TechNet Home > TechNet Security > Bulletins

Microsoft Security Bulletin MS03-051

Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)

Issued: November 11, 2003
Updated: February 10, 2004
Version: 2.0

Summary

Who should read this document:
Customers using Microsoft® FrontPage Server Extensions ®

Impact of vulnerability:
Remote Code Execution

Maximum Severity Rating:
Critical

Recommendation:
Customers should install the security update immediately

Security Update Replacement:
This update replaces the security updates contained in the following bulletins: MS01-035 and MS02-053.

Caveats:
None

Tested Software and Security Update Download Locations:

Affected Software:

Microsoft Windows 2000 Service Pack 2, Service Pack 3

Microsoft Windows XP, Microsoft Windows XP Service Pack 1

Microsoft Windows XP 64-Bit Edition, Microsoft Windows XP 64-Bit Edition Service Pack 1

Microsoft Office XP, Microsoft Office XP Service Pack 1, Service Pack 2

Microsoft Office 2000 Server Extensions

Non Affected Software: 

Microsoft Windows Millennium Edition

Microsoft Windows NT Workstation 4.0, Service Pack 6a

Microsoft Windows NT Server 4.0, Service Pack 6a

Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6

Microsoft Windows 2000 Service Pack 4

Microsoft Windows XP 64-Bit Edition Version 2003

Microsoft Windows Server 2003 (Windows SharePoint Services)

Microsoft Windows Server 2003 64-Bit Edition (Windows SharePoint Services)

Microsoft Office System 2003

Tested Microsoft Windows and Office Components:

Affected Components: 

Microsoft FrontPage Server Extensions 2000 (For Windows NT4) and Microsoft Office 2000 Server Extensions (Shipped with Office 2000)- Download the update 

Microsoft FrontPage Server Extensions 2000 (Shipped with Windows 2000) - Download the update 

Microsoft FrontPage Server Extensions 2000 (Shipped with Windows XP) - Download the update 

Microsoft FrontPage Server Extensions 2000 64-bit (Shipped with Windows XP 64-bit) - Download the update

Microsoft FrontPage Server Extensions 2002 - Download the update 

Microsoft SharePoint Team Services 2002 (Shipped with Office XP) - Download the update

(To determine what version of FrontPage Server Extension that is installed on your system please see "How can I determine what version of FrontPage Server Extensions I am running?" in the FAQ Section of this bulletin.)

The software listed above has been tested to determine if the versions are affected. Other versions are no longer supported, and may or may not be affected.

Top of sectionTop of section

General Information

Technical Details

Technical description:

Subsequent to the release of this bulletin, it was determined that the vulnerability addressed also affects other versions of the affected products and components. Microsoft has updated the bulletin with additional information about Windows XP 64-Bit Edition and Office 2000 Server Extensions and also to direct users to an update for these additional affected platforms.

This bulletin addresses two new security vulnerabilities in Microsoft FrontPage Server Extensions, the most serious of which could enable an attacker to run arbitrary code on a user's system.

The first vulnerability exists because of a buffer overrun in the remote debug functionality of FrontPage Server Extensions. This functionality enables users to remotely connect to a server running FrontPage Server Extensions and remotely debug content using, for example, Visual Interdev. An attacker who successfully exploited this vulnerability could be able to run code with IWAM_machinename account privileges on an affected system, or could cause FrontPage Server Extensions to fail.

The second vulnerability is a Denial of Service vulnerability that exists in the SmartHTML interpreter. This functionality is made up of a variety of dynamic link library files, and exists to support certain types of dynamic web content. An attacker who successfully exploited this vulnerability could cause a server running Front Page Server Extensions to temporarily stop responding to requests.

Mitigating factors: 

Administrators that have installed the Front Page Server extensions included in Windows and then applied Windows 2000 Service Pack 4 are not affected by these vulnerabilities

Windows XP does not have FrontPage Server Extensions installed by default

Windows NT 4.0 does not have FrontPage Server Extensions installed by default unless you have applied Windows NT4.0 Option Pack

Severity Rating:

Microsoft FrontPage Server Extensions 2000 (For Windows NT4) and Microsoft Office 2000 Server Extensions (Shipped with Office 2000)

Critical

Microsoft FrontPage Server Extensions 2000 (Shipped with Windows 2000)

Critical

Microsoft FrontPage Server Extensions 2000 (Shipped with Windows XP)

Moderate

Microsoft FrontPage Server Extensions 2000 64-bit (Shipped with Windows XP 64-bit)

Moderate

Microsoft FrontPage Server Extensions 2002

Critical

Microsoft SharePoint Team Services 2002 (Shipped with Office XP)

Critical

The above assessment is based on the types of systems affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them.

