MS10-083: Vulnerability in COM Validation in Windows Shell and WordPad could allow remote code execution

Article translations Article translations
Article ID: 2405882 - View products that this article applies to.
Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: Support is ending for some versions of Windows.
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released security bulletin MS10-083. To view the complete security bulletin, visit one of the following Microsoft websites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

MORE INFORMATION

Known issues and additional information about this security update

Update links for Windows Vista SP1 or for Windows Server 2008

Update for systems that have Windows Search 4.0 installed

Systems that have Windows Search 4.0 (update 940157) installed on Windows Vista or Windows Server 2008 must install the following update instead of the update that is provided in the security bulletin MS10-083. This is because, by default, update 940157 for Windows Search 4.0 installs a higher binary version than the binaries that are on the system. The updates that are offered by security bulletin MS10-083 will not overwrite the binary versions that are installed by update 940157.

Systems that have automatic update turned on or that use detection and deployment tools such as Microsoft Windows Server Update Services (WSUS) server will be offered the update automatically. If you have to manually install this update on Windows Vista SP1, Windows Vista SP2, Windows Server 2008, or Windows Server 2008 SP2 with Windows Search 4.0 installed, visit the following Microsoft Download Center webpages.


The following files are available for download from the Microsoft Download Center:


For Windows Vista SP1 with Windows Search 4.0 installed

Collapse this imageExpand this image
Download
Download the Windows6.0-KB979688-v2-x86.msu package now.

For Windows Vista SP1 x64 edition with Windows Search 4.0 installed

Collapse this imageExpand this image
Download
Download the Windows6.0-KB979688-v2-x64.msu package now.

For Windows Server 2008 with Windows Search 4.0 installed

Collapse this imageExpand this image
Download
Download the Windows6.0-KB979688-v2-x86.msu package now.

For Windows Server 2008 x64 edition with Windows Search 4.0 installed

Collapse this imageExpand this image
Download
Download the Windows6.0-KB979688-v2-x64.msu package now.

Release Date: October 12, 2010

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Update links for Windows Vista SP2 or for Windows Server 2008 SP2

The following updates are being offered to customers who have systems that were updated in the following order:
  1. Windows Vista SP1 or Windows Server 2008 is installed.
  2. Windows Desktop Search 4.0 is installed.
  3. The updates offered previously in this article are installed.
  4. The system is migrated to Windows Vista SP2 or to Windows Server 2008 SP2.

For Windows Vista SP2 with Windows Search 4.0 installed

Collapse this imageExpand this image
Download
Download the Security Update for Windows Vista Service Pack 2 package now.

For Windows Vista SP2 x64 edition with Windows Search 4.0 installed

Collapse this imageExpand this image
Download
Download the Security Update for Windows Vista for x64-based Systems Service Pack 2 package now.

For Windows Server 2008 SP2 with Windows Search 4.0 installed

Collapse this imageExpand this image
Download
Download the Security Update for Windows Server 2008 Service Pack 2 package now.

For Windows Server 2008 x64 edition SP2 with Windows Search 4.0 installed

Collapse this imageExpand this image
Download
Download the Security Update for Windows Server 2008 x64 Edition Service Pack 2 package now.

Release Date: December 14, 2010

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

The following articles contain more information about this security update as it relates to individual product versions. The articles may contain information about known issues. When this is the case, the known issue is listed below each article link.
  • 979687 MS10-083: Description of the security update for WordPad: October 12, 2010
  • 979688 MS10-083: Description of the security update for Windows Shell: October 12, 2010

FILE INFORMATION

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Windows Vista and Windows Server 2008 file information

  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    Collapse this tableExpand this table
    VersionProductMilestoneService branch
    6.0.6000.16xxxWindows VistaRTMGDR
    6.0.6000.20xxxWindows VistaRTMLDR
    6.0.6001.18xxxWindows Vista SP1 and Windows Server 2008 SP1SP1GDR
    6.0.6001.22xxxWindows Vista SP1 and Windows Server 2008 SP1SP1LDR
    6.0.6002.18xxxWindows Vista SP2 and Windows Server 2008 SP2SP2GDR
    6.0.6002.22xxxWindows Vista SP2 and Windows Server 2008 SP2SP2LDR
  • Service Pack 1 is integrated into the release version of Windows Server 2008. Therefore, RTM milestone files apply only to Windows Vista. RTM milestone files have a 6.0.0000. xxxxxx version number.
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
  • The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately. MUM and MANIFEST files, and the associated security catalog (.cat) files, are critical to maintaining the state of the updated component. The security catalog files (attributes not listed) are signed with a Microsoft digital signature.

For all supported x86-based versions of Windows Vista and of Windows Server 2008

Collapse this tableExpand this table
File name File version Date TimeFile Size
msshsq.dll 7.0.6001.18528 2010/09/20 18:25:01 231,936

For all supported x64-based versions of Windows Vista and of Windows Server 2008

Collapse this tableExpand this table
File name File version Date TimeFile SizePlatform
msshsq.dll 7.0.6001.18528 2010/09/20 18:25:01 231,936x86
msshsq.dll 7.0.6001.18528 2010/09/20 21:14:32 316,416x64

For all supported IA-64-based versions of Windows Server 2008

Collapse this tableExpand this table
File name File version Date TimeFile SizePlatform
msshsq.dll 7.0.6001.18528 2010/09/20 18:25:01 231,936x86
msshsq.dll 7.0.6001.18528 2010/09/20 21:14:32 316,416x64

Properties

Article ID: 2405882 - Last Review: May 11, 2012 - Revision: 4.0
APPLIES TO
  • Windows 7 Enterprise
  • Windows 7 Home Basic
  • Windows 7 Home Premium
  • Windows 7 Professional
  • Windows 7 Ultimate
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 Service Pack 2, when used with:
    • Windows Server 2008 for Itanium-Based Systems
    • Windows Server 2008 Datacenter
    • Windows Server 2008 Enterprise
    • Windows Server 2008 Standard
    • Windows Web Server 2008
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Web Server 2008
  • Windows Vista Service Pack 2, when used with:
    • Windows Vista Business
    • Windows Vista Enterprise
    • Windows Vista Home Basic
    • Windows Vista Home Premium
    • Windows Vista Starter
    • Windows Vista Ultimate
    • Windows Vista Enterprise 64-bit Edition
    • Windows Vista Home Basic 64-bit Edition
    • Windows Vista Home Premium 64-bit Edition
    • Windows Vista Ultimate 64-bit Edition
    • Windows Vista Business 64-bit Edition
  • Windows Vista Service Pack 1, when used with:
    • Windows Vista Business
    • Windows Vista Enterprise
    • Windows Vista Home Basic
    • Windows Vista Home Premium
    • Windows Vista Starter
    • Windows Vista Ultimate
    • Windows Vista Enterprise 64-bit Edition
    • Windows Vista Home Basic 64-bit Edition
    • Windows Vista Home Premium 64-bit Edition
    • Windows Vista Ultimate 64-bit Edition
    • Windows Vista Business 64-bit Edition
  • Microsoft Windows Server 2003 Service Pack 2, when used with:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows XP Service Pack 3, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
Keywords: 
atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability KB2405882

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com