Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure you’re running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: Support is ending for some versions of Windows.
INTRODUCTION
Microsoft has released security bulletin MS09-001. To view the complete security bulletin, visit one of the following Microsoft Web sites:
-
Home users:
http://www.microsoft.com/protect/computer/updates/bulletins/200901.mspxSkip the details: Download the updates for your home computer or laptop from the Microsoft Update Web site now:
http://update.microsoft.com/microsoftupdate/
-
IT professionals:
http://www.microsoft.com/technet/security/bulletin/MS09-001.mspx
How to obtain help and support for this security update
FILE INFORMATION
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.
Windows 2000 file information notes
For all supported editions of Microsoft Windows 2000 Service Pack 4
|
File name |
File version |
File size |
Date |
Time |
Platform |
|---|---|---|---|---|---|
|
Srv.sys |
5.0.2195.7222 |
239,472 |
11-Dec-2008 |
22:39 |
x86 |
Windows XP and Windows Server 2003 file information notes
-
The files that apply to a specific milestone (RTM, SPn) and service branch (QFE, GDR) are noted in the «SP requirement» and «Service branch» columns.
-
GDR service branches contain only those fixes that are widely released to address widespread, critical issues. QFE service branches contain hotfixes in addition to widely released fixes.
-
In addition to the files that are listed in these tables, this software update also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.
For all supported x86-based versions of Windows XP
|
File name |
File version |
File size |
Date |
Time |
Platform |
SP requirement |
Service branch |
|---|---|---|---|---|---|---|---|
|
Srv.sys |
5.1.2600.3491 |
333,184 |
11-Dec-2008 |
11:57 |
x86 |
SP2 |
SP2GDR |
|
Srv.sys |
5.1.2600.3491 |
333,184 |
11-Dec-2008 |
10:24 |
x86 |
SP2 |
SP2QFE |
|
Srv.sys |
5.1.2600.5725 |
333,952 |
11-Dec-2008 |
10:57 |
x86 |
SP3 |
SP3GDR |
|
Srv.sys |
5.1.2600.5725 |
333,952 |
11-Dec-2008 |
12:33 |
x86 |
SP3 |
SP3QFE |
For all supported x64-based versions of Windows Server 2003 and of Windows XP Professional x64 edition
|
File name |
File version |
File size |
Date |
Time |
Platform |
SP requirement |
Service branch |
|---|---|---|---|---|---|---|---|
|
Srv.sys |
5.2.3790.3260 |
671,232 |
12-Dec-2008 |
05:49 |
x64 |
SP1 |
SP1GDR |
|
Srv.sys |
5.2.3790.3260 |
675,328 |
12-Dec-2008 |
05:50 |
x64 |
SP1 |
SP1QFE |
|
Srv.sys |
5.2.3790.4425 |
646,656 |
12-Dec-2008 |
05:56 |
x64 |
SP2 |
SP2GDR |
|
Srv.sys |
5.2.3790.4425 |
648,704 |
12-Dec-2008 |
05:50 |
x64 |
SP2 |
SP2QFE |
For all supported x86-based versions of Windows Server 2003
|
File name |
File version |
File size |
Date |
Time |
Platform |
SP requirement |
Service branch |
|---|---|---|---|---|---|---|---|
|
Srv.sys |
5.2.3790.3260 |
359,424 |
11-Dec-2008 |
10:04 |
x86 |
SP1 |
SP1GDR |
|
Srv.sys |
5.2.3790.3260 |
362,496 |
11-Dec-2008 |
11:38 |
x86 |
SP1 |
SP1QFE |
|
Srv.sys |
5.2.3790.4425 |
357,888 |
11-Dec-2008 |
11:39 |
x86 |
SP2 |
SP2GDR |
|
Srv.sys |
5.2.3790.4425 |
358,912 |
11-Dec-2008 |
12:42 |
x86 |
SP2 |
SP2QFE |
For all supported IA-64-based versions of Windows Server 2003
|
File name |
File version |
File size |
Date |
Time |
Platform |
SP requirement |
Service branch |
|---|---|---|---|---|---|---|---|
|
Srv.sys |
5.2.3790.3260 |
1,105,920 |
12-Dec-2008 |
05:49 |
IA-64 |
SP1 |
SP1GDR |
|
Srv.sys |
5.2.3790.3260 |
1,112,064 |
12-Dec-2008 |
05:49 |
IA-64 |
SP1 |
SP1QFE |
|
Srv.sys |
5.2.3790.4425 |
1,110,016 |
12-Dec-2008 |
05:52 |
IA-64 |
SP2 |
SP2GDR |
|
Srv.sys |
5.2.3790.4425 |
1,113,088 |
12-Dec-2008 |
05:49 |
IA-64 |
SP2 |
SP2QFE |
Windows Vista and Windows Server 2008 file information notes
-
The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table.
