TechNet Home > TechNet Security > Bulletins

Microsoft Security Bulletin MS07-048 - Important

Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)

Published: August 14, 2007

Version: 1.0

General Information

Executive Summary

This important security update resolves two privately reported vulnerabilities in addition to other vulnerabilities identified during the course of the investigation. These vulnerabilities could allow an anonymous remote attacker to run code with the privileges of the logged on user. If a user subscribed to a malicious RSS feed in the Feed Headlines Gadget or added a malicious contacts file in the Contacts Gadget or a user clicked on a malicious link in the Weather Gadget an attacker could potentially run code on the system. In all attack vectors, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This is an important security update for all supported editions of Windows Vista. For more information, see the subsection, Affected and Non-Affected Software, in this section.

This security update addresses the vulnerability by improving validation code within the Feed Headlines and Contacts Gadgets. The Inspect Your Gadget document outlines secure programming best practices that should be followed when building Gadgets. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Recommendation: Microsoft recommends that customers apply the security update.

Known Issues: Microsoft Knowledge Base Article 938123 documents any currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues.

Top of sectionTop of section

Affected and Non-Affected Software

The software listed here has been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle.

Affected Software

Operating SystemMaximum Security ImpactAggregate Severity RatingBulletins Replaced by This Update

Windows Vista

Remote Code Execution

Important

None

Windows Vista x64 Edition

Remote Code Execution

Important

None

Top of sectionTop of section

Frequently Asked Questions (FAQ) Related to This Security Update

What are the known issues that customers may experience when they install this security update?
Microsoft Knowledge Base Article 938123 documents any currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues.

Why does this update address several reported security vulnerabilities? 
This update addresses several vulnerabilities because the modifications for these issues are located in related files. Instead of having to install several updates that are almost the same, customers can install only this update.

Does this update contain any security-related changes to functionality? 
Yes. Besides the changes that are listed in the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the bulletin section, Vulnerability Information, this update includes defense-in-depth improvements to the Windows Stocks Gadget.

Top of sectionTop of section

Vulnerability Information

Severity Ratings and Vulnerability Identifiers

Affected SoftwareWindows Vista Feed Headlines Gadget Remote Code Execution Vulnerability – CVE-2007-3033Windows Vista Contacts Gadget Code Execution Vulnerability – CVE-2007-3032Windows Vista Weather Gadget Remote Code Execution Vulnerability – CVE-2007-3891Aggregate Severity Rating

Windows Vista

Important 
Remote Code Execution

Moderate 
Remote Code Execution

Moderate 
Remote Code Execution

Important

Windows Vista x64 Edition

Important 
Remote Code Execution

Moderate 
Remote Code Execution

Moderate 
Remote Code Execution

Important

Top of sectionTop of section

Windows Vista Feed Headlines Gadget Could Allow Remote Code Execution – CVE-2007-3033

A remote code execution vulnerability exists in Windows Vista Feed Headlines Gadgets that could allow a remote anonymous attacker to run code with the privileges of the logged on user.

To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2007-3033.

Mitigating Factors for Windows Vista Feed Headlines Gadget Could Allow Remote Code Execution – CVE-2007-3033

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, which could reduce the severity of exploitation of this vulnerability. The following mitigating factor may be helpful in your situation:

The user needs to subscribe to a untrusted or compromised RSS feed in the Feed Headlines Gadget using Internet Explorer.

Top of sectionTop of section

Workarounds for Windows Vista Feed Headlines Gadget Could Allow Remote Code Execution – CVE-2007-3033

Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:

Disable the Feed Headlines Gadget:

To disable the Feed Headlines Gadget, follow these steps:

1.

Right click in Sidebar.

2.

Select Properties from the menu.

3.

In the Windows Sidebar Properties dialog click the View list of running gadgets button.

4.

Select the Feed Headlines Gadget and click the Remove button.

Impact of Workaround: The Feed Headlines Gadget is disabled.

Uninstall the Feed Headlines Gadget:

To uninstall the Feed Headlines Gadget, follow these steps:

Right click in Sidebar.

Select Add Gadgets… from the menu.

Right click on the Feed Headlines Gadget.

Select uninstall from the menu.

Impact of Workaround: The Feed Headlines Gadget will be uninstalled.

Modify the Access Control List on gadget.xml to be more restrictive:

Applying this workaround may cause the installation of security updates provided with this security bulletin to fail.

To modify the Access Control List (ACL) on gadget.xml to be more restrictive, follow these steps:

1.

Click Start, click All Programs, click Accessories, right click on Command Prompt, click Run as administrator, and then click Continue.

2.

Type the following command at a command prompt:

cd %ProgramFiles%\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US

3.

Type the following command at a command prompt make a note of the current ACL’s that is on the file (including inheritance settings) for future reference to undo this modification:

takeown /f gadget.xml

4.

