Microsoft Security Advisory: Vulnerability in Microsoft XML Core Services could allow remote code execution

Article ID: 2719615 - View products that this article applies to.
Notice
The Fix it solution that this article describes has been replaced by the Fix it solution that is described in Microsoft Knowledge Base article 2722479. For more information, go to the following Microsoft website:

2722479
(http://support.microsoft.com/kb/2722479)
12-043: Vulnerability in Microsoft XML Core Services could allow remote code execution: August 14, 2012


Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft website:
http://technet.microsoft.com/security/advisory/2719615
(http://technet.microsoft.com/security/advisory/2719615)


The security advisory provides more information about the issue and includes the following:
  • The scenarios in which you might apply or disable the workarounds
  • Mitigating factors
To have us fix this problem for you, go to the "Fix it for me" section.
Back to the top | Give Feedback

Fix it for me

The Fix it solution described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios.

For more information about this workaround, visit the following Microsoft Security Advisory webpage:
http://technet.microsoft.com/security/advisory/2719615
(http://technet.microsoft.com/security/advisory/2719615)
The advisory provides more information about the issue, including the following:
  • The scenarios in which you might apply or disable the workaround.
  • How to manually apply the workaround.
Specifically, to see this information, expand the Suggested actions section, and then expand the Workaround section.

Fix it solution for MSXML version 3, MSXML version 4, or MSXML version 6

To enable or disable these Fix it solutions, click the Fix it button or link under the Enable heading or under the Disable heading. Click Run in the File Download dialog box, and then follow the steps in the Fix it wizard.
Collapse this tableExpand this table
EnableDisable
Fix this problem
Microsoft Fix it 50897
Fix this problem
Microsoft Fix it 50898

Fix it solution for MSXML version 5

To enable or disable this fixit solution, click the Fix it button or link under the Enable heading or under the Disable heading. Click Run in the File Download dialog box, and then follow the steps in the Fix it wizard.
Collapse this tableExpand this table
EnableDisable
Fix this problem
Microsoft Fix it 50908
Fix this problem
Microsoft Fix it 50909
Notes
  • These wizards may be in English only. However, the automatic fixes also work for other language versions of Windows.
  • If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or to a CD, and then you can run it on the computer that has the problem.
  • If you want to run a quiet installation of this Fix it solution, follow these steps:
    1. Open a command line with administrator credentials.
    2. Type the following command, and then press Enter:
      msiexec /i MicrosoftFixit50897.msi /quiet

Back to the top | Give Feedback

More information

Deploying an application compatibility database across multiple computers

To deploy an application compatibility database across multiple computers, you can use a system management solution, such as Microsoft System Center Configuration Manager 2007, and then use the SDBInst.exe command-line tool to install the database. For detailed information about how to use the SDBInst application, go to the following TechNet webpage:
Deploy an Application Compatibility Database by Using SDBInst
(http://technet.microsoft.com/en-us/library/ee732408(v=WS.10).aspx)
To deploy Microsoft Fix it 50897 to multiple computers by using SDBInst, follow these steps:

Note For more information about command-line options for installing this fix, see the following MSDN webpage:
Standard Installer Command-Line Options
(http://msdn.microsoft.com/en-us/library/aa372024(VS.85).aspx)

  1. Extract the CAB file from the Fix it package. To do this, type the following command at a command prompt:
    msidb.exe -x CabFile -d MicrosoftFixit50897.msi
    Note Msidb.exe is part of Windows Installer Development Tools. For more information, go to the following Microsoft webpage:
    http://msdn.microsoft.com/en-us/library/windows/desktop/aa370083(v=vs.85).aspx
    (http://msdn.microsoft.com/en-us/library/windows/desktop/aa370083(v=vs.85).aspx)
  2. Extract the SDB files from CabFile by using any CAB extraction utility:
    extract.exe /E CabFile
  3. Use SDBInst to apply the previously extracted .sdb files. To do this, type the following command at a command prompt:
    SDBInst -p Path_of_sdb_file\FileName.sdb

    File hash table

    The following table lists the thumbprints of the certificates that are used to sign the .sdb files. Verify the certificate thumbprint in this table against the certificate thumbprint that is indicated on the .sdb that you extracted.
    Collapse this tableExpand this table
    File NameHash information
    msxml3_shim32.sdb(SHA1 FC673C013DE2D40D03FD2EFC94D0B9965BAA3253)
    msxml3_shim64.sdb(SHA1 45431F80CE38BBB14FCB107E87F5DD22CCE203A1)
    msxml4_shim32.sdb(SHA1 FE29173CAC4EFC68FF51E8EC04369044C4687AAF)
    msxml5_shim32.sdb(SHA1 33abdc0e4cfaa040cf0ff1a29bead2878fcd7673)
    msxml5_shim64.sdb(SHA1 c7c97f97f3895f69ba217908750ed61fa69390e9)
    msxml6_shim32.sdb(SHA1 6E69B741CD4CEF05F5B9FFB47B748EE97264131C)
    msxml6_shim64.sdb(SHA1 273BDFCBDBFE3D24B7F5D3586AF54BD0A93A6E63)
Back to the top | Give Feedback

Properties

Article ID: 2719615 - Last Review: October 1, 2012 - Revision: 5.0
Applies to
  • Windows 7 Service Pack 1, when used with:
    • Windows 7 Enterprise
    • Windows 7 Professional
    • Windows 7 Ultimate
    • Windows 7 Home Premium
    • Windows 7 Home Basic
  • Windows 7 Enterprise
  • Windows 7 Professional
  • Windows 7 Ultimate
  • Windows 7 Home Premium
  • Windows 7 Home Basic
  • Windows Server 2008 R2 Service Pack 1, when used with:
    • Windows Server 2008 R2 Standard
    • Windows Server 2008 R2 Enterprise
    • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 Service Pack 2, when used with:
    • Windows Server 2008 for Itanium-Based Systems
    • Windows Server 2008 Datacenter
    • Windows Server 2008 Enterprise
    • Windows Server 2008 Standard
    • Windows Web Server 2008
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Web Server 2008
  • Windows Vista Service Pack 2, when used with:
    • Windows Vista Business
    • Windows Vista Enterprise
    • Windows Vista Home Basic
    • Windows Vista Home Premium
    • Windows Vista Starter
    • Windows Vista Ultimate
    • Windows Vista Enterprise 64-bit Edition
    • Windows Vista Home Basic 64-bit Edition
    • Windows Vista Home Premium 64-bit Edition
    • Windows Vista Ultimate 64-bit Edition
    • Windows Vista Business 64-bit Edition
  • Windows Vista Service Pack 1, when used with:
    • Windows Vista Business
    • Windows Vista Enterprise
    • Windows Vista Home Basic
    • Windows Vista Home Premium
    • Windows Vista Starter
    • Windows Vista Ultimate
    • Windows Vista Enterprise 64-bit Edition
    • Windows Vista Home Basic 64-bit Edition
    • Windows Vista Home Premium 64-bit Edition
    • Windows Vista Ultimate 64-bit Edition
    • Windows Vista Business 64-bit Edition
  • Microsoft Windows Server 2003 Service Pack 2, when used with:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows XP Service Pack 3, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
  • Microsoft Office 2003 Service Pack 3
  • 2007 Microsoft Office Suite Service Pack 2
  • 2007 Microsoft Office Suite Service Pack 3
Keywords: 
kbexpertiseinter kbinfo kbsecadvisory kbsecurity kbsecvulnerability kbmsifixme kbfixme KB2719615
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top