Version
Product
Milestone
Service branch
6.0.6000.16xxx
Windows Vista
RTM
GDR
6.0.6000.20xxx
Windows Vista
RTM
LDR
6.0.6001.18xxx
Windows Vista SP1 and Windows Server 2008 SP1
SP1
GDR
6.0.6001.22xxx
Windows Vista SP1 and Windows Server 2008 SP1
SP1
LDR
-
Service Pack 1 is integrated into the original release version of Windows Server 2008. Therefore, RTM milestone files apply only to Windows Vista. RTM milestone files have a 6.0.0000. xxxxxx version number.
-
GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
-
The .manifest files and the .mum files that are installed in each environment are listed separately in the «Additional file information for Windows Server 2008 and for Windows Vista» section. These files and their associated .cat (security catalog) files are critical to maintaining the state of the updated component. The .cat files are signed with a Microsoft digital signature. The attributes of these security files are not listed.
For all supported x86-based versions of Windows Server 2008 and of Windows Vista
|
File name |
File version |
File size |
Date |
Time |
Platform |
|---|---|---|---|---|---|
|
Srv.sys |
6.0.6000.16789 |
290,304 |
16-Dec-2008 |
03:14 |
x86 |
|
Srv.sys |
6.0.6000.20976 |
290,816 |
16-Dec-2008 |
03:07 |
x86 |
|
Srv.sys |
6.0.6001.18185 |
288,768 |
16-Dec-2008 |
02:42 |
x86 |
|
Srv.sys |
6.0.6001.22331 |
288,768 |
16-Dec-2008 |
01:53 |
x86 |
For all supported x64-based versions of Windows Server 2008 and of Windows Vista
|
File name |
File version |
File size |
Date |
Time |
Platform |
|---|---|---|---|---|---|
|
Srv.sys |
6.0.6000.16789 |
448,000 |
16-Dec-2008 |
03:37 |
x64 |
|
Srv.sys |
6.0.6000.20976 |
449,536 |
16-Dec-2008 |
03:36 |
x64 |
|
Srv.sys |
6.0.6001.18185 |
451,584 |
16-Dec-2008 |
03:42 |
x64 |
|
Srv.sys |
6.0.6001.22331 |
445,440 |
16-Dec-2008 |
02:19 |
x64 |
For all supported IA-64-based versions of Windows Server 2008
|
File name |
File version |
File size |
Date |
Time |
Platform |
|---|---|---|---|---|---|
|
Srv.sys |
6.0.6001.18185 |
945,664 |
16-Dec-2008 |
02:07 |
IA-64 |
|
Srv.sys |
6.0.6001.22331 |
946,688 |
16-Dec-2008 |
01:56 |
IA-64 |
Additional file information for Windows Server 2008 and for Windows Vista
Additional files for all supported x86-based versions of Windows Server 2008 and of Windows Vista
|
File name |
Package_1_for_kb958687_bf~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,910 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_1_for_kb958687~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
2,620 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_2_for_kb958687_bf~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,752 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_2_for_kb958687~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
2,458 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_3_for_kb958687_bf~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,752 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_3_for_kb958687~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
2,458 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_4_for_kb958687_bf~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,752 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_4_for_kb958687~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
2,460 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_client_0_bf~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,415 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_client_0~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,435 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_client_1_bf~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,357 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_client_1~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,376 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_client_bf~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,690 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_client~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,722 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_sc_0_bf~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,411 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_sc_0~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,430 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_sc_bf~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,413 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_sc~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,432 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_server_0_bf~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,415 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_server_0~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,434 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_server_bf~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,421 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_server~31bf3856ad364e35~x86~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,440 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Update-bf.mum |