Vulnerability identifier for the Buffer Overrun vulnerability: CAN-2003-0822

Vulnerability identifier for SmartHTML interpreter vulnerability: CAN-2003-0824

Top of sectionTop of section

Workarounds

Microsoft has tested the following workarounds that apply across all the vulnerabilities. These workarounds help block known attack vectors, however they will not correct the underlying vulnerabilities. Workarounds may reduce functionality in some cases; in such cases, the reduction in functionality is identified below.

FrontPage Server Extensions administrators can uninstall FrontPage Server Extensions in Add or Remove programs

1.

From the Start button, choose Control Panel.

2.

Select Add or Remove programs.

3.

Select Add/Remove Windows Components.

4.

Select "Internet Information Services (IIS)" and choose "Details...".

5.

Uncheck "FrontPage 2000 Server Extensions" and choose OK.

6.

Choose Next in the Windows Components Wizard and choose Finish.

Impact of workaround:

With FrontPage Server Extensions uninstalled or disabled webpage and server functionality relying on them will be unavailable or will not operate as expected.

Top of sectionTop of section

Frequently Asked Questions

Why have you issued a version 2 of this bulletin?
Subsequent to the release of this bulletin, it was determined that the vulnerability addressed also affects other versions of the affected products and components. Microsoft has updated the bulletin with additional information about Windows XP 64-Bit Edition and Office 2000 Server Extensions and also to direct users to an update for these additional affected platforms.

I have been offered this update from Windows Update and I am running Windows XP, why am I being offered this update?
A change to the detection method that Windows Update uses to offer the update to customers was recently altered to provide it to customers who are not affected by this issue.

Have you re-released this patch?
No - A change in how Windows Update scans and offers this update was introduced on December 9th which prompted users who were not at risk to download it. There has been no change to the update, and customers who were vulnerable were offered the update when it was first released in November.

Are you changing Windows Update to correct the issue?
Yes - Microsoft is currently making a change to the Windows Update detection to correct this problem.

Do I need to install the patch if I have not already?
Microsoft recommends that customers install the update if prompted from Windows Update or Automatic Update. There are no known negative affects with installing this update if offered.

If I installed the update in November, do I need to install the patch again?
No - Customers who were at risk have been offered the update from Windows Update or the Microsoft Download Center since it was first released in November. The update is effective at addressing the issue and customers who have applied the update do not need to reapply it.

How can I determine what version of FrontPage Server Extensions I am running?
To determine the version of FrontPage Server Extensions that is installed on your computer, follow these steps.

Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

1.

Click Start, and then click Search.

2.

In the Search Results pane, click All files and folders under Search Companion.

3.

In the All or part of the file name box, type fp4awel.dll or fp5awel.dll, and then click Search.

4.

If you have the fp4awel.dll file you your system, you have FrontPage Server Extensions 2000 installed

5.

If you have the fp5awel.dll you have either FPSE 2002 or SharePoint Team Services installed.

To differentiate FrontPage Server Extensions 2002 from SharePoint Team Services do the following:

1.

Open the Control Panel task "Add or Remove Programs".

2.

Check whether "Microsoft SharePoint" is listed as installed software.

If a list entry called "Microsoft SharePoint" exists, then you do have SharePoint Team Services installed.

Note: If you have both fp4awel.dll and fp5awel.dll you need to apply both the FrontPage Server Extension 2000 and FrontPage Server Extension 2002 update.

What are the FrontPage Server Extensions?
FrontPage Server Extensions (FPSE) is a set of tools that can be installed on a web site. They serve two basic functions: to allow authorized personnel to manage the server, add or change content, and perform other tasks; and to add functions that are frequently used by web pages, such as search and forms support.
FPSE installs by default as part of IIS 4.0, 5.0 and 5.1. Only Windows 2000 Server, Windows 2000 Advanced Server, and Windows 2000 Datacenter install IIS by default. IIS can be uninstalled if desired. Microsoft recommends that web administrators uninstall FPSE if not needed.

