SYMPTOMS
The Windows shell is responsible for providing the basic
framework of the Windows user interface experience. The shell is most familiar
as the Windows desktop. The shell also provides a variety of other functions to
help define your computing session, including organizing files and folders, and
providing the means to start programs.
An unchecked buffer exists in a
function that is used by the Windows shell to extract custom attribute
information from some folders. A security vulnerability occurs because a
malicious user can construct an attack that can exploit this flaw and run code
on your computer.
An attacker could seek to exploit this vulnerability
by creating a Desktop.ini file that contains a corrupted custom attribute, and
then host it on a network share. If a user browses the shared folder where the
file is stored, the vulnerability could be exploited. A successful attack could
either cause the Windows shell to fail or cause an attacker's code to run on
the user's computer in the security context of the user. Mitigating factors:
- In the case when an attacker's code is executed, the code
would run in the security context of the user. As a result, any limitations on
the user's ability would also restrict the actions that an attacker's code
could take.
- An attacker could only seek to exploit this vulnerability
by hosting a malicious file on a share.
- This vulnerability affects only Windows XP Service Pack 1
(SP1). If you are running the original released version of Windows XP, your
computer is not affected.
RESOLUTION
Service pack information
To resolve
this problem, obtain the latest service pack for Microsoft Windows XP. For
additional information, click the following article number to view the article
in the Microsoft Knowledge Base:
322389 How to obtain the latest Windows XP service pack
Update information
The
following files are available for download from the Microsoft Download Center:
Windows XP Professional and Windows XP Home Edition:
Windows XP 64-Bit Edition:
Release Date: July 16,
2003
For additional information about how to download Microsoft
Support files, click the following article number to view the article in the
Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most
current virus-detection software that was available on the date that the file
was posted. The file is stored on security-enhanced servers that help to
prevent any unauthorized changes to the file.
Prerequisites
This security patch requires Windows XP Service Pack
1. For additional
information about how to obtain the latest service pack, click the following
article number to view the article in the Microsoft Knowledge Base:
322389
How
to Obtain the Latest Windows XP Service Pack
Installation information
This security patch supports the following Setup switches:
- /?: Display the list of installation switches.
- /u: Use Unattended mode.
- /f: Force other programs to quit when the computer shuts down.
- /n: Do not back up files for removal.
- /o: Overwrite OEM files without prompting.
- /z: Do not restart when the installation is complete.
- /q: Use Quiet mode (no user interaction).
- /l: List the installed hotfixes.
- /x: Extract the files without running Setup.
To verify that the security patch is installed on your
computer, confirm that the following registry key exists:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB821557
Deployment information
To install the security patch without any user intervention, use
the following command:
windowsxp-kb821557-x86-enu /u /q
To install the security patch without forcing the
computer to restart, use the following command:
windowsxp-kb821557-x86-enu /z
Note You can combine these switches in one command.
For
information about how to deploy this security patch with Software Update
Services, visit the following Microsoft Web site:
Restart requirement
You must restart your computer after you apply this security
patch.
Removal information
To remove this security patch, use the Add or Remove Programs tool
in Control Panel.
System administrators can use the Spunist.exe
utility to remove this security patch. The Spuninst.exe utility is located in
the %Windir%\$NTUninstallKB821557$\Spuninst folder. The tool supports the
following Setup switches:
- /?: Display the list of installation switches.
- /u: Use Unattended mode.
- /f: Force other programs to quit when the computer shuts down.
- /z: Do not restart when the installation is complete.
- /q: Use Quiet mode (no user interaction).
Security patch replacement information
This security patch does not replace any other security patches.
File information
The English version of this
fix has the file attributes (or later) that are listed in the following table.
The dates and times for these files are listed in coordinated universal time
(UTC). When you view the file information, it is converted to local time. To
find the difference between UTC and local time, use the
Time
Zone tab in the Date and Time tool in Control Panel.
Windows XP Professional and Windows XP Home
Edition:
Date Time Version Size File name SP-level
-----------------------------------------------------------------------
11-Jun-2003 18:43 6.0.2800.1233 8,240,640 Shell32.dll (with SP1)
11-Jun-2003 18:53 6.0.2600.115 8,223,744 Shell32.dll (without SP1)
Windows XP 64-Bit Edition:
Date Time Version Size File name
------------------------------------------------------------------
11-Jun-2003 18:44 6.0.2800.1233 14,369,792 Shell32.dll (IA-64)
10-Jun-2003 15:39 6.0.2800.1233 8,240,640 Wshell32.dll (x86)
You can verify the files that this security patch installs by
reviewing the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB821557\Filelist