Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:6056
HistoryApr 14, 2004 - 12:00 a.m.

Microsoft Security Bulletin MS04-013

2004-04-1400:00:00
vulners.com
29

Microsoft Security Bulletin MS04-013
Cumulative Security Update for Outlook Express (837009)

Issued: April 13, 2004
Version: 1.0

Summary
Who should read this document: Customers who have Microsoft® Outlook Express® installed

Impact of vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: This bulletin replaces MS03-014: Cumulative Update for Outlook Express, and any prior Cumulative Security Update for Outlook Express.

Caveats: None

Tested Software and Security Update Download Locations:

Affected Software:

• Microsoft Windows NT® Workstation 4.0 Service Pack 6a

• Microsoft Windows NT Server 4.0 Service Pack 6a

• Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6

• Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft Windows 2000 Service Pack 4

• Microsoft Windows XP and Microsoft Windows XP Service Pack 1

• Microsoft Windows XP 64-Bit Edition Service Pack 1

• Microsoft Windows XP 64-Bit Edition Version 2003

• Microsoft Windows Server™ 2003

• Microsoft Windows Server 2003 64-Bit Edition

• Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of this bulletin for details about these operating systems.

Tested Microsoft Windows Components:

Affected Components:

• Microsoft Outlook Express 5.5 SP2: Download the Update

• Microsoft Outlook Express 6: Download the Update

• Microsoft Outlook Express 6 SP1: Download the Update

• Microsoft Outlook Express 6 SP1 (64 bit Edition): Download the Update

• Microsoft Outlook Express 6 on Windows Server 2003: Download the Update

• Microsoft Outlook Express 6 on Windows Server 2003 (64 bit edition): Download the Update

The software that is listed above has been tested to determine if the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support lifecycle for your product and version, visit the following Microsoft Support Lifecycle Web site.

Top of section
General Information
Technical Details

Executive Summary:

This is a cumulative update that includes the functionality of all the previously-released updates for Outlook Express 5.5 and Outlook Express 6. Additionally, it eliminates a new vulnerability that could allow an attacker who successfully exploited this vulnerability to access files and to take complete control of the affected system. This could occur even if Outlook Express is not used as the default e-mail reader on the system.

Microsoft recommends that customers install this update immediately.

Severity Ratings and Vulnerability Identifiers:

Vulnerability Identifiers Impact of Vulnerability Outlook Express 5.5 SP2 Outlook Express 6 Outlook Express 6 SP1 Outlook Express 6 (64 bit Edition) Microsoft Outlook Express 6 for Windows Server 2003 Microsoft Outlook Express 6 for Windows Server 2003 (64-bit Edition)
MHTML URL Processing Vulnerability - CAN-2004-0380
Remote Code Execution
Critical
Critical
Critical
Critical
Critical
Critical

The above assessment is based on the types of systems that are affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them.

Top of section
Frequently asked questions (FAQ) related to this security update

What updates does this release replace?
This is a cumulative update that includes the functionality of all the previously-released updates for Outlook Express 5.5 and Outlook Express 6. The security bulletin ID and operating systems that are affected for the previous Outlook Express update are listed in the following table.

Bulletin ID Microsoft Outlook Express 5.5 SP2 Microsoft Outlook Express 6 Microsoft Outlook Express 6 SP1 Microsoft Outlook Express 6 SP1 (64 bit Edition) Microsoft Outlook Express 6 for Windows Server 2003 Microsoft Outlook Express 6 for Windows Server 2003 (64-bit Edition)
MS03-014
Replaced
Replaced
Replaced
Replaced
Not Applicable
Not Applicable

What systems are primarily at risk from the vulnerability?
By default, Outlook Express is installed on all supported Windows systems. Microsoft recommends that this update be installed immediately on all systems. However, this vulnerability requires a user to be logged on and to be reading e-mail or visiting Web sites for any malicious action to occur. Therefore, any systems where e-mail is read or where Internet Explorer is used frequently (such as users’ workstations) are at the most risk from this vulnerability. Systems that are not typically used to read e-mail or to visit Web sites (such as most server systems) are at a reduced risk.