|
File version |
Not Applicable |
|
File size |
2,534 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
X86_32fa7e1f31f7764ea0163e590cc59722_31bf3856ad364e35_6.0.6000.16789_none_ec1835d69a6ba6b5.manifest |
|
File version |
Not Applicable |
|
File size |
700 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
X86_5b3ff4956bd15c7e6f7cd826ee4dee22_31bf3856ad364e35_6.0.6001.18185_none_766cd6fd320e4246.manifest |
|
File version |
Not Applicable |
|
File size |
700 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
X86_a5b997b543786734246e25cc0a3978a5_31bf3856ad364e35_6.0.6001.22331_none_5cb02fcaf9f6bfa5.manifest |
|
File version |
Not Applicable |
|
File size |
700 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
X86_bca7c3c5bb05fcf6726f1e604cff7c65_31bf3856ad364e35_6.0.6000.20976_none_239927879947dca5.manifest |
|
File version |
Not Applicable |
|
File size |
700 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
X86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16789_none_d7c3afd4f985c7a2.manifest |
|
File version |
Not Applicable |
|
File size |
4,627 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
07:36 |
|
Platform |
Not Applicable |
|
File name |
X86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.20976_none_d8551d94129dfc9d.manifest |
|
File version |
Not Applicable |
|
File size |
4,627 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
05:48 |
|
Platform |
Not Applicable |
|
File name |
X86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18185_none_d9a5ed52f6aff337.manifest |
|
File version |
Not Applicable |
|
File size |
4,627 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
05:55 |
|
Platform |
Not Applicable |
|
File name |
X86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22331_none_da619a780fa89f17.manifest |
|
File version |
Not Applicable |
|
File size |
4,627 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
04:59 |
|
Platform |
Not Applicable |
Additional files for all supported x64-based versions of Windows Server 2008 and of Windows Vista
|
File name |
Amd64_33f1f5971774b4840c37f1f024ef7c5f_31bf3856ad364e35_6.0.6000.20976_none_cb2bf6c26820e6be.manifest |
|
File version |
Not Applicable |
|
File size |
704 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Amd64_68e386916965d7d5f8ba162704126280_31bf3856ad364e35_6.0.6001.18185_none_7824a434421f7f23.manifest |
|
File version |
Not Applicable |
|
File size |
704 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Amd64_867da62cab2cd56aba0eff73e5248426_31bf3856ad364e35_6.0.6000.16789_none_ad4c8519b0710c71.manifest |
|
File version |
Not Applicable |
|
File size |
704 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Amd64_c29ea3bff61db7408213f434383df569_31bf3856ad364e35_6.0.6001.22331_none_23f062855a3228cb.manifest |
|
File version |
Not Applicable |
|
File size |
704 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16789_none_33e24b58b1e338d8.manifest |
|
File version |
Not Applicable |
|
File size |
4,891 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
07:41 |
|
Platform |
Not Applicable |
|
File name |
Amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.20976_none_3473b917cafb6dd3.manifest |
|
File version |
Not Applicable |
|
File size |
4,891 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
06:37 |
|
Platform |
Not Applicable |
|
File name |
Amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18185_none_35c488d6af0d646d.manifest |
|
File version |
Not Applicable |
|
File size |
4,891 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
10:38 |
|
Platform |
Not Applicable |
|
File name |
Amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22331_none_368035fbc806104d.manifest |
|
File version |
Not Applicable |
|
File size |
4,891 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
05:23 |
|
Platform |
Not Applicable |
|
File name |
Package_1_for_kb958687_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,922 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_1_for_kb958687~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
2,636 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_2_for_kb958687_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,762 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_2_for_kb958687~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
2,472 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_3_for_kb958687_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,762 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_3_for_kb958687~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
2,472 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_4_for_kb958687_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,762 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_4_for_kb958687~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