Type the following command at a command prompt to ACL the Feed Headlines Gadget. Make a note of the current ACL’s that are on the file (including inheritance settings) for future reference to undo this modification:

icacls gadget.xml /deny Everyone:(R,RX)

5.

You must Log Off your system or close the sidebar.exe process after you apply this workaround.

Impact of Workaround: The Feed Headlines Gadget is disabled.

Disable Sidebar in Group Policy

To disable Sidebar in Group Policy, follow these steps:

1.

Click Start, click Run, type “gpedit.msc”, and then click Continue.

2.

Under Local Computer Policy\Computer Configuration double click Administrative Templates, double click Windows Components, and then double click Windows Sidebar.

3.

Change the value of the Turn off Windows Sidebar setting to Enabled:

4.

Right click on Turn off Windows Sidebar.

5.

Select Properties from the menu.

6.

Select the Enabled radio button.

7.

You must Log Off your system or close the sidebar.exe process after you apply this workaround.

Impact of Workaround: Sidebar is disabled.

Disable the Sidebar in the system registry

Disabling Sidebar by creating a new registry key helps protect the affected system from attempts to exploit this vulnerability. To create a new Sidebar registry key, follow these steps:

Note: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.

Note: We recommend backing up the registry before you edit it.

1.

Click Start, click Run, type “regedit” (without the quotation marks), and then click Continue.

2.

Expand HKEY_LOCAL_MACHINE, expand SOFTWARE, expand Microsoft, expand Windows, expand CurrentVersion, and then expand Policies.

3.

Right click on Policies, select New, select Key, and then type Windowsas the file name.

4.

Right click on Windows, select New, select Key, and then type Sidebaras the file name.

5.

Right click on Sidebar, select New, select DWORD (32-bit) Value, and the type TurnOffSidebaras the Name.

6.

Right click on TurnOffSidebar, and then change Value data: to 1.

7.

You must Log Off your system or close the sidebar.exe process after you apply this workaround.

Impact of Workaround: Sidebar is disabled.

Top of sectionTop of section

FAQ for Windows Vista Feed Headlines Gadget Could Allow Remote Code Execution – CVE-2007-3033

What is the scope of the vulnerability?
This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could run code on the vulnerable system.

What causes the vulnerability
The Feed Headlines Gadget does not perform sufficient validation when parsing HTML attributes.

What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could run code on the affected system.

How could an attacker exploit the vulnerability?
The Feed Headlines Gadget is installed on Windows Vista and is enabled by default. The user needs to subscribed to a RSS feed in the Feed Headlines Gadget using Internet Explorer. Once a feed is subscribed an attacker must send a specially crafted RSS post using the existing subscription to exploit the system. An attacker could then execute code in the context of the logged on user from the subsequent malicious or specially crafted feed over the internet.

What is a Gadget?
Gadgets are mini-applications designed to provide the user with information or utilities. Windows Vista treats gadgets similar to the way Windows Vista treats all executable code. Gadgets are written using HTML and script, but this HTML is not located on an arbitrary remote server as web pages are. HTML content in the Gadget is downloaded first as part of a package of resources and configuration files and then executed from the local computer. This download process is similar to applications (.exe files) downloaded from the Internet.

Could the vulnerability be exploited over the Internet?
Yes, this vulnerability could be exploited over the internet once a user has subscribed to a malicious RSS feed in the Feed Headlines Gadget, or if a trusted feed is compromised by an attacker.

What systems are primarily at risk from the vulnerability?
Any Windows Vista system where the Feed Headlines Gadget is enabled and subscribed to RSS feeds.

What does the update do?
The update removes the vulnerability by adding additional checks on HTML attributes within the Feed Headlines Gadgets.

When this security bulletin was issued, had this vulnerability been publicly disclosed?
No. Microsoft received information about this vulnerability through responsible disclosure.

When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?
No. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.

Top of sectionTop of section
Top of sectionTop of section

Windows Vista Contacts Gadget Could Allow Code Execution – CVE-2007-3032

A code execution vulnerability exists in Windows Vista Contacts Gadget that could allow an attacker to run code with the privileges of the logged on user.

To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2007-3032.

Mitigating Factors for Windows Vista Contacts Gadget Could Allow Code Execution – CVE-2007-3032

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, which could reduce the severity of exploitation of this vulnerability. The following mitigating factor may be helpful in your situation:

The Contacts Gadget is not enabled by default. To be subject to exploitation of this vulnerability, the user must add the Contacts Gadget to Windows Sidebar.

When the Contacts Gadget is enabled, the user must add or import specially crafted malicious contacts from an attacker.