If I have installed the stand-alone version of FrontPage Server extensions and then applied Windows 2000 Service Pack 4 am I vulnerable?
Yes - You need to install the separate stand-alone update for FrontPage Server Extensions



CAN-2003-0822: BO in FrontPage Server Extensions

What's the scope of the remote debug vulnerability?
This is a buffer overrun vulnerability. An attacker who successfully exploited this vulnerability could cause code of their choice to be executed as though it originated on the local machine. Such code could provide the attacker with the ability to take any desired action on the machine, including adding, deleting or modifying data on the system.

What causes the vulnerability?
The vulnerability results because of an unchecked buffer in one of the FrontPage Server Extensions dll files.

What could the remote debug vulnerability enable an attacker to do?
An attacker who successfully exploited this vulnerability could run code of his or her choice with IWAM_machinename account privileges on an affected system, or could cause FrontPage Server Extensions to fail.

Who could exploit the vulnerability?
Any unauthenticated attacker that can connect to the FrontPage Server Extensions service could seek to exploit this vulnerability

How could an attacker exploit this vulnerability?
An unauthenticated attacker could seek to exploit this vulnerability by sending a specially crafted request to FrontPage Server Extensions which would then cause FrontPage Server Extensions to fail in such a way that an attacker could execute code of his or her choice.

What steps could an administrator take to protect against the vulnerability?
The simplest way to address the vulnerability is to install the update. However, if the update were not installed, a server wouldn't be at risk if FrontPage Server Extensions had been uninstalled.

What does the update do?
The update addresses the vulnerability by removing the remote debugging functionality, as this functionality is no longer supported. Microsoft recommends that customers use the Terminal Server functionality for remote debugging.



CAN-2003-0824: Denial of Service in SmartHTML interpreter

What's the scope of the SmartHTML interpreter vulnerability?
This is a denial of service vulnerability. An attacker who successfully exploited this vulnerability could cause a server running Front Page Server Extensions to temporarily stop responding to requests.

What is the SmartHTML interpreter?
The SmartHTML interpreter is part of FPSE, and supports certain types of dynamic web content. It is made up of a variety of dynamic link library files. Using SmartHTML, a web developer can build a web page that relies on FrontPage features. For example, a web developer might want to embed the current date and time in a web page. In order to do that, the developer might use one of the WebBot components that come with FrontPage.
When the web page author inserts a WebBot into an HTML page, what actually gets inserted is a specially formatted HTML comment. A WebBot comment looks like a standard HTML comment with special notation that identifies the WebBot and its properties. The web page author sets the property values from a dialog box when the WebBot gets inserted. Each WebBot has its own dialog. Microsoft calls the WebBot notation "SmartHTML", and HTML pages containing WebBots "SmartHTML pages".
A WebBot is "executed" when the FrontPage Editor saves the HTML page. A FrontPage Server Extensions application scans the page for embedded WebBot components and replaces them with standard HTML text. As a result of this scanning process, a new page is created containing the standard HTML text generated from the WebBot components and a visitor to the web page sees the date and time rendered on the web page.

What's wrong with the SmartHTML interpreter?
If a request is made to a web server using FrontPage Server Extensions in a particular way, it could have the effect of causing the SmartHTML interpreter to cycle, temporarily consuming all of the server's CPU availability and preventing the server from performing useful work.

What could an attacker do via this vulnerability?
An attacker who successfully exploited this vulnerability could cause a server running Front Page Server Extensions to temporarily stop responding to requests.

Who could exploit the vulnerability?
Any unauthenticated attacker that can connect to the FrontPage Server Extensions service could seek to exploit this vulnerability

How might an attacker exploit the vulnerability?
The attack itself would only require that the attacker send a particular type of request to the SmartHTML interpreter repeatedly.

What steps could an administrator take to protect against the vulnerability?
The simplest way to address the vulnerability is to install the update. However, if the update were not installed, a server wouldn't be at risk if FPSE had been uninstalled, or if the SmartHTML interpreter were not in use. For instance, the IIS Lockdown Tool, if used to configure a static web server, disables the interpreter.

How does the update eliminate the vulnerability?
The update causes the SmartHTML interpreter to properly validate the incoming requests and discard those that are not valid.

Top of sectionTop of section

Security Update Information

Installation platforms and Prerequisites:

For information about the specific security update for your platform, click the appropriate link:

Microsoft FrontPage Server Extensions 2000 (For Windows NT4) and Microsoft Office 2000 Server Extensions (Shipped with Office 2000)

Prerequisites

This security update requires Windows NT Workstation 4.0 Service Pack 6a (SP6a), Windows NT Server 4.0 Service Pack 6a (SP6a) or Windows NT Server 4.0, Terminal Server Edition, Service Pack 6 (SP6).

