MS11-017: Vulnerability in Remote Desktop client could allow remote code execution: March 8, 2011

Article translations Article translations
Article ID: 2508062 - View products that this article applies to.
Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: Support is ending for some versions of Windows.
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released security bulletin MS11-017. To view the complete security bulletin, visit one of the following Microsoft websites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

MORE INFORMATION

Known issues and additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.
  • 2483614 MS11-017: Description of the security update for Remote Desktop client 7.0: March 08, 2011
  • 2483618 MS11-017: Description of the security update for Remote Desktop client 5.2: March 08, 2011
  • 2483619 Description of the Remote Desktop Connection 6.1 MUI (upgrade for RDP 6.0)

    Known issues in update 2483619:  
    • After you install this update, the Remote Desktop Connection shortcut text on the Start menu always appears in English. 
    • Consider the following scenario: You upgrade from Remote Desktop Connection 6.0 to Remote Desktop Connection 6.1. Then you run a system restore procedure. In this scenario, the system restore procedure fails to restore the Remote Desktop Connection client to Remote Desktop Connection 6.0 together with the Remote Desktop Connection 6.0 MUI.
    Frequently asked questions about update 2483619
    • Question Before I installed update 2483619, I had RDC 6.0 MUI running on Windows Server 2003. After I installed the update, I am running RDC 6.1. Why? 
      Answer Microsoft does not service RDC 6.0. Customers are migrated to RDC 6.1 with this update.
  • 2481109 MS11-017: Description of the security update for Remote Desktop client 6.0: March 08, 2011

    Known issues in security update 2481109:
    • After you install this security update on a Windows XP-based computer, you may receive an error message that resembles the following:

      :5.375: FileVersion of C:\WINDOWS\system32\mstscax.dll is Less Than 6.0.6001.0 for QFE branch
      This problem only affects Windows XP based computers that were updated by using updates to address specific issues that are not delivered by Windows Update. For example, computers that have "Limited Distribution Release" (LDR) branch updates installed.

      To work around this problem, use either of the following methods:
      • Uninstall security update 956744, and then install security update 2481109.
      • Alternatively, if you already have security update 956744 installed, you can install hotfix 967885. Then you can successful install security update 2481109.
    • If you have the Remote Desktop Connection 6.0 Multilingual User Interface Pack (MUI) installed, you must install the RDC 6.1 MUI for RDC to work with MUI.

      For more information about the Remote Desktop Connection 6.0 MUI, click the following article number to view the article in the Microsoft Knowledge Base:
      925877 Description of the Remote Desktop Connection 6.0 MUI


      For more information about the RDC 6.0 MUI, click the following article number to view the article in the Microsoft Knowledge Base:
      2483619 MS11-017: Description of the security update for Remote Desktop client 6.0 Client Multilingual User Interface (MUI): March 08, 2011
    • Connections from the Remote Desktop Microsoft Management Console (MMC) snap-in on computers that have RDC 6.1 installed do not connect to the console session on the server. (The console session is also known as the "admin" session).
    • Consider the following scenario: You upgrade from Remote Desktop Connection 6.0 to Remote Desktop Connection 6.1. Then you run a system restore procedure. In this scenario, the system restore procedure fails to restore the Microsoft Terminal Services Client (MSTSC) Remote Desktop Connection 6.0.
    • After you install this security update (the security update for MUI for Remote Desktop Connection 6.1), the Remote Desktop Connection shortcut text on the Start menu always appears in English.
    Frequently asked questions about security update 2481109
    • Question Before I installed security update 2481109, I had RDC 6.0 running. After I installed the security update, I am running RDC 6.1. Why?
      Answer Microsoft does not service RDC 6.0. Customers are migrated to RDC 6.1 with this update.

Properties

Article ID: 2508062 - Last Review: May 11, 2012 - Revision: 4.0
APPLIES TO
  • Windows 7 Service Pack 1, when used with:
    • Windows 7 Home Basic
    • Windows 7 Home Premium
    • Windows 7 Professional
    • Windows 7 Ultimate
    • Windows 7 Enterprise
  • Windows 7 Home Basic
  • Windows 7 Home Premium
  • Windows 7 Professional
  • Windows 7 Ultimate
  • Windows 7 Enterprise
  • Windows Server 2008 R2 Service Pack 1, when used with:
    • Windows Server 2008 R2 Standard
    • Windows Server 2008 R2 Enterprise
    • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 Service Pack 2, when used with:
    • Windows Server 2008 for Itanium-Based Systems
    • Windows Server 2008 Datacenter
    • Windows Server 2008 Enterprise
    • Windows Server 2008 Standard
    • Windows Web Server 2008
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Web Server 2008
  • Windows Vista Service Pack 2, when used with:
    • Windows Vista Business
    • Windows Vista Enterprise
    • Windows Vista Home Basic
    • Windows Vista Home Premium
    • Windows Vista Starter
    • Windows Vista Ultimate
    • Windows Vista Enterprise 64-bit Edition
    • Windows Vista Home Basic 64-bit Edition
    • Windows Vista Home Premium 64-bit Edition
    • Windows Vista Ultimate 64-bit Edition
    • Windows Vista Business 64-bit Edition
  • Windows Vista Service Pack 1, when used with:
    • Windows Vista Business
    • Windows Vista Enterprise
    • Windows Vista Home Basic
    • Windows Vista Home Premium
    • Windows Vista Starter
    • Windows Vista Ultimate
    • Windows Vista Enterprise 64-bit Edition
    • Windows Vista Home Basic 64-bit Edition
    • Windows Vista Home Premium 64-bit Edition
    • Windows Vista Ultimate 64-bit Edition
    • Windows Vista Business 64-bit Edition
  • Microsoft Windows Server 2003 Service Pack 2, when used with:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows XP Service Pack 3, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
Keywords: 
atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability KB2508062

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com