Top of sectionTop of section

Workarounds for Windows Vista Contacts Gadget Could Allow Code Execution – CVE-2007-3032

Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:

Disablethe Contacts Gadget:

To disable the Contacts Gadget, follow these steps:

1.

Right click in Sidebar.

2.

Select Properties from the menu.

3.

In the Windows Sidebar Properties dialog click the View list of running gadgets button.

4.

Select the Contacts Gadget and click the Remove button.

Impact of Workaround: The Contacts Gadget is disabled.

Uninstallthe Contacts Gadget:

To uninstall the Contacts Gadget, follow these steps:

1.

Right click in Sidebar.

2.

Select Add Gadgets… from the menu.

3.

Right click on the Contacts Gadget.

4.

Select uninstall from the menu.

Impact of Workaround: The Contacts Gadget will be uninstalled.

Modify the Access Control List on gadget.xml to be more restrictive:

Applying this workaround may cause the installation of security updates provided with this security bulletin to fail.

To modify the Access Control List (ACL) on gadget.xml to be more restrictive, follow these steps:

1.

Click Start, click All Programs, click Accessories, right click on Command Prompt, click Run as administrator, and then click Continue.

2.

Type the following command at a command prompt:

cd %ProgramFiles%\Windows Sidebar\Gadgets\Contacts.Gadget\en-US

3.

Type the following command at a command prompt make a note of the current ACL’s that are on the file (including inheritance settings) for future reference to undo this modification:

takeown /f gadget.xml

4.

Type the following command at a command prompt to ACL the Contacts Gadget. Make a note of the current ACL’s that are on the file (including inheritance settings) for future reference to undo this modification:

icacls gadget.xml /deny Everyone:(R,RX)

5.

You must Log Off your system or close the sidebar.exe process after you apply this workaround.

Impact of Workaround: The Contacts Gadget is disabled.

Disable Sidebar in Group Policy

To disable Sidebar in Group Policy, follow these steps:

1.

Click Start, click Run, type “gpedit.msc”, and then click Continue.

2.

Under Local Computer Policy\Computer Configuration double click Administrative Templates, double click Windows Components, and then double click Windows Sidebar.

3.

Change the value of the Turn off Windows Sidebar setting to Enabled:

4.

Right click on Turn off Windows Sidebar.

5.

Select Properties from the menu.

6.

Select the Enabled radio button.

7.

You must Log Off your system or close the sidebar.exe process after you apply this workaround.

Impact of Workaround: Sidebar is disabled.

Disable Sidebar in the system registry

Disabling Sidebar by creating a new registry key helps protect the affected system from attempts to exploit this vulnerability. To create a new Sidebar registry key, follow these steps:

Note: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.

Note: We recommend backing up the registry before you edit it.

1.

Click Start, click Run, type “regedit” (without the quotation marks), and then click Continue.

2.

Expand HKEY_LOCAL_MACHINE, expand SOFTWARE, expand Microsoft, expand Windows, expand CurrentVersion, and then expand Policies.

3.

Right click on Policies, select New, select Key, and then type Windows as the file name.

4.

Right click on Windows, select New, select Key, and then type Sidebar as the file name.

5.

Right click on Sidebar, select New, select DWORD (32-bit) Value, and the type TurnOffSidebaras the Name.

6.

Right click on TurnOffSidebar, and then change Value data: to 1.

7.

You must Log Off your system or close the sidebar.exe process after you apply this workaround.

Impact of Workaround: Sidebar is disabled.

Top of sectionTop of section

FAQ for Windows Vista Contacts Gadget Could Allow Code Execution – CVE-2007-3032

What is the scope of the vulnerability?
This is a code execution vulnerability. An attacker who successfully exploited this vulnerability could run code on the vulnerable system in the context of the logged on user.

What causes the vulnerability
The Contacts Gadget does not perform sufficient validation on contacts when imported.

What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could run code on the affected system in the context of the user.

How could an attacker exploit the vulnerability?
While the Contacts Gadget is installed on Windows Vista it is not enabled by default. A user would be required to enable the Contacts Gadget. An attacker would then have to send a specially crafted contact to an affected system, or persuade a user to visit a webpage that allowed the specially crafted contact to be downloaded. The user would have to add the malicious contact. Once the contact was added or imported the attacker could then execute code in the context of the logged on user when the contact was selected or if the contact were the first contact in the list.

What is a Gadget?
Gadgets are mini-applications designed to provide the user with information or utilities. Windows Vista treats gadgets similar to the way Windows Vista treats other executable code. Gadgets are written using HTML and script, but this HTML is not located on an arbitrary remote server as web pages are. HTML content in the Gadget is downloaded first as part of a package of resources and configuration files and then executed from the local computer. This download process is similar to applications (.exe files) downloaded from the Internet.