I am running Internet Explorer on Windows Server 2003. Does this mitigate this vulnerability?
No. By default, Internet Explorer on Windows Server 2003 runs in a restricted mode that is known as Enhanced Security Configuration. However, this configuration does not mitigate this vulnerability.

I do not use Outlook Express to read e-mail or newsgroups. Am I at risk from this vulnerability?
Yes. Because Outlook Express is installed by default, customers will be at risk until this update is applied. An attacker could exploit this vulnerability through a malicious Web site or through HTML e-mail, regardless of whether Outlook Express is the default e-mail reader.

I am using Windows XP Service Pack 1 (SP1) or Windows 2000 SP 3 or later, and I have removed Outlook Express as my default e-mail reader by using the Set Program Access and Defaults tool. Am I still at risk from this vulnerability?
Yes. Because Outlook Express is installed by default, customers will be at risk until this update is applied. An attacker could exploit this vulnerability either through a malicious Web site or through HTML e-mail, regardless of whether Outlook Express has been selected as the default e-mail reader by using the Set Program Access and Defaults Tool. For more information about the Set Program Access and Defaults tool, visit the following Microsoft Developer Network (MSDN) Web site.

I just scanned my system by using the Microsoft Baseline Security Analyzer (MBSA) and it did not tell me that I had to install this update. Am I at risk?
MBSA does not currently scan for Outlook Express-related security updates. However, Windows Update will successfully detect and install this update if it is required. For more information about MBSA and the products that MBSA currently scans, visit the following Microsoft Web site.

Can I detect this update using SMS?
SMS uses MBSA for detection and this update is not detected by MBSA. However, the file and registry key information available in this bulletin can be used to write specific file/registry key collection queries in SMS to detect vulnerable computers.

How can I deploy this update using SMS?
For information on how to deploy this update by using the Software Distribution feature of SMS please visit the followingweb site.

How does the extended support for Windows 98, Windows 98 Second Edition and Windows Millennium Edition affect the release of security updates for these operating systems?
Microsoft will only be releasing security updates for critical security issues. Non-critical security issues are not offered during this support period. For more information about the Microsoft Support Lifecycle policies for these operating systems, visit the following Microsoft Product Support Services Web site.
More information on severity ratings can be found at the following Web site.

Are Windows 98, Windows 98 Second Edition or Windows Millennium Edition critically affected by the vulnerability addressed within this security bulletin?
Yes. This vulnerability is critical in severity on Windows 98, Windows 98 Second Edition and Windows Millennium Edition.

Top of section
Vulnerability Details

MHTML URL Processing Vulnerability - CAN-2004-0380:

A remote code execution vulnerability exists in the processing of specially crafted MHTML URLs that could allow an attacker’s HTML code to run in the Local Machine security zone in Internet Explorer. This could allow an attacker to take complete control of an affected system.

Mitigating factors for MHTML URL Processing Vulnerability - CAN-2004-0380:

• In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.

• By default, Outlook Express 6, Outlook 2002, and Outlook 2003 open HTML e-mail messages in the Restricted sites zone. Additionally, Outlook 98 and Outlook 2000 open HTML e-mail messages in the Restricted sites zone if the Outlook E-mail Security Update has been installed. The Restricted sites zone helps reduce attacks that could attempt to exploit this vulnerability.

The risk of attack from the HTML e-mail vector can be significantly reduced if you meet all of the following conditions:

• Apply the update that is included with Microsoft Security Bulletin MS03-040 or a later Cumulative Security Update for Internet Explorer.

• Use Internet Explorer 6 or later

• Use the Microsoft Outlook E-mail Security Update, use Microsoft Outlook Express 6 or later, or use Microsoft Outlook 2000 Service Pack 2 or later in its default configuration.

• An attacker who successfully exploited this vulnerability could gain the same privileges as the user. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.

• The update that is included with Microsoft Security Bulletin

Top of section
Workarounds for MHTML URL Processing Vulnerability - CAN-2004-0380:

Microsoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified below.