2,474 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_client_0_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,423 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_client_0~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,443 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_client_1_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,365 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_client_1~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,384 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_client_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,700 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_client~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,732 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_sc_0_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,419 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_sc_0~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,438 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_sc_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,421 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_sc~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,440 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_server_0_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,423 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_server_0~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,442 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_server_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,429 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_server~31bf3856ad364e35~amd64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,448 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Update-bf.mum |
|
File version |
Not Applicable |
|
File size |
2,552 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
Additional files for all supported IA-64-based versions of Windows Server 2008
|
File name |
Ia64_327a40bf25e61393c889a949efc2dfed_31bf3856ad364e35_6.0.6001.18185_none_4a6ecc060db700a0.manifest |
|
File version |
Not Applicable |
|
File size |
702 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Ia64_a176a706dea5ef58602dec922d8cf9d7_31bf3856ad364e35_6.0.6001.22331_none_41440c7c51b0e359.manifest |
|
File version |
Not Applicable |
|
File size |
702 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Ia64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18185_none_d9a79148f6adfc33.manifest |
|
File version |
Not Applicable |
|
File size |
4,885 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
05:21 |
|
Platform |
Not Applicable |
|
File name |
Ia64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22331_none_da633e6e0fa6a813.manifest |
|
File version |
Not Applicable |
|
File size |
4,885 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
05:05 |
|
Platform |
Not Applicable |
|
File name |
Package_1_for_kb958687_bf~31bf3856ad364e35~ia64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,757 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_1_for_kb958687~31bf3856ad364e35~ia64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
2,465 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_2_for_kb958687_bf~31bf3856ad364e35~ia64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,757 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_2_for_kb958687~31bf3856ad364e35~ia64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
2,465 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_sc_0_bf~31bf3856ad364e35~ia64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,415 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_sc_0~31bf3856ad364e35~ia64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,434 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_sc_bf~31bf3856ad364e35~ia64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,416 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_sc~31bf3856ad364e35~ia64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,435 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_server_0_bf~31bf3856ad364e35~ia64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,419 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_server_0~31bf3856ad364e35~ia64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,438 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_server_bf~31bf3856ad364e35~ia64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,424 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Package_for_kb958687_server~31bf3856ad364e35~ia64~~6.0.1.2.mum |
|
File version |
Not Applicable |
|
File size |
1,443 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
|
File name |
Update-bf.mum |
|
File version |
Not Applicable |
|
File size |
1,896 |
|
Date (UTC) |
16-Dec-2008 |
|
Time (UTC) |
16:34 |
|
Platform |
Not Applicable |