Could the vulnerability be exploited over the Internet?
Yes, this vulnerability could be exploited over the internet if a user added or imported the malicious contact file from the Internet into the Contacts Gadget. The contact would have to be selected or the first contact in the list.

What systems are primarily at risk from the vulnerability?
Any Windows Vista system where the Contacts Gadget is enabled would be at risk form the vulnerability.

What does the update do?
The update removes the vulnerability by adding additional checks on imported contacts within Contacts Gadget.

When this security bulletin was issued, had this vulnerability been publicly disclosed?
No. Microsoft received information about this vulnerability through responsible disclosure.

When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?
No. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.

Top of sectionTop of section
Top of sectionTop of section

Windows Vista Weather Gadget Could Allow Remote Code Execution – CVE-2007-3891

A remote code execution vulnerability exists in Windows Vista Weather Gadgets that could allow an attacker to run code with the privileges of the logged on user.

To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2007-3891.

Mitigating Factors for Windows Vista Weather Gadget Could Allow Remote Code Execution – CVE-2007-3891

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, which could reduce the severity of exploitation of this vulnerability. The following mitigating factor may be helpful in your situation:

Links are not visible in the default view of the Weather Gadget. To view links in the Weather Gadget the user must drag and drop the Weather Gadget onto the desktop.

Weather services provided in the Weather Gadget are not available in all geographical regions.

Top of sectionTop of section

Workarounds for Windows Vista Weather Gadget Could Allow Remote Code Execution – CVE-2007-3891

Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:

Disable the Weather Gadget:

To disable the Weather Gadget, follow these steps:

1.

Right click in Sidebar.

2.

Select Properties from the menu.

3.

In the Windows Sidebar Properties dialog click the View list of running gadgets button.

4.

Select the Weather Gadget and click the Remove button.

Impact of Workaround: The Weather Gadget is disabled.

Uninstall the Weather Gadget:

To uninstall the Weather Gadget, follow these steps:

Right click in Sidebar.

Select Add Gadgets… from the menu.

Right click on the Weather Gadget.

Select uninstall from the menu.

Impact of Workaround: The Weather Gadget will be uninstalled.

Modify the Access Control List on gadget.xml to be more restrictive:

Applying this workaround may cause the installation of security updates provided with this security bulletin to fail.

To modify the Access Control List (ACL) on gadget.xml to be more restrictive, follow these steps:

1.

Click Start, click All Programs, click Accessories, right click on Command Prompt, click Run as administrator, and then click Continue.

2.

Type the following command at a command prompt:

cd %ProgramFiles%\Windows Sidebar\Gadgets\Weather.Gadget\en-US

3.

Type the following command at a command prompt make a note of the current ACL’s that is on the file (including inheritance settings) for future reference to undo this modification:

takeown /f gadget.xml

4.

Type the following command at a command prompt to ACL the Weather Gadget. Make a note of the current ACL’s that are on the file (including inheritance settings) for future reference to undo this modification:

icacls gadget.xml /deny Everyone:(R,RX)

5.

You must Log Off your system or close the sidebar.exe process after you apply this workaround.

Impact of Workaround: The Weather Gadget is disabled.

Disable Sidebar in Group Policy

To disable Sidebar in Group Policy, follow these steps:

1.

Click Start, click Run, type “gpedit.msc”, and then click Continue.

2.

Under Local Computer Policy\Computer Configuration double click Administrative Templates, double click Windows Components, and then double click Windows Sidebar.

3.

Change the value of the Turn off Windows Sidebar setting to Enabled:

4.

Right click on Turn off Windows Sidebar.

5.

Select Properties from the menu.

6.

Select the Enabled radio button.

7.

You must Log Off your system or close the sidebar.exe process after you apply this workaround.

Impact of Workaround: Sidebar is disabled.

Disable the Sidebar in the system registry

Disabling Sidebar by creating a new registry key helps protect the affected system from attempts to exploit this vulnerability. To create a new Sidebar registry key, follow these steps:

Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.

Note: We recommend backing up the registry before you edit it.

1.

Click Start, click Run, type “regedit” (without the quotation marks), and then click Continue.

2.

Expand HKEY_LOCAL_MACHINE, expand SOFTWARE, expand Microsoft, expand Windows, expand CurrentVersion, and then expand Policies.

3.

Right click on Policies, select New, select Key, and then type Windows as the file name.

4.

Right click on Windows, select New, select Key, and then type Sidebar as the file name.

5.

Right click on Sidebar, select New, select DWORD (32-bit) Value, and the type TurnOffSidebaras the Name.

6.

Right click on TurnOffSidebar, and then change Value data: to 1.

7.

You must Log Off your system or close the sidebar.exe process after you apply this workaround.

Impact of Workaround: Sidebar is disabled.