• Strengthen the security settings for the Local Machine zone in Internet Explorer

Because this vulnerability permits an attacker to run HTML code in the Local Machine security zone, users can reduce the impact of this vulnerability by restricting the default settings in this zone. For more information about these settings, and for more information about the potential impacts of changing these default settings, see Microsoft Knowledge Base Article 833633.

Warning: Microsoft recommends that customers consider these changes to Internet Explorer security settings as a last resort only. If you make these changes, you may lose some functionality for some Windows programs and components. Before you make these changes in a production environment, test the changes extensively to verify that mission-critical programs continue to work correctly for all users.

• Install Outlook E-mail Security Update if you are using Outlook 2000 SP1 or earlier.

By default, Outlook Express 6, Outlook 2002, and Outlook 2003 open HTML e-mail messages in the Restricted sites zone. Additionally, Outlook 98 and Outlook 2000 open HTML e-mail messages in the Restricted sites zone if the Outlook E-mail Security Update has been installed.

Customers who use one or more of these products could be at a reduced risk from an e-mail-borne attack that tries to exploit this vulnerability by having the user click a malicious link in the e-mail.

• Read e-mail in plain text format if you are using Outlook 2002 or later or if you are using Outlook Express 6 SP1 or later, to help protect yourself from the HTML e-mail attack method,

Microsoft Outlook 2002 users who have applied Office XP Service Pack 1 or later and Microsoft Outlook Express 6 users who have applied Internet Explorer 6 Service Pack 1 can enable this setting and view all non-digitally signed e-mail messages or non-encrypted e-mail messages in plain text only.

Digitally signed e-mail messages or encrypted e-mail messages are not affected by the setting and may be read in their original formats. For more information about enabling this setting in Outlook 2002, see Microsoft Knowledge Base Article 307594.

For information about this setting in Outlook Express 6, see Microsoft Knowledge Base Article 291387.

Impact of Workaround

E-mail that is viewed in plain text format will not contain pictures, specialized fonts, animations, or other rich content. In addition:

• The changes are applied to the preview pane and to open messages.

• Pictures become attachments to avoid loss.

• Because the message is still in Rich Text format or in HTML format in the store, the object model (custom code solutions) may behave unexpectedly.

Top of section
FAQ for MHTML URL Processing Vulnerability - CAN-2004-0380:

What is the scope of the vulnerability?
This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could run HTML code of their choosing in the Local Machine security zone in Internet Explorer. By running HTML code in the Local Machine zone, an attacker to gain complete control over an affected system. An attacker could take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts that have full administrative credentials.

What causes the vulnerability?
This vulnerability occurs because of the way that Outlook Express processes specially crafted MIME Encapsulation of Aggregate HTML(MHTML) URLs.

What are MHTML URLs?
MHTML stands for MIME Encapsulation of Aggregate HTML. . MHTML is an Internet standard that defines the MIME structure that is used to send HTML content in the body of an e-mail message. The MHTML URL Handler in Windows is part of Outlook Express and provides a URL type (MHTML://) that permits MHTML encoded documents to be rendered in applications. Therefore, applications such as Internet Explorer will use Outlook Express to processes MTHML encoded documents.

What are Internet Explorer security zones?
Internet Explorer security zones are a system that divides online content into categories or zones that are based on the trustworthiness of the content. Specific Web domains can be assigned to a zone, depending on how much trust is placed in the content of each domain. The zone then restricts the capabilities of the Web content, based on the zone's policy. By default, most Internet domains are treated as part of the Internet zone. By default, the policy of the Internet zone prevents scripts and other active code from accessing resources on the local system.

What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could access files on a user's system and could run arbitrary code on a user's system. This code would run in the security context of the user who was currently logged on.

How could an attacker exploit this vulnerability?
The remote code execution vulnerability exists in the processing of specially crafted MHTML URLs that could permit an attacker to take complete control of an affected system.
In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site.
An attacker could also create an HTML e-mail message that was designed to exploit the vulnerability. Then an attacker could persuade the user to view the HTML e-mail message. After the user had visited the malicious Web site or viewed the malicious HTML e-mail message, an attacker who successfully exploited this vulnerability could run HTML code of their choice in the Local Machine zone on the user’s system. This could allow an attacker to access files on a user's system and to run arbitrary code on a user's system. This code would run in the security context of the user who was currently logged on.