For information about the Windows desktop product life cycle, visit the following Microsoft Web site:

http://www.microsoft.com/lifecycle/

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

152734 How to Obtain the Latest Windows NT 4.0 Service Pack

Inclusion in future service packs:

This update will be included in any future service packs for FrontPage Server Extensions

Installation Information

This security update supports the following Setup switches:

/q    Specifies quiet mode, or suppresses prompts, when files are being extracted.

/q:u   Specifies user-quiet mode, which presents some dialog boxes to the user.

/q:a   Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/t:path   Specifies the target folder for extracting files.

/c   Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder.

/c:path   Specifies the path and name of the Setup .inf or .exe file.

/r:n   Never restarts the computer after installation.

/r:i   Prompts the user to restart the computer if a restart is required, except when used with /q:a.

/r:a    Always restarts the computer after installation.

/r:s   Restarts the computer after installation without prompting the user.

/n:v   No version checking - Install the program over any previous version.

Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.

Note: Before installing the Update, ensure the following conditions have been met.

You are logged on to the computer using an account with Administrative rights (Windows NT only).

You have stopped all services related to the FrontPage 2000 Server Extensions.

Note: If you do not stop all services related to the FrontPage 2000 Server Extensions or the file that is being updated is in use, you will be prompted to restart the computer after the update is installed.

Deployment Information

To install the security update without any user intervention, use the following command line:

For Windows NT Workstation 4.0, Windows NT Server 4.0, Windows NT Server 4.0, Terminal Server Edition:

office2000-kb813379-client-enu.exe /q

Restart Requirement

In some cases, this update does not require a reboot. The installer stops the needed services, applies the update and then restarts them. However, if the needed services cannot be stopped for any reason or if required files are in use, it will require a reboot. If this occurs, a prompt will be displayed advising of the need to reboot.

Removal Information

This security update can not be uninstalled

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table.

File NameSizeProduct Version

admin.exe

16,439

4.00.02.7523

admin.dll

20,540

4.00.02.7523

author.exe

16,439

4.00.02.7523

author.dll

20,540

4.00.02.7523

cfgwiz.exe

188,480

4.00.02.7523

fp4Amsft.dll

184,435

4.00.02.7523

fp4Anscp.dll

82,035

4.00.02.7523

fp4Apws.dll

147,513

4.00.02.7523

fp4Areg.dll

49,210

4.00.02.7523

fp4Atxt.dll

102,509

4.00.02.7523

fp4Autl.dll

618,605

4.00.02.7523

fp4Avnb.dll

41,020

4.00.02.7523

fp4Avss.dll

32,826

4.00.02.7523

fp4Awebs.dll

49,212

4.00.02.7523

fp4Awel.dll

876,653

4.00.02.7802

fp98sadm.exe

14,608

3.00.02.1706

fp98swin.exe

109,328

3.00.02.1706

fpadmcgi.exe

24,632

4.00.02.7523

fpadmdll.dll

20,541

4.00.02.7523

fpcount.exe

188,494

4.00.02.7523

fpencode.dll

94,208

1.00.00.0000

fpexedll.dll

20,541

4.00.02.7523

fpmmc.dll

598,071

4.00.02.7523

fpmmcsat.dll

208,896

4.00.02.7523

fpremadm.exe

20,538

4.00.02.7523

fpsrvadm.exe

28,728

4.00.02.7523

shtml.exe

16,437

4.00.02.7523

shtml.dll

20,536

4.00.02.7523

stub_fpsrvadm.exe

16,449

4.00.02.7523

stub_fpsrvwin.exe

65,601

4.00.02.7523

tcptest.exe

32,827

4.00.02.7523

tcptsat.dll

16,384

4.00.02.7523

Verifying Update Installation

Verify that fp4awel.dll is version 4.0.2.7802

Top of sectionTop of section

Microsoft FrontPage Server Extensions 2000 (Shipped with Windows 2000)

Prerequisites

For Windows 2000 this security update requires Service Pack 2 (SP2), or Service Pack 3 (SP3).

For information about the Windows desktop product life cycle, visit the following Microsoft Web site:

http://www.microsoft.com/lifecycle/

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

Inclusion in future service packs:

The fix is already included in Windows 2000 Service Pack 4.

Installation Information

This security update supports the following Setup switches:

/?   Display the list of installation switches.

/u   Use Unattended mode.

/f   Force other programs to quit when the computer shuts down.

/n   Do not back up files for removal.

/o   Overwrite OEM files without prompting.