Top of sectionTop of section

FAQ for Windows Vista Weather Gadget Could Allow Remote Code Execution – CVE-2007-3891

What is the scope of the vulnerability?
This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could run code on the vulnerable system.

What causes the vulnerability
Weather Gadget does not perform sufficient validation when parsing HTML attributes.

What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could run code on the affected system.

How could an attacker exploit the vulnerability?
In order to exploit this vulnerability, an attacker would have to compromise the user’s connection and convince the user to click a malicious link in the Weather Gadget. To view links in the Weather Gadget the user must first drag and drop the Weather Gadget onto the desktop. Links are not visible in the default view of the Weather Gadget.

What is a Gadget?
Gadgets are mini-applications designed to provide the user with information or utilities. Windows Vista treats gadgets similar to the way Windows Vista treats other executable code. Gadgets are written using HTML and script, but this HTML is not located on an arbitrary remote server as web pages are. HTML content in the Gadget is downloaded first as part of a package of resources and configuration files and then executed from the local computer. This download process is similar to applications (.exe files) downloaded from the Internet.

Could the vulnerability be exploited over the Internet?
No, this vulnerability can not be exploited over the internet by an anonymous attacker.

What systems are primarily at risk from the vulnerability?
Any Windows Vista system where the Weather Gadget is running on the desktop and links are visible.

What does the update do?
The update removes the vulnerability by adding additional checks on HTML attributes within the Weather Gadgets.

When this security bulletin was issued, had this vulnerability been publicly disclosed?
No.

When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?
No. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.

Top of sectionTop of section
Top of sectionTop of section

Update Information

Detection and Deployment Tools and Guidance

Manage the software and security updates you need to deploy to the servers, desktop, and mobile computers in your organization. For more information see the TechNet Update Management Center. The Microsoft TechNet Security Web site provides additional information about security in Microsoft products.

Security updates are available from Microsoft Update, Windows Update, and Office Update. Security updates are also available at the Microsoft Download Center. You can find them most easily by doing a keyword search for "security_patch". Finally, security updates can be downloaded from the Windows Update Catalog. For more information about the Windows Update Catalog, see Microsoft Knowledge Base Article 323166.

Detection and Deployment Guidance

Microsoft has provided detection and deployment guidance for this month’s security updates. This guidance will also help IT professionals understand how they can use various tools to help deploy the security update, such as Windows Update, Microsoft Update, Office Update, the Microsoft Baseline Security Analyzer (MBSA), the Office Detection Tool, Microsoft Systems Management Server (SMS), the Extended Security Update Inventory Tool, and the Enterprise Update Scan Tool (EST). For more information, see Microsoft Knowledge Base Article 910723.

Microsoft Baseline Security Analyzer

Microsoft Baseline Security Analyzer (MBSA) allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations. For more information about MBSA visit Microsoft Baseline Security Analyzer Web site. The following table provides the MBSA detection summary for this security update.

SoftwareMBSA 1.2.1MBSA 2.0.1

Windows Vista

No

See Note for Windows Vista below

Windows Vista x64 Edition

No

See Note for Windows Vista below

Note for Windows Vista Microsoft does not support installing MBSA 2.0.1 on computers that run Windows Vista, but you may install MBSA 2.0.1 on a supported operating system and then scan the Windows Vista-based computer remotely. For additional information about MBSA support for Windows Vista, visit the MBSA Web site. See also Microsoft Knowledge Base Article 931943: Microsoft Baseline Security Analyzer (MBSA) support for Windows Vista.

Windows Server Update Services

By using Windows Server Update Services (WSUS), administrators can deploy the latest critical updates and security updates for Windows 2000 operating systems and later, Office XP and later, Exchange Server 2003, and SQL Server 2000 to Windows 2000 and later operating systems. For more information about how to deploy this security update using Windows Server Update Services, visit the Windows Server Update Services Web site.

Systems Management Server

The following table provides the SMS detection and deployment summary for this security update.

SoftwareSMS 2.0SMS 2003

Windows Vista

No

See Note for Windows Vista below

Windows Vista x64 Edition

No

See Note for Windows Vista below

For SMS 2.0, the SMS SUS Feature Pack, which includes the Security Update Inventory Tool (SUIT), can be used by SMS to detect security updates. SMS SUIT uses the MBSA 1.2.1 engine for detection. For more information about SUIT, visit the following Microsoft Web site. For more information about the limitations of SUIT, see Microsoft Knowledge Base Article 306460. The SMS SUS Feature Pack also includes the Microsoft Office Inventory Tool to detect required updates for Microsoft Office applications.

For SMS 2003, the SMS 2003 Inventory Tool for Microsoft Updates (ITMU) can be used by SMS to detect security updates that are offered by Microsoft Update and that are supported by Windows Server Update Services. For more information about the SMS 2003 ITMU, visit the following Microsoft Web site. SMS 2003 can also use the Microsoft Office Inventory Tool to detect required updates for Microsoft Office applications.