What does the update do?
This update addresses the vulnerability by modifying the way that Outlook Express processes MHTML URLs.

Top of section
Top of section
Top of section
Security Update Information

Prerequisites

Microsoft has tested the versions of Windows and the versions of Outlook Express that are listed in this bulletin to assess whether they are affected by this vulnerability and to confirm that the update that this bulletin describes addresses this vulnerability.

To install the Outlook Express 6 Service Pack 1 (SP1) versions of this update, you must be running Internet Explorer 6 SP1 (version 6.00.2800.1106) on one of the following versions of Windows:

• Microsoft Windows 98

• Microsoft Windows 98 SE

• Microsoft Windows ME

• Microsoft Windows NT® Workstation 4.0 Service Pack 6a

• Microsoft Windows NT Server 4.0 Service Pack 6a

• Microsoft Windows NT Server 4.0 Terminal Server Edition, Service Pack 6

• Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4

• Microsoft Windows XP

• Microsoft Windows XP Service Pack 1

• Microsoft Windows XP 64-Bit Edition, Service Pack 1

To install the Outlook Express 6 for Windows Server 2003 versions of this update, you must be running Internet Explorer 6 (version 6.00.3790.0000) on Windows Server 2003 (32-bit or 64-bit) or you must be running Internet Explorer 6 (version 6.00.3790.0000) on Windows XP 64-Bit Edition, Version 2003.

To install the Outlook Express 6 version of this update, you must be running Internet Explorer 6 (version 6.00.2600.0000) on a 32-bit version of Windows XP.

To install the Outlook Express 5.5 version of this update, you must be running one of the following:

• Internet Explorer 5.01 Service Pack 4 (version 5.00.3700.1000) on Windows 2000 SP4

• Internet Explorer 5.01 Service Pack 3 (version 5.00.3502.1000) on Windows 2000 SP3

• Internet Explorer 5.5 Service Pack 2 (version 5.50.4807.2300) Windows Millennium Edition

Versions of Windows, versions of Outlook Express, and versions of Internet Explorer that are not listed in this article are no longer supported. Although you can install some of the update packages that are described in this article on these versions of Windows and on these versions of Outlook Express, Microsoft has not tested these versions to assess whether they are affected by this vulnerability or to confirm that the update that this bulletin describes addresses this vulnerability. Microsoft recommends that you upgrade to a supported version of Windows and to a supported version of Outlook Express, and then apply the appropriate update.

For more information about how to determine the version of Internet Explorer that you are running, see Microsoft Knowledge Base Article 164539.

For more information about support lifecycles for Windows components, visit the following Microsoft Support Lifecycle Web site.

For more information about how to obtain the latest service pack for Internet Explorer 6, see Microsoft Knowledge Base Article 328548.

For more information about how to obtain the latest service pack for Internet Explorer 5.5, see Microsoft Knowledge Base Article 276369.

For more information about how to obtain the latest service pack for Internet Explorer 5.01, see Microsoft Knowledge Base Article 267954.

Restart Requirements

In some cases, you do not have to restart your computer after you apply this update. However, if the required files are in use, you must restart your computer after you apply this update. If this behavior occurs, a message is displayed that advises you to restart your computer. You do not have to use an administrator logon after the computer restarts for any version of this update.

The Windows Server 2003 versions of this security update (including Windows XP 64-Bit Edition, Version 2003) support the following setup switches:

  /help                 Display the command-line options

Setup Modes

  /quiet                Use Quiet mode (no user interaction or display)

  /passive            Use Unattended mode (progress bar only)

  /uninstall           Remove the package

Restart Options

  /norestart          Do not require restart when installation is complete

  /forcerestart      Require restart after installation

Special Options

  /l           List installed Windows hotfixes or update packages

  /o          Overwrite OEM files without prompting

  /n          Do not back up files that are needed for uninstall

  /f           Force other programs to quit when the computer shuts down

You can combine these switches into one command. For backward compatibility, this security update also supports the setup switches that are used by the previous version of the Setup utility. For backward compatibility, this security update also supports the setup switches that the earlier version of the Setup utility uses. For more information about the supported installation switches, see Microsoft Knowledge Base Article 262841.