/z   Do not restart when the installation is complete.

/q   Use Quiet mode (no user interaction).

/l   List the installed hotfixes.

/x   Extract the files without running Setup.

Deployment Information

To install the security update without any user intervention, use the following command line:

For Windows 2000 Service Pack 2, Windows 2000 Service Pack 3:

Windows2000-KB810217-x86-ENU /u /q

To install the security update without forcing the computer to restart, use the following command line:

For Windows 2000 Service Pack 2, Windows 2000 Service Pack 3:

Windows2000-KB810217-x86-ENU /z

Note: You can combine these switches into one command line.

Restart Requirement

In some cases, this update does not require a reboot. The installer stops the needed services, applies the update, then restarts them. However, if the needed services cannot be stopped for any reason or if required files are in use, it will require a reboot. If this occurs, a prompt will be displayed advising of the need to reboot.

Removal Information

To remove this security update, use the Add/Remove Programs tool in Control Panel.

System administrators can use the Spuninst.exe utility to remove this security update. The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB810217$\Spuninst folder, and it supports the following Setup switches:

/?: Show the list of installation switches.

/u: Use unattended mode.

/f: Force other programs to quit when the computer shuts down.

/z: Do not restart when the installation is complete.

/q: Use Quiet mode (no user interaction).

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table.

File NameSizeProduct Version

Spmsg.dll

6,656

5.03.16.0008

Spuninst.exe

89,088

5.03.16.0008

stub_fpsrvadm.exe

16,449

4.00.02.7523

stub_fpsrvwin.exe

65,601

4.00.02.7523

Tcptest.exe

32,827

4.00.02.7523

Admin.dll

20,540

4.00.02.7523

Admin.exe

16,439

4.00.02.7523

Author.dll

20,540

4.00.02.7523

Author.exe

16,439

4.00.02.7523

Cfgwiz.exe

188,480

4.00.02.7523

Empty.cat

5,149

0.00.00.0000

fp4amsft.dll

184,435

4.00.02.7523

fp4anscp.dll

82,035

4.00.02.7523

fp4apws.dll

147,513

4.00.02.7523

fp4areg.dll

49,210

4.00.02.7523

fp4atxt.dll

102,509

4.00.02.7523

fp4autl.dll

618,605

4.00.02.7523

fp4avnb.dll

41,020

4.00.02.7523

fp4avss.dll

32,826

4.00.02.7523

fp4awebs.dll

49,212

4.00.02.7523

fp4awel.dll

876,653

4.00.02.7802

fp40ext.inf

7,977

0.00.00.0000

fp98sadm.exe

14,608

3.00.02.1706

fp98swin.exe

109,328

3.00.02.1706

Fpadmcgi.exe

24,632

4.00.02.7523

Fpadmdll.dll

20,541

4.00.02.7523

Fpcount.exe

188,494

4.00.02.7523

Fpencode.dll

94,208

1997.05.27.0000

Fpexedll.dll

20,541

4.00.02.7523

Fpmmc.dll

598,071

4.00.02.7523

Fpremadm.exe

20,538

4.00.02.7523

Fpsrvadm.exe

28,728

4.00.02.7523

Shtml.dll

20,536

4.00.02.7523

Shtml.exe

16,437

4.00.02.7523

Verifying Update Installation

To verify that the security update is installed on your computer use the Microsoft Baseline Security Analyzer (MBSA) tool. For additional information about MBSA, click the following article number to view the article in the Microsoft Knowledge Base:

320454 Microsoft Baseline Security Analyzer Version 1.1.1 Is Available

You may also be able to verify the files that this security update installed by reviewing the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP4\KB810217\Filelist

Note: This registry key may not be not created properly when an administrator or an OEM integrates or slipstreams the KB810217 security update into the Windows installation source files.

Top of sectionTop of section

Microsoft FrontPage Server Extensions 2000 (Shipped with Windows XP)

Prerequisites

This security update requires the released version of Windows XP or Windows XP Service Pack 1 (SP1). For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

322389 How to Obtain the Latest Windows XP Service Pack

Inclusion in future service packs:

The fix for this issue will be included in Windows XP Service Pack 2.

Installation Information

This security update supports the following Setup switches:

/?   Display the list of installation switches.

/u   Use Unattended mode.

/f   Force other programs to quit when the computer shuts down.

/n   Do not back up files for removal.

/o   Overwrite OEM files without prompting.

/z   Do not restart when the installation is complete.

