Ms16-097 For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For more information about the extended security update support period for these software versions or editions, visit Microsoft Product Support Services. Software MBSA Windows XP Service Pack 3Yes Windows XP Professional x64 Edition Service Pack 2Yes Windows Server 2003 Service Pack 2Yes Windows Server 2003 x64 Edition Service Pack 2Yes Windows Server Inclusion in Future Service Packs The update for this issue will be included in a future service pack or update rollup Deployment Installing without user interventionFor all supported 32-bit editions of Removal Information WUSA.exe does not support uninstall of updates. Ms16-098

Can this vulnerability be exploited using Internet Explorer? No. This is a remote code execution vulnerability. Acknowledgments Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. Deployment Information Installing the Update When you install this security update, the installer checks whether one or more of the files that are being updated on your system have previously been

For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Ms16-090 Windows Server 2003 (all editions) Reference Table The following table contains the security update information for this software. Inclusion in Future Service Packs The update for this issue will be included in a future service pack or update rollup Deployment Installing without user interventionFor all supported 32-bit editions of

Windows Server 2003 (all editions) Reference Table The following table contains the security update information for this software.

What causes the vulnerability? The vulnerability is caused when Windows fails to properly handle SSL/TLS session version negotiation. An attacker who successfully exploited this vulnerability could take complete control of the system. Show: Inherited Protected Print Export (0) Print Export (0) Share IN THIS ARTICLE Is this page helpful? Ms16-084 In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

Inclusion in Future Service Packs The update for this issue will be included in a future service pack or update rollup Deployment   Installing without user interventionFor all supported 32-bit editions This security update supports the following setup switches. Verifying That the Update Has Been Applied Microsoft Baseline Security Analyzer To verify that a security update has been applied to an affected system, you may be able to use the To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Note You can combine these switches into one command. Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Security TechCenter Home Security Updates Tools Learn Library Support We’re sorry. This security update is rated important for all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. Microsoft Security Bulletin MS13-006 - Important Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220) Published: January 08, 2013 | Updated: December 16, 2013 Version: 1.3 General Information Executive Summary

Versions or editions that are not listed are either past their support life cycle or are not affected. For more information about this behavior, see Microsoft Knowledge Base Article 824994. Supported Spuninst.exe Switches SwitchDescription /help Displays the command-line options Setup Modes /passive Unattended Setup mode. Also, in certain cases, files may be renamed during installation.

Removal Information WUSA.exe does not support uninstall of updates. Supported Spuninst.exe Switches SwitchDescription /help Displays the command-line options. What is a URI? A Uniform Resource Identifier (URI) is a string of characters used to act on or identify resources from the Internet or over a network. ASP Remote Code Execution vulnerability 02/14/08 CVE 2008-0075 Microsoft Security Bulletin 08-006 announced a vulnerability in IIS that could allow remote code execution.

Note For more information about the wusa.exe installer, see "Windows Update Stand-alone Installer" in the TechNet article, Miscellaneous Changes in Windows 7. The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability title CVE number Publicly disclosed Exploited Microsoft PDF Remote Code Execution Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options. For more information about the Microsoft Silverlight auto-update feature, see the Microsoft Silverlight Updater.

See also the section, Detection and Deployment Tools and Guidance, later in this bulletin. Inclusion in Future Service Packs The update for this issue will be included in a future service pack or update rollup Deployment Installing without user interventionFor all supported 32-bit editions of Supported Security Update Installation Switches SwitchDescription /help Displays the command-line options. Microsoft Baseline Security Analyzer Microsoft Baseline Security Analyzer (MBSA) allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations.

Windows Server Update Services Windows Server Update Services (WSUS) enables information technology administrators to deploy the latest Microsoft product updates to computers that are running the Windows operating system.