Deployment Information

To install this security update on Windows Server 2003 without any user intervention, use the following command at a command prompt:

windowsserver2003-kb837009-x86-enu.exe /quiet /passive

To install this security update on Windows Server 2003 without forcing the system to restart, use the following command at a command prompt:

windowsserver2003-kb837009-x86-enu.exe /norestart

The other update packages for this security update support the following Setup switches:

The other update packages for this security update support the following setup switches:

  /q                 Use Quiet mode or suppress messages when the files are being extracted.

  /q:u              Use User-Quiet mode. User-Quiet mode presents some dialog boxes to the user. 

  /q:a              Use Administrator-Quiet mode. Administrator-Quiet mode does not present any dialog boxes to the user.

  /t: path:       Specify the location of the temporary folder that Setup uses or the target folder for extracting the files (when you also use the /c switch).

  /c:                Extract the files without installing them. If you do not specify the /t: path switch, you are prompted for a target folder.

  /c: path        Specify the path and the name of the Setup .inf file or the .exe file.

  /r:n              Never restart the computer after the installation process has completed.

  /r:i               Prompt the user to restart the computer if a restart is required, except when you use this switch together with the /q:a switch.

  /r:a              Always restart the computer after the installation process has completed.

  /r:s              Restart the computer after the installation process has completed without prompting the user.

  /n:v              Do not verify the version. Use this switch with caution to install the update on any version of Internet Explorer.

For more information about these supported Setup switches, see Microsoft Knowledge Base Article 197147.

For example, to install this update without any user intervention and without forcing the computer to restart, run the following command:

q837009.exe /q:a /r:n

Verifying Update Installation

To verify the files that this security update has installed, use one of the following methods:

• Confirm that Q837009 appears in the Update Versions field in the About Internet Explorer dialog box. You cannot use this method on Windows Server 2003 or on Windows XP 64-Bit Edition, Version 2003 because the package does not update the Update Versions field for these versions of Windows.

• Compare the versions of the updated files on your computer with the files that are listed in the "File Information" section in this bulletin.

• Confirm that the following registry entries exist:

• For Windows Server 2003 and Windows XP 64-Bit Edition, Version 2003, confirm that the Installed DWORD value that has a data value of 1 appears in the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Hotfix\KB837009

• For all other versions of Windows, confirm that the IsInstalled DWORD value that has a data value of 1 appears in the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{ 2cc9d512-6db6-4f1c-8979-9a41fae88de0}

Removal Information

To remove this update, use the Add or Remove Programs tool (or the Add/Remove Programs tool) in Control Panel. Click Outlook Express Q837009, and then click Change/Remove (or click Add/Remove).

On Windows Server 2003 and on Windows XP 64-Bit Edition Version 2003, system administrators can also use the Spuninst.exe utility to remove this security update. The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB835732$\Spuninst folder. This utility supports the following Setup switches:

/?: Show the list of installation switches.

/u: Use unattended mode.

/f: Force other programs to quit when the computer shuts down.

/z: Do not restart when the installation is complete.

/q: Use Quiet mode (no user interaction).

On all other versions of Windows, system administrators can use the Ieuninst.exe utility to remove this update. This security update installs the Oeuninst.exe utility in the %Windir% folder. This utility supports the following Setup switches:

/? -Show the list of supported switches.

/z -Do not restart when the installation is complete.

/q -Use Quiet mode (no user interaction).

For example, to remove this update quietly, use the following command:

c:\windows\ieuninst /q c:\windows\inf\q837009.inf

This command assumes that Windows is installed in the C:\Windows folder.

File Information

The English version of this security update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Because of file dependencies, this update may contain additional files.