/q   Use Quiet mode (no user interaction).

/l   List the installed hotfixes.

/x   Extract the files without running Setup.

Deployment Information

To install the security update without any user intervention, use the following command line:

WindowsXP-KB810217-x86-ENU.exe /u /q

To install the security update without forcing the computer to restart, use the following command line:

WindowsXP-KB810217-x86-ENU.exe/z

Note: You can combine these switches into one command line.

Restart Requirement

In some cases, this update does not require a reboot. The installer stops the needed services, applies the update and then restarts them. However, if the needed services cannot be stopped for any reason or if required files are in use, it will require a reboot. If this occurs, a prompt will be displayed advising of the need to reboot.

Removal Information

To remove this security update, use the Add or Remove Programs tool in Control Panel.

System administrators can use the Spuninst.exe utility to remove this security update. The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB810217$\Spuninst folder, and it supports the following Setup switches:

/?: Show the list of installation switches.

/u: Use unattended mode.

/f: Force other programs to quit when the computer shuts down.

/z: Do not restart when the installation is complete.

/q: Use Quiet mode (no user interaction).

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table.

Windows XP Professional, Windows XP Tablet PC Edition, and Windows XP Media Center Edition:

File nameSizeFile Version

admin.exe

16,439

4.0.2.7523

author.dll

20,540

4.0.2.7523

author.exe

16,439

4.0.2.7523

cfgwiz.exe

188,480

4.0.2.7523

fp40ext.inf

7,946

N/A

fp4amsft.dll

184,435

4.0.2.7523

fp4anscp.dll

82,035

4.0.2.7523

fp4apws.dll

147,513

4.0.2.7523

fp4areg.dll

49,210

4.0.2.7523

fp4atxt.dll

102,509

4.0.2.7523

fp4autl.dll

618,605

4.0.2.7523

fp4avnb.dll

41,020

4.0.2.7523

fp4avss.dll

32,826

4.0.2.7523

fp4awebs.dll

49,212

4.0.2.7523

fp4awel.dll

876,653

4.0.2.7802

fp98sadm.exe

14,608

3.0.2.1706

fp98swin.exe

109,328

3.0.2.1706

fpadmcgi.exe

24,632

4.0.2.7523

fpadmdll.dll

20,541

4.0.2.7523

fpcount.exe

188,494

4.0.2.7523

fpencode.dll

94,208

1997.5.27.0

fpexedll.dll

20,541

4.0.2.7523

fpmmc.dll

598,071

4.0.2.7523

fpremadm.exe

20,538

4.0.2.7523

fpsrvadm.exe

28,728

4.0.2.7523

shtml.dll

20,536

4.0.2.7523

shtml.exe

16,437

4.0.2.7523

spmsg.dll

6,656

4.0.2.7523

spuninst.exe

100,352

4.0.2.7523

stub_fpsrvadm.exe

16,449

4.0.2.7523

stub_fpsrvwin.exe

65,601

4.0.2.7523

Windows XP 64-Bit Edition:

File nameSizeFile Version

admin.dll

14,336

4.00.02.8312

admin.exe

13,312

4.00.02.8312

author.dll

14,336

4.00.02.8312

author.exe

13,312

4.00.02.8312

cfgwiz.exe

747,008

4.00.02.8312

fp4Amsft.dll

647,168

4.00.02.8312

fp4Areg.dll

82,035

4.0.2.7523

fp4Atxt.dll

254,464

4.00.02.8312

fp4Autl.dll

2,651,136

4.00.02.8312

fp4Avnb.dll

103,424

4.00.02.8312

fp4Avss.dll

72,192

4.00.02.8312

fp4Awel.dll

4,045,824

4.00.02.8312

fpadmcgi.exe

129,536

4.00.02.8312

fpadmdll.dll

14,336

4.00.02.8312

fpcount.exe

415,744

4.00.02.8312

fpexedll.dll

9,728

4.00.02.8312

fpmmc.dll

1,816,576

4.00.02.8312

fpmmcsat.dll

204,800

4.00.02.4707

fpremadm.exe

16,896

4.00.02.8312

fpsrvadm.exe

166,912

4.00.02.8312

shtml.dll

14,336

4.00.02.8312

shtml.exe

13,312

4.00.02.8312

tcptest.exe

58,368

4.00.02.8312

tcptsat.dll

5,632

4.00.02.4707

Verifying Update Installation

To verify that the security update is installed on your computer use the Microsoft Baseline Security Analyzer (MBSA) tool. For additional information about MBSA, click the following article number to view the article in the Microsoft Knowledge Base:

320454 Microsoft Baseline Security Analyzer Version 1.1.1 Is Available

You may also be able to verify the files that this security update installed by reviewing the following registry keys:

Windows XP Professional; Windows XP Professional SP1; Windows XP 64-Bit Edition; Windows XP 64-Bit Edition SP1; Windows XP Tablet PC Edition; Windows XP Media Center Edition:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB810217\Filelist

Note: This registry key may not be not created properly when an administrator or an OEM integrates or slipstreams the KB810217 security update into the Windows installation source files.

