After you install security update 896358, content that should be displayed in a different frame is displayed in the frame that contains the HTML Help ActiveX control (896905)
The information in this article applies to:
- Microsoft Windows Server 2003 SP1, when used with:
- Microsoft Windows Server 2003, Standard Edition
- Microsoft Windows Server 2003, Enterprise Edition
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows Server 2003, Datacenter Edition
- Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
- Microsoft Windows Server 2003, Datacenter Edition for Itanium-based Systems
- Microsoft Windows Server 2003, Standard x64 Edition
- Microsoft Windows Server 2003, Enterprise x64 Edition
- Microsoft Windows 2000 Professional SP4
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Server SP4
- Microsoft Windows 2000 Server SP3
- Microsoft Windows 2000 Advanced Server SP4
- Microsoft Windows 2000 Advanced Server SP3
- Microsoft Windows 2000 Datacenter Server SP4
- Microsoft Windows 2000 Datacenter Server SP3
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows XP Professional 64-Bit Edition (Itanium) 2003
- Microsoft Windows XP Professional 64-Bit Edition (Itanium)
- Microsoft Windows 98 Second Edition
- Microsoft Windows 98
- Microsoft Windows Millennium Edition
Important This article contains information about modifying the registry.
Before you modify the registry, make sure to back it up and make sure that you
understand how to restore the registry if a problem occurs. For information
about how to back up, restore, and edit the registry, click the following
article number to view the article in the Microsoft Knowledge Base: 256986 Description of the Microsoft Windows Registry SYMPTOMSAfter you install Microsoft security update 896358
(MS05-026), Web applications that use the HTML Help ActiveX control (HHCTRL) to
enable cross-frame navigation may not work correctly. The content that should
be displayed in a different frame may be displayed in the same frame that
contains the HTML Help ActiveX control. Note This issue is relevant only if the registry has been modified so
that URLs or Microsoft Internet Explorer security zones are authorized to host
the HHCTRL. Otherwise, the HHCTRL is disabled by security update 890175
(MS05-001). Note This article contains information that is supplemental to the
following Microsoft Knowledge Base articles: 890175 MS05-001: Vulnerability in HTML Help could allow code execution
892675 Certain Web sites and HTML Help features may not work after you install security update 896358 or security update 890175
896358 MS05-026: A vulnerability in HTML Help could allow remote code execution
CAUSESecurity update 896358 disables cross-frame navigation
because the feature is a potential security vulnerability. This restricted
capability is an expected and intended effect of installing the security
update. Depending on the URLs and Internet Explorer security zones that you
have enabled to use the HHCTRL, you may want to re-enable this feature.
RESOLUTIONWarning The symptoms of this issue are an expected and intended effect of
installing the security update. This workaround may make the computer more
vulnerable to the threats that security update 896358 addresses. The safest
course is not to use this workaround. Warning Serious problems might occur if you modify the registry
incorrectly by using Registry Editor or by using another method. These problems
might require that you reinstall your operating system. Microsoft cannot
guarantee that these problems can be solved. Modify the registry at your own
risk. Consumers and non-enterprise customers To re-enable cross-frame navigation, follow these steps:
- Click Start, click Run,
type regedit, and then click OK.
- Locate and then right-click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\HHRestrictions Note You must create the key if the key does not already
exist. - Point to New, click DWORD
Value, type EnableFrameNavigationInSafeMode to
name the registry entry, and then press ENTER.
- Right-click
EnableFrameNavigationInSafeMode, click
Modify, type 1 in the Value
data box, and then click OK.
Enterprise customersTo use Group Policy to re-enable cross-frame navigation across a
domain, follow these steps:
- Paste the following text into a text editor, such as
Notepad:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\HHRestrictions]
"EnableFrameNavigationInSafeMode"=dword:00000001 - Save the file as Hhctrl.reg.
- Copy the following text, and then paste it into a text
editor, such as Notepad:
REGEDIT.EXE /S Hhctrl.reg - Save the file as Hhctrl.bat.
Note Before you deploy the batch file, make sure that the batch file
works correctly by testing the file on a computer. - Import the batch file into the Group Policy object (GPO).
To do this, follow these steps:
- Copy the Hhctrl.bat file and the Hhctrl.reg file to
the \\DomainName
\SysVol\DomainName\Policies\GUID of the
selected GPO\Machine\Scripts\Startup folder.
- Start the Active Directory Users and Computers snap-in.
To do this, click Start on a domain controller, click
Run, type dsa.msc, and then click
OK.
- Right-click the domain, click
Properties, and then click the Group Policy
tab.
- Click New, type a descriptive name for
the new Group Policy object (GPO), and then press ENTER. For example, click
New, type re-enable cross-frame
navigation, and then press ENTER.
- Click Edit to modify the new GPO that
you created in step 5d.
- Expand Computer configuration, expand
Windows Settings, click
Scripts(Startup/Shutdown), click Startup, and
then click Add.
- Locate and then click the batch file that you created
in step 4, and then click Add.
- Click OK, click Yes,
and then click OK two times.
Modification Type: | Major | Last Reviewed: | 2/28/2006 |
---|
Keywords: | kbSecurity kbExpertiseAdvanced kbtshoot kbprb kbBug KB896905 kbAudITPRO kbAudDeveloper kbAudEndUser |
---|
|