Note for Windows Vista Microsoft Systems Management Server 2003 with Service Pack 3 includes support for Windows Vista manageability.

For more information about SMS, visit the SMS Web site.

Top of sectionTop of section

Security Update Deployment

Affected Software

For information about the specific security update for your affected software, click the appropriate link:

Windows Vista (all versions)

Reference Table

The following table contains the security update information for this software. You can find additional information in the subsection, Deployment Information, in this section.

Inclusion in Future Service Packs

The update for this issue may be included in a future update rollup

Deployment

 

Installing without user intervention

All supported 32-bit editions of Windows Vista:
Windows6.0-kb938123-x86-enu /quiet
All supported 64-bit editions of Windows Vista:
Windows6.0-kb938123-x64-enu /quiet

Installing without restarting temporarily

All supported 32-bit editions of Windows Vista:
Windows6.0-kb938123-x86-enu /norestart
All supported 64-bit editions of Windows Vista:
Windows6.0-kb938123-x64-enu /norestart

Further information

See the subsection, Microsoft Detection and Deployment Tools and Guidance

Restart Requirement

 

Restart required

Yes, you must restart your system after you apply this security update

Hotpatching

Not applicable

Removal Information

To remove this update, click Control Panel, click Security, then under Windows Update, click View installed updates and select from the list of updates.

File Information

See the heading, File Information, below for the full file manifest.

Note: A registry key does not exist to validate the presence of this patch. To detect the presence of the patch use Windows Management Instrumentation (WMI).

File Information

The English version of this security update has the file attributes that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

For all supported 32-bit editions of Windows Vista:

File NameDateTimeSizeFolder

Contacts.css

20-Jul-2007

02:28

1,167

x86_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.16528

Contacts.HTML

20-Jul-2007

02:23

11,865

x86_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.16528

Contacts.js

20-Jul-2007

02:25

22,763

x86_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.16528

Gadget.xml

20-Jul-2007

02:20

1,026

x86_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.16528

Contacts.css

20-Jul-2007

02:31

1,167

x86_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.20644

Contacts.HTML

20-Jul-2007

02:26

11,865

x86_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.20644

Contacts.js

20-Jul-2007

02:28

22,763

x86_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.20644

Gadget.xml

20-Jul-2007

02:23

1,026

x86_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.20644

Flyout.css

20-Jul-2007

02:25

3,072

x86_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.16528

Flyout.HTML

20-Jul-2007

02:19

1,658

x86_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.16528

Gadget.xml

20-Jul-2007

02:26

929

x86_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.16528

Rssfeeds.css

20-Jul-2007

02:32

2,842

x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Rssfeeds.HTML

20-Jul-2007

02:24

9,748

x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Rssfeeds.js

20-Jul-2007

02:20

100,116

x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Settings.css

20-Jul-2007

02:23

1,254

x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Settings.HTML

20-Jul-2007

02:24

3,324

x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Settings.js

20-Jul-2007

02:27

5,914

x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Flyout.css

20-Jul-2007

02:28

3,072

x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.20644

Flyout.HTML

20-Jul-2007

02:22

1,658

x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.20644

Gadget.xml

20-Jul-2007

02:29

929

x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.20644

Rssfeeds.css

20-Jul-2007

02:35

2,842

x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.20644

Rssfeeds.HTML

20-Jul-2007

02:27

9,748

x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.20644

Rssfeeds.js

20-Jul-2007

02:24

100,116

x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.20644

Settings.css

20-Jul-2007

02:26

1,254

x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.20644

Settings.HTML

20-Jul-2007

02:27

3,324

x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.20644

Settings.js

20-Jul-2007

02:30

5,914

x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.20644

Docked.js

20-Jul-2007

02:21

201,350

x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Gadget.xml

20-Jul-2007

02:30

889

x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Localization.js

20-Jul-2007

02:29

4,234

x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Settings.css

20-Jul-2007

02:30

1,474

x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Settings.HTML

20-Jul-2007

02:29

3,954

x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Stocks.css

20-Jul-2007

02:17

6,202

x86_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Stocks.HTML

20-Jul-2007

02:18

6,928

x86_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Stocks.js

20-Jul-2007

02:20

80,502

x86_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Undocked.js

20-Jul-2007

02:17

296,038

x86_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Util.js

20-Jul-2007

02:24

20,874

x86_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Docked.js

20-Jul-2007

02:24

201,350

x86_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.20644

Gadget.xml

20-Jul-2007

02:33

889

x86_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.20644

Localization.js

20-Jul-2007

02:31

4,234

x86_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.20644

Settings.css

20-Jul-2007

02:33

1,474

x86_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.20644

Settings.HTML

20-Jul-2007

02:32

3,954

x86_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.20644

Stocks.css

20-Jul-2007

02:20

6,202

x86_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.20644

Stocks.HTML

20-Jul-2007

02:21

6,928

x86_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.20644

Stocks.js

20-Jul-2007

02:23

80,502

x86_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.20644

Undocked.js

20-Jul-2007

02:20

296,038

x86_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.20644

Util.js

20-Jul-2007

02:27

20,874

x86_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.20644

Gadget.xml

20-Jul-2007

02:27

1,846

x86_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Library.js

20-Jul-2007

02:31

36,084

x86_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Localizedstrings.js

20-Jul-2007

02:22

5,406

x86_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Settings.css

20-Jul-2007

02:25

8,306

x86_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Settings.HTML

20-Jul-2007

02:28

5,078

x86_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Settings.js

20-Jul-2007

02:23

44,870

x86_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Weather.css

20-Jul-2007

02:27

22,858

x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.16528

Weather.HTML

20-Jul-2007

02:21

13,004

x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.16528

Weather.js

20-Jul-2007

02:25

78,056

x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.16528

Gadget.xml

20-Jul-2007

02:30

1,846

x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.20644

Library.js

20-Jul-2007

02:34

36,084

x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.20644

Localizedstrings.js

20-Jul-2007

02:25

5,406

x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.20644

Settings.css

20-Jul-2007

02:28

8,306

x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.20644

Settings.HTML

20-Jul-2007

02:31

5,078

x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.20644

Settings.js

20-Jul-2007

02:26

44,870

x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.20644

Weather.css

20-Jul-2007

02:30

22,858

x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.20644

Weather.HTML

20-Jul-2007

02:24

13,004

x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.20644

Weather.js

20-Jul-2007

02:28

78,056

x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.20644

For all supported 64-bit editions of Windows Vista:

File NameDateTimeSizeCPUFolder

Contacts.css

20-Jul-2007

03:37

1,167

x64

amd64_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.16528

Contacts.HTML

20-Jul-2007

03:33

11,865

x64

amd64_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.16528

Contacts.js

20-Jul-2007

03:35

22,763

x64

amd64_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.16528

Gadget.xml

20-Jul-2007

03:30

1,026

x64

amd64_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.16528

Contacts.css

20-Jul-2007

03:29

1,167

x64

amd64_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.20644

Contacts.HTML

20-Jul-2007

03:25

11,865

x64

amd64_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.20644

Contacts.js

20-Jul-2007

03:27

22,763

x64

amd64_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.20644

Gadget.xml

20-Jul-2007

03:22

1,026

x64

amd64_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.20644

Flyout.css

20-Jul-2007

03:35

3,072

x64

amd64_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.16528

Flyout.HTML

20-Jul-2007

03:29

1,658

x64

amd64_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.16528

Gadget.xml

20-Jul-2007

03:35

929

x64

amd64_microsoft-windows-g..-contacts.resources_31bf3856ad364e35_6.0.6000.16528

Rssfeeds.css

20-Jul-2007

03:40

2,842

x64

amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Rssfeeds.HTML

20-Jul-2007

03:34

9,748

x64

amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Rssfeeds.js

20-Jul-2007

03:30

100,116

x64

amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Settings.css

20-Jul-2007

03:32

1,254

x64

amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Settings.HTML

20-Jul-2007

03:34

3,324

x64

amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Settings.js

20-Jul-2007

03:36

5,914

x64

amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Flyout.css

20-Jul-2007

03:27

3,072

x64

amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.20644

Flyout.HTML

20-Jul-2007

03:21

1,658

x64

amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.20644

Gadget.xml

20-Jul-2007

03:27

929

x64

amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.20644

Rssfeeds.css

20-Jul-2007

03:33

2,842

x64

amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.20644

Rssfeeds.HTML

20-Jul-2007

03:26

9,748

x64

amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.20644

Rssfeeds.js

20-Jul-2007

03:22

100,116

x64

amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.20644

Settings.css

20-Jul-2007

03:24

1,254

x64

amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.20644

Settings.HTML

20-Jul-2007

03:26

3,324

x64

amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.20644

Settings.js

20-Jul-2007

03:28

5,914

x64

amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.20644

Docked.js

20-Jul-2007

03:31

201,350

x64

amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Gadget.xml

20-Jul-2007

03:39

889

x64

amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Localization.js

20-Jul-2007

03:38

4,234

x64

amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Settings.css

20-Jul-2007

03:39

1,474

x64

amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Settings.HTML

20-Jul-2007

03:38

3,954

x64

amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.0.6000.16528

Stocks.css

20-Jul-2007

03:27

6,202

x64

amd64_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Stocks.HTML

20-Jul-2007

03:29

6,928

x64

amd64_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Stocks.js

20-Jul-2007

03:30

80,502

x64

amd64_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Undocked.js

20-Jul-2007

03:27

296,038

x64

amd64_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Util.js

20-Jul-2007

03:33

20,874

x64

amd64_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Docked.js

20-Jul-2007

03:23

201,350

x64

amd64_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.20644

Gadget.xml

20-Jul-2007

03:31

889

x64

amd64_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.20644

Localization.js

20-Jul-2007

03:30

4,234

x64

amd64_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.20644

Settings.css

20-Jul-2007

03:31

1,474

x64

amd64_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.20644

Settings.HTML

20-Jul-2007

03:30

3,954

x64

amd64_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.20644

Stocks.css

20-Jul-2007

03:19

6,202

x64

amd64_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.20644

Stocks.HTML

20-Jul-2007

03:21

6,928

x64

amd64_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.20644

Stocks.js

20-Jul-2007

03:22

80,502

x64

amd64_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.20644

Undocked.js

20-Jul-2007

03:19

296,038

x64

amd64_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.20644

Util.js

20-Jul-2007

03:25

20,874

x64

amd64_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.20644

Gadget.xml

20-Jul-2007

03:36

1,846

x64

amd64_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Library.js

20-Jul-2007

03:40

36,084

x64

amd64_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Localizedstrings.js

20-Jul-2007

03:32

5,406

x64

amd64_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Settings.css

20-Jul-2007

03:35

8,306

x64

amd64_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Settings.HTML

20-Jul-2007

03:37

5,078

x64

amd64_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Settings.js

20-Jul-2007

03:33

44,870

x64

amd64_microsoft-windows-g..ts-stocks.resources_31bf3856ad364e35_6.0.6000.16528

Weather.css

20-Jul-2007

03:37

22,858

x64

amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.16528

Weather.HTML

20-Jul-2007

03:31

13,004

x64

amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.16528

Weather.js

20-Jul-2007

03:34

78,056

x64

amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.16528

Gadget.xml

20-Jul-2007

03:28

1,846

x64

amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.20644

Library.js

20-Jul-2007

03:32

36,084

x64

amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.20644

Localizedstrings.js

20-Jul-2007

03:24

5,406

x64

amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.20644

Settings.css

20-Jul-2007

03:26

8,306

x64

amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.20644

Settings.HTML

20-Jul-2007

03:29

5,078

x64

amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.20644

Settings.js

20-Jul-2007

03:25

44,870

x64

amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.20644

Weather.css

20-Jul-2007

03:28

22,858

x64

amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.20644

Weather.HTML

20-Jul-2007

03:23

13,004

x64

amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.20644

Weather.js

20-Jul-2007

03:26

78,056

x64

amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.0.6000.20644

Note For a complete list of supported versions, see the Support Lifecycle Index. For a complete list of service packs, see Lifecycle Supported Service Packs. For more information on the support lifecycle policy, see Microsoft Support Lifecycle.

Top of sectionTop of section
Top of sectionTop of section

Deployment Information

Installing the Update

When you install this security update, the installer checks whether one or more of the files that are being updated on your system have previously been updated by a Windows hotfix. If you have previously installed a hotfix to update one of these files, the installer will apply the LDR version of this update. Otherwise, the installer will apply the GDR version of the update. The LDR version of a file has a higher version number than the GDR version of a file. For more information about this behavior, see Microsoft Knowledge Base Article 824994.For more information about the installer, see Microsoft Knowledge Base Article 934307.

For more information about the terminology that appears in this bulletin, such as hotfix, see Microsoft Knowledge Base Article 824684.

This security update supports the following setup switches.

Supported Security Update Installation Switches
SwitchDescription

/?, /h, /help

Displays help on supported switches.

/quiet

Suppresses the display of status or error messages.

/norestart

When combined with /quiet, the system will not be restarted after installation even if a restart is required to complete installation.

Note You can combine these switches into one command. For backward compatibility, the security update also supports the setup switches that the earlier version of the Setup program uses. For more information about the supported installation switches, see Microsoft Knowledge Base Article 262841. For more information about the Update.exe installer, visit the Microsoft TechNet Web site. For more information about the terminology that appears in this bulletin, such as hotfix, see Microsoft Knowledge Base Article 824684.

Removing the Update

To remove this update, use the Add or Remove Programs tool in Control Panel.

Verifying That the Update Has Been Applied

Microsoft Baseline Security Analyzer

To verify that a security update has been applied to an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. See the section, Detection and Deployment Tools and Guidance, earlier in this bulletin for more information.

File Version Verification

Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

1.

Click Start, and then click Search.

2.

In the Search Results pane, click All files and folders under Search Companion.

3.

In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.

4.

In the list of files, right-click a