Top of sectionTop of section

Microsoft FrontPage Server Extensions 2002 (Shipped with Office XP)

Prerequisites

This update requires FrontPage Server Extensions 2002

Inclusion in future service packs:

This update will be included in any future service packs for FrontPage Server Extensions

Installation Information

This security update supports the following Setup switches:

/q   Specifies quiet mode, or suppresses prompts, when files are being extracted.

/q:u   Specifies user-quiet mode, which presents some dialog boxes to the user.

/q:a   Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/t:path   Specifies the target folder for extracting files.

/c   Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder.

/c:path   Specifies the path and name of the Setup .inf or .exe file.

/r:n   Never restarts the computer after installation.

/r:i   Prompts the user to restart the computer if a restart is required, except when used with /q:a.

/r:a    Always restarts the computer after installation.

/r:s   Restarts the computer after installation without prompting the user.

/n:v   No version checking - Install the program over any previous version.

Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.

Note: Before installing the Update, ensure the following conditions have been met.

You are logged on to the computer using an account with Administrative rights (Windows NT only).

You have stopped all services related to the FrontPage 2000 Server Extensions.

Note: If you do not stop all services related to the FrontPage 2000 Server Extensions or the file that is being updated is in use, you will be prompted to restart the computer after the update is installed.

Deployment Information

To install the security update without any user intervention, use the following command line:

officexp-KB813380-client-ENG.exe /q

Restart Requirement

In some cases, this update does not require a reboot. The installer stops the needed services, applies the update, then restarts them. However, if the needed services cannot be stopped for any reason or if required files are in use, it will require a reboot. If this occurs, a prompt will be displayed advising of the need to reboot.

Removal Information

This security update can not be uninstalled

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table.

File NameSizeProduct Version

fp30reg.dll

36,424

10.00.4205.0000

FPcheck1003.exe

28,672

0.00.00.0000

Eula.txt

8,744

0.00.00.0000

fp5amsft.dll

137,824

10.00.4803.0000

fp5Areg.dll

36,424

10.00.4205.0000

fp5Awel.dll

1,382,984

10.00.4803.0000

Verifying Update Installation

Verify that the following files are installed on the system

FilenameSizeProduct Version

fp30reg.dll

36,424

10.00.4205.0000

fp5amsft.dll

137,824

10.00.4803.0000

fp5Areg.dll

36,424

10.00.4205.0000

fp5Awel.dll

1,382,984

10.00.4803.0000

Top of sectionTop of section

Microsoft SharePoint Team Services 2002

Prerequisites

This security update requires Office XP SP2

Inclusion in future service packs:

The fix for this issue will be included in any future Service Pack for Office XP.

Installation Information

This security update supports the following Setup switches:

/q   Specifies quiet mode, or suppresses prompts, when files are being extracted.

/q:u   Specifies user-quiet mode, which presents some dialog boxes to the user.

/q:a   Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/t:path   Specifies the target folder for extracting files.

/c   Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder.

/c:path   Specifies the path and name of the Setup .inf or .exe file.

/r:n   Never restarts the computer after installation.

/r:i   Prompts the user to restart the computer if a restart is required, except when used with /q:a.

/r:a    Always restarts the computer after installation.

/r:s   Restarts the computer after installation without prompting the user.

/n:v   No version checking - Install the program over any previous version.

Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.

Note: Before installing the Patch, ensure the following conditions have been met.

You are logged on to the computer using an account with Administrative rights (Windows NT only).

You have stopped all services related to the FrontPage 2000 Server Extensions.

Note: If you do not stop all services related to the FrontPage 2000 Server Extensions or the file that is being updated is in use, you will be prompted to restart the computer after the patch is installed.

Deployment Information

To install the security update without any user intervention, use the following command line:

OWS1002.exe /q

Restart Requirement

In some cases, this update does not require a reboot. The installer stops the needed services, applies the update, then restarts them. However, if the needed services cannot be stopped for any reason or if required files are in use, it will require a reboot. If this occurs, a prompt will be displayed advising of the need to reboot.