Идентификатор: BDU:2022-02174.
Наименование уязвимости: Уязвимость реализации сетевого протокола Windows SMB операционной системы Windows, позволяющая нарушителю выполнить произвольный код.
Описание уязвимости: Уязвимость реализации сетевого протокола Windows SMB операционной системы Windows связана с возможностью перенаправления пользователя на SMB-сервер нарушителя. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код
Уязвимое ПО: Операционная система Microsoft Corp. Windows Server 2008 R2 SP1 | Операционная система Microsoft Corp. Windows 7 SP1 | Операционная система Microsoft Corp. Windows Server 2008 SP2 | Операционная система Microsoft Corp. Windows 7 SP1 | Операционная система Microsoft Corp. Windows 8.1 | Операционная система Microsoft Corp. Windows 8.1 | Операционная система Microsoft Corp. Windows Server 2008 SP2 | Операционная система Microsoft Corp. Windows Server 2012 | Операционная система Microsoft Corp. Windows Server 2012 R2 | Операционная система Microsoft Corp. Windows 10 | Операционная система Microsoft Corp. Windows 10 | Операционная система Microsoft Corp. Windows 10 1607 | Операционная система Microsoft Corp. Windows 10 1607 | Операционная система Microsoft Corp. Windows Server 2016 | Операционная система Microsoft Corp. Windows 8.1 RT | Операционная система Microsoft Corp. Windows Server 2008 SP2 Server Core installation | Операционная система Microsoft Corp. Windows Server 2008 SP2 Server Core installation | Операционная система Microsoft Corp. Windows Server 2012 R2 Server Core installation | Операционная система Microsoft Corp. Windows Server 2016 Server Core installation | Операционная система Microsoft Corp. Windows Server 2008 R2 SP1 Server Core installation | Операционная система Microsoft Corp. Windows Server 2012 Server Core installation | Операционная система Microsoft Corp. Windows 10 1809 | Операционная система Microsoft Corp. Windows 10 1809 | Операционная система Microsoft Corp. Windows Server 2019 | Операционная система Microsoft Corp. Windows Server 2019 Server Core installation | Операционная система Microsoft Corp. Windows 10 1809 | Операционная система Microsoft Corp. Windows 10 1909 | Операционная система Microsoft Corp. Windows 10 1909 | Операционная система Microsoft Corp. Windows 10 1909 | Операционная система Microsoft Corp. Windows Server 1909 Server Core Installation | Операционная система Microsoft Corp. Windows 10 2004 | Операционная система Microsoft Corp. Windows 10 2004 | Операционная система Microsoft Corp. Windows 10 2004 | Операционная система Microsoft Corp. Windows 10 20H2 | Операционная система Microsoft Corp. Windows 10 20H2 | Операционная система Microsoft Corp. Windows 10 20H2 | Операционная система Microsoft Corp. Windows Server 20H2 Server Core Installation | Операционная система Microsoft Corp. Windows 10 21H1 | Операционная система Microsoft Corp. Windows 10 21H1 | Операционная система Microsoft Corp. Windows 10 21H1 | Операционная система Microsoft Corp. Windows Server 2022 | Операционная система Microsoft Corp. Windows Server 2022 Server Core installation | Операционная система Microsoft Corp. Windows 11 | Операционная система Microsoft Corp. Windows 11 |
Наименование ОС и тип аппаратной платформы: Windows Server 2008 R2 SP1 64-bit | Windows 7 SP1 64-bit | Windows Server 2008 SP2 32-bit | Windows 7 SP1 32-bit | Windows 81 64-bit | Windows 81 32-bit | Windows Server 2008 SP2 64-bit | Windows Server 2012 | Windows Server 2012 R2 | Windows 10 64-bit | Windows 10 32-bit | Windows 10 1607 64-bit | Windows 10 1607 32-bit | Windows Server 2016 | Windows 81 RT | Windows Server 2008 SP2 Server Core installation 64-bit | Windows Server 2008 SP2 Server Core installation 32-bit | Windows Server 2012 R2 Server Core installation | Windows Server 2016 Server Core installation | Windows Server 2008 R2 SP1 Server Core installation 64-bit | Windows Server 2012 Server Core installation | Windows 10 1809 64-bit | Windows 10 1809 32-bit | Windows Server 2019 | Windows Server 2019 Server Core installation | Windows 10 1809 ARM64 | Windows 10 1909 32-bit | Windows 10 1909 64-bit | Windows 10 1909 ARM64 | Windows Server 1909 Server Core Installation | Windows 10 2004 32-bit | Windows 10 2004 64-bit | Windows 10 2004 ARM64 | Windows 10 20H2 ARM64 | Windows 10 20H2 32-bit | Windows 10 20H2 64-bit | Windows Server 20H2 Server Core Installation | Windows 10 21H1 32-bit | Windows 10 21H1 64-bit | Windows 10 21H1 ARM64 | Windows Server 2022 | Windows Server 2022 Server Core installation | Windows 11 64-bit | Windows 11 ARM64 |
Дата выявления: 12.04.2022.
CVSS 2.0: AV:N/AC:L/Au:N/C:C/I:C/A:C
Уровень опасности уязвимости: Критический уровень опасности (базовая оценка CVSS 2.0 составляет 10)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 
Возможные меры по устранению:
Установка обновлений из доверенных источников.
В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков.