For information about the specific security update for your operating system, click the appropriate link.

Outlook Express 6 SP1 for Windows XP, Windows XP SP1, Windows 2000 SP2, Windows 2000 SP3, Windows 2000 SP4, Windows NT 4.0 SP6a, Windows 98, Windows 98 SE, and Windows ME.

Date Time Version Size File name Platform

03-Mar-2003 23:57 6.00.2800.1123 75,776 Directdb.dll x86
02-Mar-2004 21:18 6.00.2800.1409 593,408 Inetcomm.dll x86
11-Oct-2002 22:08 6.00.2800.1123 47,616 Inetres.dll x86
03-Mar-2003 23:57 6.00.2800.1123 44,032 Msident.dll x86
03-Mar-2003 23:57 6.00.2800.1123 56,832 Msimn.exe x86
02-Mar-2004 21:18 6.00.2800.1409 1,175,040 Msoe.dll x86
03-Mar-2003 23:57 6.00.2800.1123 228,864 Msoeacct.dll x86
11-Oct-2002 22:09 6.00.2800.1123 2,479,616 Msoeres.dll x86
03-Mar-2003 23:57 6.00.2800.1123 91,136 Msoert2.dll x86
03-Mar-2003 23:57 6.00.2800.1123 93,184 Oeimport.dll x86
03-Mar-2003 23:57 6.00.2800.1123 55,808 Oemig50.exe x86
03-Mar-2003 23:57 6.00.2800.1123 31,744 Oemiglib.dll x86
03-Mar-2003 23:57 6.00.2800.1123 42,496 Wab.exe x86
02-Mar-2004 21:18 6.00.2800.1409 463,360 Wab32.dll x86
03-Mar-2003 23:57 6.00.2800.1123 30,208 Wabfind.dll x86
03-Mar-2003 23:57 6.00.2800.1123 77,824 Wabimp.dll x86
03-Mar-2003 23:57 6.00.2800.1123 27,648 Wabmig.exe x86

Top of section
Outlook Express 6 SP1 (64-Bit) for Windows XP 64-Bit Edition Service Pack 1

Date Time Version Size File name Platform

05-Nov-2002 17:53 6.00.2800.1123 251,904 Directdb.dll IA64
02-Mar-2004 21:24 6.00.2800.1409 2,201,600 Inetcomm.dll IA64
05-Nov-2002 17:53 6.00.2800.1123 47,104 Inetres.dll IA64
05-Nov-2002 17:53 6.00.2800.1123 63,488 Msimn.exe IA64
02-Mar-2004 21:24 6.00.2800.1409 4,484,096 Msoe.dll IA64
05-Nov-2002 17:53 6.00.2800.1123 729,088 Msoeacct.dll IA64
05-Nov-2002 17:54 6.00.2800.1123 2,479,104 Msoeres.dll IA64
05-Nov-2002 17:53 6.00.2800.1123 300,032 Msoert2.dll IA64
05-Nov-2002 17:53 6.00.2800.1123 302,080 Oeimport.dll IA64
05-Nov-2002 17:54 6.00.2800.1123 142,336 Oemig50.exe IA64
05-Nov-2002 17:54 6.00.2800.1123 73,728 Oemiglib.dll IA64
05-Nov-2002 17:53 6.00.2800.1123 87,040 Wab.exe IA64
02-Mar-2004 21:24 6.00.2800.1409 1,774,592 Wab32.dll IA64
05-Nov-2002 17:53 6.00.2800.1123 38,912 Wabfind.dll IA64
05-Nov-2002 17:53 6.00.2800.1123 240,640 Wabimp.dll IA64
05-Nov-2002 17:53 6.00.2800.1123 71,680 Wabmig.exe IA64

Top of section
Outlook Express 6 for Windows XP

Date Time Version Size File name Platform

03-Mar-2004 21:53 6.00.2739.300 595,968 Inetcomm.dll X86
13-Mar-2003 23:03 6.00.2720.3000 1,175,040 Msoe.dll X86

