Windows

Security Update for Windows XP Embedded with SP1 (823182)

Share
Language:
English
Download
This update addresses the MS03-041: Vulnerability in Authenticode Verification could allow Remote Code Execution (823182)

  • Details
    File name:
    Date Published:

    Additional_Info_Q823182.RTF

    11/7/2003
    Version:
    File size:

    1.1

    26 KB
      This is the Microsoft Windows XP Embedded with Service Pack 1 component update to address MS03-041: Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182).

      There is a vulnerability in Authenticode that, under certain low memory conditions, could allow an ActiveX control to download and install without presenting the user with an approval dialog.

      To exploit this vulnerability, an attacker could host a malicious Web Site designed to exploit this vulnerability. If an attacker then persuaded a user to visit that site an ActiveX control could be installed and executed on the user’s system. Alternatively, an attacker could create a specially formed HTML e-mail and send it to the user. If the user viewed the HTML e-mail an unauthorized ActiveX control could be installed and executed on the user’s system. In both scenarios the vulnerability in Authenticode could allow an unauthorized ActiveX control to be installed and executed on the user’s system, with the same permissions as the user, without prompting the user for approval.

      The risk of attack from the HTML email vector can be significantly reduced if the following conditions are met:
      • You have applied the patch included with Microsoft Security bulletin MS03-040
      • You are using Internet Explorer 6 or later
      • You are using the Microsoft Outlook Email Security Update or Microsoft Outlook Express 6.0 and higher, or Microsoft Outlook 2000 or higher in their default configuration.


      YOU MAY NOT PROVIDE THIS UPDATE OR THE LOCATION (URL) OF THIS UPDATE TO ANY THIRD PARTIES.

  • System Requirements
    Supported Operating System

    Windows XP, Windows XP Embedded

  • Install Instructions
      Important: This QFE requires Repository look-up may cause incorrect files to be copied (Q811279) be installed prior to this fix.

      1. Download Q823182_XPE_SP2_x86_ENU.exe from this page.
      2. Execute Q823182_XPE_SP2_x86_ENU.exe on a machine with the Windows XP Embedded with Service Pack 1 tools installed.
      This package will automatically import updated and new .sld files into the current database specified in Component Database Manager. It will also copy new binaries into the Windows XP Embedded with Service Pack 1 QFE Repository folder.

      Some of the .sld files may also require importing new repository objects. The new repositories will be created on the repository root holding the main Windows XP Embedded with Service Pack 1 repository. For information on moving repositories to other locations, see Moving a Repository in your Windows Embedded Studio documentation.

      After importing this update into your database, add one of the following components to your configuration(s) if you wish to use this update:

      • Primitive: CryptUI – Hotfix Q823182

      • Primitive: Crypt32 – Hotfix Q329115


      See Importing Components into the Database for more information.

Popular downloads

Free PC updates

  • Security patches
  • Software updates
  • Service packs
  • Hardware drivers
Run Microsoft Update
close
moreinfo
©2013 Copyright