MS07-005: Vulnerability in Step-by-Step Interactive Training could allow remote code execution

View products that this article applies to.

INTRODUCTION

Microsoft has released security bulletin MS07-005. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:

Home users:
http://www.microsoft.com/athome/security/update/bulletins/200702.mspx (http://www.microsoft.com/athome/security/update/bulletins/200702.mspx)
Skip the details: Download the updates for your home computer or laptop from the Microsoft Update Web site now:
http://update.microsoft.com/microsoftupdate/ (http://update.microsoft.com/microsoftupdate/)
IT professionals:
http://www.microsoft.com/technet/security/bulletin/ms07-005.mspx (http://www.microsoft.com/technet/security/bulletin/ms07-005.mspx)

Back to the top

How to obtain help and support for this security update

For home users, no-charge support is available by calling 1-866-PCSAFETY in the United States and Canada or by contacting your local Microsoft subsidiary. For more information about how to contact your local Microsoft subsidiary for support issues with security updates, visit the Microsoft International Support Web site:

http://support.microsoft.com/common/international.aspx?rdpath=4 (http://support.microsoft.com/common/international.aspx?rdpath=4)

North American customers can also obtain instant access to unlimited no-charge e-mail support or to unlimited individual chat support by visiting the following Microsoft Web site:

http://support.microsoft.com/oas/default.aspx?&prid=7552 (http://support.microsoft.com/oas/default.aspx?&prid=7552)

For enterprise customers, support for security updates is available through your usual support contacts.

Back to the top

MORE INFORMATION

Known issue with this security update

When a user visits Windows Update, the Step-by-Step Interactive Training application is continuously reoffered, and the installation is always unsuccessful.

Note The symptoms occur when the user installs the Step-by-Step Interactive Training application that includes Lrun32.exe and then applies security update 923723.

Consider the following scenario:

The user uninstalls the Step-by-Step Interactive Training application.

Note Because the Lrun32.exe file was modified by security update 923723, this operation leaves the updated file on the computer.
The user enables the display of updates in the Add or remove programs dialog box.
The user uninstalls the Step-by-Step Interactive Training security update.

Note The user must know which security update is associated with the Step-by-Step Interactive Training application. This operation makes the updated Lrun32.exe revert to the original version.
The next time that the user visits Windows Update, the Step-by-Step Interactive Training application is reoffered. However, the installation is unsuccessful because the version of the Lrun32.exe file that is located on the computer is a partially installed version of the Step-by-Step Interactive Training application.

In this scenario, the user is reoffered the Step-by-Step Interactive Training application every time that the user goes to Windows update.

Resolution

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows

To resolve this issue, follow these steps.

Step 1: Remove Step-by-Step Interactive Training

Click Start, and then click Search.
Use Windows Search to locate and to delete the following files:
- Lrun32.exe
- Mrun32.exe
- Orun32.exe
Note These three files are the program files for all three Step-by-Step Interactive programs. You may not have all these files installed on your computer.
If you are asked to confirm the deletion of a file, click Yes or Confirm.

Step 2: Remove registry subkeys for Step-by-Step Interactive Training

Click Start, and then click Run.
Copy and then paste (or type) the following command in the Open box, and then press ENTER:
regedt32
Note Before you edit the registry, you must create a backup of the registry. To do this, follow these steps:
1. In Registry Editor, click My Computer, click File, and then click Export.
2. Select a location for the registry backup file.
3. Type a name for the registry backup file, and then click Save. The registry is now backed up.
In Registry Editor, delete the following registry subkeys:

\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Press Interactive Training
\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Interactive Training
\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Interactive Training
\HKEY_CLASSES_ROOT\.cbl (This is for Microsoft Press Interactive Training.)
\HKEY_CLASSES_ROOT\.cbo (This is for Microsoft Interactive Training.)
\HKEY_CLASSES_ROOT\.cbm (This is for Interactive Training.)
For each subkey that is found, click the subkey, and then press DELETE.
In the Confirm Key Delete dialog box, click OK.
Exit Registry Editor.

Back to the top

APPLIES TO

MSPRESS MS Press Step-By-Step Interactive series
Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)
Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86)
Microsoft Windows Server 2003 R2 Standard x64 Edition
Microsoft Windows Server 2003 R2 Datacenter x64 Edition
Microsoft Windows Server 2003 R2 Enterprise x64 Edition
Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
Microsoft Windows Server 2003, Web Edition
Microsoft Windows Server 2003, Standard x64 Edition
Microsoft Windows Server 2003, Enterprise x64 Edition
Microsoft Windows Server 2003, Datacenter x64 Edition
Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
Microsoft Windows Small Business Server 2003 Standard Edition

Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Media Center Edition 2005
Microsoft Windows 2000 Datacenter Server

Back to the top

kbresolve kbexpertiseinter kbexpertisebeginner kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix kbwin2000presp5fix kbpubtypekc KB923723

Back to the top

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

Related Support Centers

Other Support Options

Need More Help?
Contact a Support professional by E-mail, Online or Phone.
Customer Service
For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
Newsgroups
Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.