Removal Information

This security update can not be uninstalled

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table.

File NameSizeProduct Version

fp5Awel.dll

1,351

10.0.4803.0

Fpeditax.dll

4,155

10.0.4622.0

Owssvr.dll

815

10.0.4921.0

fp5Autl.dll

931

10.0.4406.0

fp5Awec.dll

604,744

10.0.4406.0

Fp5amsft.dll

135

10.0.4803.0

Verifying Update Installation

Verify that the following files are installed on the system

File nameSizeProduct Version

Fp5awel.dll

1,351

10.0.4803.0

Fp5amsft.dll

135

10.0.4803.0

Fp5areg.dll

 

10.0.4205.0

Fp30reg.dll

 

10.0.4205.0

Top of sectionTop of section
Top of sectionTop of section

Acknowledgments

Microsoft thanks for working with us to protect customers:

Brett Moore of Security-Assessment.com for reporting the issue in MS03-051.

Obtaining other security updates:

Updates for other security issues are available from the following locations:

Security updates are available from the Microsoft Download Center, and can be most easily found by doing a keyword search for "security_patch".

Updates for consumer platforms are available from the Windows Update web site

Updates for Microsoft Office Family products are available from the Office Update web site.

Support: 

Technical support is available from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls associated with security patches.

International customers can get support from their local Microsoft subsidiaries. There is no charge for support associated with security updates. Information on how to contact Microsoft support is available at http://support.microsoft.com/common/international.aspx 

Security Resources:

The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products.

Microsoft Software Update Services: http://www.microsoft.com/sus/ 

Microsoft Baseline Security Analyzer (MBSA) details: http://www.microsoft.com/mbsa. Please see http://support.microsoft.com/default.aspx?scid=kb;EN-US;306460 for list of security updates that have detection limitations with MBSA tool.

Windows Update Catalog: http://support.microsoft.com/default.aspx?scid=kb;EN-US;323166 

Windows Update: http://windowsupdate.microsoft.com 

Office Update: http://office.microsoft.com/officeupdate/ 

Software Update Services (SUS):

Microsoft Software Update Services (SUS) enables administrators to quickly and reliably deploy the latest critical updates and security updates to Windows® 2000 and Windows Server™ 2003-based servers, as well as to desktop computers running Windows 2000 Professional or Windows XP Professional.

For information about how to deploy this security patch with Software Update Services, visit the following Microsoft Web site:

http://www.microsoft.com/sus/

Systems Management Server (SMS):

Systems Management Server can provide assistance deploying this security update. For information about Systems Management Server visit the SMS Web Site. SMS also provides several additional tools to assist administrators in the deployment of security updates such as the SMS 2.0 Software Update Services Feature Pack and the SMS 2.0 Administration Feature Pack. The SMS 2.0 Software Update Services Feature Pack utilizes the Microsoft Baseline Security Analyzer and the Microsoft Office Detection Tool to provide broad support for security bulletin remediation. Some software updates may require administrative rights following a restart of the computer.

Note: The inventory capabilities of the SMS 2.0 Software Update Services Feature Pack may be used for targeting updates to specific computers, and the SMS 2.0 Administration Feature Pack's Elevated Rights Deployment Tool can be used for installation. This provides optimal deployment for updates that require explicit targeting using Systems Management Server and administrative rights after the computer has been restarted.

Disclaimer:

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions: 

V1.0 November 11, 2003: Bulletin published.

V1.1 November 12, 2003: Updated information on what actions an attacker could take if they were to successfully exploit this vulnerability.

V1.2 November 14, 2003: Updated information on affected versions of Microsoft Office, updated information in the workarounds section.

V1.3 November 19, 2003: Updated information on setup switches in the Security Update Information section and corrected text in Severity Rating section for SharePoint Team Services 2002.

V1.4 December 10, 2003: Updated the FAQ section to reflect a new Windows Update offering on Windows XP.

V1.5 January 13, 2004: Added a FAQ about FrontPage Server Extensions and Service Pack 4 for Windows 2000. Updated file version in the FrontPage Server Extensions 2002 section. Corrected setup switches in the FrontPage Server Extensions stand-alone and Windows 2000 section.

V2.0 February 10, 2004: Updated to reflect that the bulletin also affects Office 2000 Server Extensions and Windows XP 64-bit Edition.


Top of pageTop of page