Home > Microsoft Security > Ms07-042



Windows 2000 (all versions) Prerequisites For Windows 2000, this security update requires Service Pack 4 (SP4). In the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add. If a restart is required at the end of Setup, a dialog box will be presented to the user with a timer warning that the system will restart in 30 seconds. Impact of Workaround: User will be prompted prior to running ActiveX controls unless the Web site is in the user’s list of trusted sites. Source

In the Search Results pane, click All files and folders under Search Companion. File Version Verification Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. Mitigating Factors for Microsoft XML Core Services Vulnerability - CVE-2006-4685: In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site.


The dates and times for these files are listed in coordinated universal time (UTC). For more information about the terminology that appears in this bulletin, such as hotfix, see Microsoft Knowledge Base Article 824684. Installation Information This security update supports the following setup switches. See the section, Detection and Deployment Tools and Guidance, earlier in this bulletin for more information.

Restart Requirement You must restart your system after you apply this security update. For more information, see Microsoft Knowledge Base Article 322389. What is the Server service? Comparing other file attributes to the information in the file information table is not a supported method of verifying that the update has been applied.

Verifying that the Update Has Been Applied Microsoft Baseline Security Analyzer To verify that a security update has been applied to an affected system, you may be able to use the Microsoft Xml Core Services Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Under Settings, in the ActiveX controls and plug-ins section, under Run ActiveX controls and plug-ins, click Prompt. Arpidfix.exe is used by the security update installer to address an issue documented in Microsoft Knowledge Base Article 904630.

Use Registry Editor at your own risk. In the Search Results pane, click All files and folders under Search Companion. Supported Spuninst.exe Switches SwitchDescription /help Displays the command-line options Setup Modes /passive Unattended Setup mode. What version of Microsoft XML Core Services is installed on my system?

Microsoft Xml Core Services

If a restart is required at the end of setup, a dialog box will be presented to the user with a timer warning that the computer will restart in 30 seconds. When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? Ms07-042 For backward compatibility, the security update also supports many of the setup switches that the earlier version of the Setup program uses. The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB911567$\Spuninst folder.

The following table provides the MBSA detection summary for this security update. Microsoft received information about this vulnerability through responsible disclosure. By using SMS, administrators can identify Windows-based systems that require security updates and can perform controlled deployment of these updates throughout the enterprise with minimal disruption to end users. Click Start, and then click Search.

For more information about the Windows Product Lifecycle, visit the followingMicrosoft Support Lifecycle Web site. Yes, there is a tool available that you can use to determine the version of MDAC that you have installed on your system. When you view the file information, it is converted to local time. For more information about how to deploy this security update using Windows Server Update Services, visit the Windows Server Update Services Web site.

Mitigating Factors for XSLT Buffer Overrun Vulnerability - CVE-2006-4686: In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used Many Web sites that are on the Internet or on an intranet use ActiveX to provide additional functionality. Also, this registry key may not be created correctly when an administrator or an OEM integrates or slipstreams the 924191 security update into the Windows installation source files.

Supported Security Update Installation Switches SwitchDescription /help Displays the command-line options.

This documentation is archived and is not being maintained. Registry Key Verification You may also be able to verify the files that this security update has installed by reviewing the following registry key. Restart Options /norestart Does not restart when installation has completed. /forcerestart Restarts the computer after installation and forces other applications to close at shutdown without saving open files first. /warnrestart[:x] Displays In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially-crafted .wab file to the user and by persuading the user to open the file.

In the Scripting section, under Active Scripting, click Prompt, and then click OK. What is the Enterprise Update Scanning Tool (EST)? Review the whole column for each bulletin identifier that is listed to verify the updates that you have to install, based on the programs or components that you have installed on As part of an ongoing commitment to provide detection tools for bulletin-class security updates, Microsoft delivers a stand-alone detection tool whenever the Microsoft Baseline Security Analyzer (MBSA) and the Office Detection

This is the same as unattended mode, but no status or error messages are displayed. When you call, ask to speak with the local Premier Support sales manager. If they are, see your product documentation to complete these steps. For a complete list of service packs, see Lifecycle Supported Service Packs.

Note If you have used an Administrative Installation Point (AIP) for deploying Office 2000, Office XP or Office 2003, you may not be able to deploy the update using SMS if you