Компенсирующие меры:
— блокирование 445 TCP-порта для ограничения возможности обращения к уязвимому компоненту;
— использование средств межсетевого экранирования для формирования «белого» списка приложений и адресов, которым разрешена передача трафика по протоколу SMB;
— отключение службы SMB, если она не используется;
— сегментирование сети для блокирования возможностей распространения в системе.
Использование рекомендаций производителя:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24500
.
Статус уязвимости: Подтверждена производителем
Наличие эксплойта: Данные уточняются
Информация об устранении: Уязвимость устранена
Идентификаторы других систем описаний уязвимости: CVE-2022-24500.
Тип ошибки CWE:
Ссылки на источники:
cайт ФАУ «ГНИИИ ПТЗИ ФСТЭК России».
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24500
Резюме.
10 марта 2020 года Microsoft выпустила рекомендации по безопасности [1] для уязвимости удаленного выполнения кода, затрагивающей протокол Microsoft Server Message Block 3.1.1 (SMBv3). Злоумышленник, не прошедший проверку подлинности и успешно использовавший код уязвимости, выполняет исполняемый код на целевом SMB-сервере или SMB-клиенте. Уязвимость упоминается как CVE-2020-0796.
Технические подробности:
Уязвимость может быть использована двумя различными способами:
• отправив специально созданный пакет на целевой сервер SMBv3,
• убедив пользователя подключиться к вредоносному серверу SMBv3.
Однако Microsoft не раскрыла техническую информацию об этой уязвимости. Основываясь на обходном пути, предоставленном Microsoft [1], уязвимость, по-видимому, связана с обработкой сжатых пакетов данных. FortiGuard Labs также выпустила правило IPS, описывающее уязвимость как связанную с переполнением буфера [2]. Согласно FortiGuard Labs, уязвимость вызвана ошибкой, когда уязвимое программное обеспечение обрабатывает вредоносный пакет сжатых данных.
Затрагиваемые продукты:
• Windows 10 версии 1903 для 32-разрядных систем
• Windows 10 версии 1903 для систем на базе ARM64
• Windows 10 версии 1903 для систем на базе 64
• Windows 10 версии 1909 для 32-разрядных систем
• Windows 10 версии 1909 для ARM64- системы на базе
• Windows 10 версии 1909 для систем на базе x641
• Windows Server, версия 1903 (установка Server Core)
• Windows Server, версия 1909 (установка Server Core)
Рекомендации:
Так как пока нет исправления для этой уязвимости, Microsoft рекомендует отключить сжатие SMBv3 на серверах SMB в качестве обходного пути (см. Ниже). Эта рекомендация будет обновлена, когда будет доступно исправление. Чтобы предотвратить использование этой уязвимости внешними злоумышленниками, убедитесь, что:
• нет доступа к серверу SMB из Интернета (TCP/445),
• рабочие станции не могут получить доступ к серверу SMB вне внутренней сети (TCP/445) [3]
Следующая команда powershell может использоваться для отключения сжатия SMBv3 на SMBv3Server (это не предотвращает эксплуатацию клиентов SMBv3):
Set-ItemProperty -Path «HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters» DisableCompression -Type DWORD -Value 1 -Force
Чтобы отключить обходной путь, как только исправление станет доступно, можно использовать следующую команду powershell:
Set-ItemProperty -Path «HKLM:\SYSTEM\CurrentControlSet\ Services\LanmanServer\Parameters» DisableCompression -Type DWORD -Value 0 -Force
Список литературы:
[1] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005
[2] https://fortiguard.com/encyclopedia/ips/48773
[3] HTTPS://support.microsoft.com/en-us/help/3185535/preventing-smb-traffic-from-lateral-connections
https://media.cert.europa.eu/static/SecurityAdvisories/2020/CERT-EU-SA2020-014.pdf
Мы ищем точки опоры не с целью перевернуть мир, но чтобы не позволить миру опрокинуть нас.
Время на прочтение1 мин
Количество просмотров12K
Никогда такого не было, и вот опять.
Microsoft распространила информацию о наличии RCE-уязвимости в протоколе SMB версий 3.1.1 и выше. Уязвимости подвержены системы с Windows 10 1903 и выше, включая серверные издания.