Top of section
Outlook Express 6 for Windows 2003

Date Time Version Size File name Platform Folder

03-Mar-2004 22:53 6.00.3790.137 605,184 Inetcomm.dll X86 RTMGDR
03-Mar-2004 22:39 6.00.3790.137 605,184 Inetcomm.dll X86 RTMQFE

Top of section
Outlook Express 6 (64-Bit) for Windows 2003 64-Bit Versions and Windows XP 64-Bit Edition, Version 2003

Date Time Version Size File name Platform Folder

03-Mar-2004 22:55 6.00.3790.137 2,019,840 Inetcomm.dll IA64 RTMGDR
03-Mar-2004 22:53 6.00.3790.137 605,184 Winetcomm.dll X86 RTMGDR
03-Mar-2004 22:35 6.00.3790.137 2,019,840 Inetcomm.dll IA64 RTMQFE
03-Mar-2004 22:39 6.00.3790.137 605,184 Winetcomm.dll X86 RTMQFE

Top of section
Outlook Express 5.5 SP2 on Windows 2000 SP3, Windows 2000 SP4, Windows Millennium Edition

Date Time Version Size File name Platform

04-Mar-2004 00:55 5.50.4939.300 573,200 Inetcomm.dll X86
16-Oct-2002 03:15 5.50.4922.1500 1,146,640 Msoe.dll X86

Top of section
When you install this security update on Windows Server 2003 or on Windows XP 64-Bit Edition Version 2003, the installer verifies whether one or more of the files that are being updated on your system have been updated previously by a Microsoft hotfix. If you have previously installed a hotfix to update one of these files, the installer copies the RTMQFE files to your system. Otherwise, the installer copies the RTMGDR files to your system. For more information, see Microsoft Knowledge Base Article 824994.

Top of section
Obtaining other security updates:

Updates for other security issues are available from the following locations:

• Security updates are available from the Microsoft Download Center: you can find them most easily by doing a keyword search for “security_patch”.

• Updates for consumer platforms are available from the Windows Update Web site.

Support:

• Customers in the U.S. and Canada can get technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.

• International customers can get support from their local Microsoft subsidiaries. There is no charge for support associated with security updates. For more information on how to contact Microsoft for support issues, visit the International Support Web site.

Security Resources:

• The Microsoft TechNet Security Web site provides additional information about security in Microsoft products.

• Microsoft Software Update Services

• Microsoft Baseline Security Analyzer (MBSA)

• Windows Update

• Windows Update Catalog: For more information about the Windows Update Catalog, see Microsoft Knowledge Base Article 323166.

• Office Update

Software Update Services (SUS):

Microsoft Software Update Services (SUS) enables administrators to quickly and reliably deploy the latest critical updates and security updates to Windows® 2000 and Windows Server™ 2003-based servers, as well as to desktop systems running Windows 2000 Professional or Windows XP Professional.

For information about how to deploy this security update with Software Update Services, visit the Software Update Services Web site.

Systems Management Server (SMS):

Systems Management Server can provide assistance deploying this security update. For information about Systems Management Server visit the SMS Web Site. For detailed information about the many enhancements to the security update deployment process that SMS 2003 provides, please visit the SMS 2003 Security Patch Management Web site. For users of SMS 2.0, it also provides several additional tools to assist administrators in the deployment of security updates such as the SMS 2.0 Software Update Services Feature Pack and the SMS 2.0 Administration Feature Pack. The SMS 2.0 Software Update Services Feature Pack utilizes the Microsoft Baseline Security Analyzer and the Microsoft Office Detection Tool to provide broad support for security bulletin remediation. Some software updates may require administrative rights following a restart of the computer

The inventory capabilities of the SMS 2.0 Software Update Services Feature Pack may be used for targeting updates to specific computers, and the SMS 2.0 Administration Feature Pack's Elevated Rights Deployment Tool can be used for installation. This provides optimal deployment for updates that require explicit targeting using Systems Management Server and administrative rights after the computer has been restarted.

Disclaimer:

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions:

• V1.0 April 13, 2004: Bulletin published

Related for SECURITYVULNS:DOC:6056