По имеющейся на данный момент информации — уязвимости подвержены как SMBv3-клиенты, так и SMBv3-серверы. Эксплуатация уязвимости приводит к удаленному выполнению кода с правами локальной системы, что позволяет реализовать сценарии, аналогичные WannaCry \ EternalBlue.
Лечения на данный момент нет, однако Microsoft выпустила рекомендации:
1) До выхода патча необходимо отключить сжатие SMB 3.0 (powershell)
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force2) Для клиентов лечения нет, поэтому рекомендуется ограничить SMB-трафик доверенными сетями при помощи межсетевых экранов, в т.ч. встроенных в ОС.
На данный момент (11.03.2020, 22:00) отсутствует информация как о технических подробностях, так и о фактах эксплуатации данной уязвимости.
Critical Flaw in SMB1 could allow remote code execution on Active Directory Domain Controllers (MS17-010, KB4013389)
Reading Time: 2 minutes
Today, for its March 2017 Patch Tuesday, Microsoft released a security update for supported versions of Windows Server offering File Sharing services using the Server Message Block (SMB) version 1.0 protocol.
The security update addresses the vulnerabilities by correcting how SMBv1 handles specially crafted requests.
About the vulnerabilities
The vulnerabilities that are fixed with this security update are:
- Windows SMB Remote Code Execution Vulnerability – CVE-2017-0143
- Windows SMB Remote Code Execution Vulnerability – CVE-2017-0144
- Windows SMB Remote Code Execution Vulnerability – CVE-2017-0145
- Windows SMB Remote Code Execution Vulnerability – CVE-2017-0146
- Windows SMB Information Disclosure Vulnerability – CVE-2017-0147
- Windows SMB Remote Code Execution Vulnerability – CVE-2017-0148
Remote code execution vulnerabilities exist in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerabilities could gain the ability to execute code on the target server.
To exploit the vulnerability, in most situations, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv1 server.
Affected Operating Systems
All currently supported Windows versions and Windows Server versions are affected.
Both Full installations and Server Core installations are affected.
Note:
Windows Server 2003 is also affected, but not supported anymore. The above SMBv1 vulnerabilities remain in this version of Windows Server.
About the update
The security update addresses the vulnerabilities by correcting how SMBv1 handles these specially crafted requests.
To apply the update, install the following update per Windows and/or Windows Server version:
| Windows Vista with Service Pack 2 x86 | KB4012598 |
| Windows Vista with Service Pack 2 x64 | KB4012598 |
| Windows Server 2008 with Service Pack 2 x86 | KB4012598 |
| Windows Server 2008 with Service Pack 2 x64 | KB401259 |
| Windows 7 with Service Pack 1 x86 | KB4012212 or KB4012215 |
| Windows 7 with Service Pack 1 x64 | KB4012212 or KB4012215 |
| Windows Server 2008 R2 with Service Pack 1 | KB4012212 or KB4012215 |
| Windows 8.1 x86 | KB4012213 or KB4012216 |
| Windows 8.1 x64 | KB4012213 or KB4012216 |
| Windows Server 2012 | KB4012214 or KB4012217 |
| Windows Server 2012 R2 | KB4012213 or KB4012216 |
| Windows 10 x86 | KB4012606 |
| Windows 10 x64 | KB4012606 |
| Windows 10 version 1511 x86 | KB4013198 |
| Windows 10 version 1511 x64 | KB4013198 |
| Windows 10 version 1607 x86 | KB4013429 |
| Windows 10 version 1607 x64 | KB4013429 |
| Windows Server 2016 | KB4013429 |
Call to action
I urge you to install the necessary security updates on Windows Server installations, running as Active Directory Domain Controllers, in a test environment as soon as possible, assess the risk and possible impact on your production environment and then, roll out this update to Windows Server installations, running as Active Directory Domain Controllers, in the production environment.
Disabling SMBv1 on these systems is the recommended action for the longer run.
Microsoft KnowledgeBase Article 2696547 describes how to disable SMB v1 on supported Windows and Windows Server versions. An auditing-only mode is available to assess the impact of disabling SMBv1, too.