MS07-005: Vulnerability in Step-by-Step Interactive Training could allow remote code execution

Known issue with this security update

When a user visits Windows Update, the Step-by-Step Interactive Training application is continuously reoffered, and the installation is always unsuccessful.

Note The symptoms occur when the user installs the Step-by-Step Interactive Training application that includes Lrun32.exe and then applies security update 923723.

Consider the following scenario:

1. The user uninstalls the Step-by-Step Interactive Training application.
   
   Note Because the Lrun32.exe file was modified by security update 923723, this operation leaves the updated file on the computer.
2. The user enables the display of updates in the Add or remove programs dialog box.
3. The user uninstalls the Step-by-Step Interactive Training security update.
   
   Note The user must know which security update is associated with the Step-by-Step Interactive Training application. This operation makes the updated Lrun32.exe revert to the original version.
4. The next time that the user visits Windows Update, the Step-by-Step Interactive Training application is reoffered. However, the installation is unsuccessful because the version of the Lrun32.exe file that is located on the computer is a partially installed version of the Step-by-Step Interactive Training application.

In this scenario, the user is reoffered the Step-by-Step Interactive Training application every time that the user goes to Windows update.

Resolution

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base: To resolve this issue, follow these steps.

Step 1: Remove Step-by-Step Interactive Training

1. Click Start, and then click Search.
2. Use Windows Search to locate and to delete the following files:
   • Lrun32.exe
   • Mrun32.exe
   • Orun32.exe
   Note These three files are the program files for all three Step-by-Step Interactive programs. You may not have all these files installed on your computer.
3. If you are asked to confirm the deletion of a file, click Yes or Confirm.

Step 2: Remove registry subkeys for Step-by-Step Interactive Training

1. Click Start, and then click Run.
2. Copy and then paste (or type) the following command in the Open box, and then press ENTER:
   regedt32
   Note Before you edit the registry, you must create a backup of the registry. To do this, follow these steps:
   1. In Registry Editor, click My Computer, click File, and then click Export.
   2. Select a location for the registry backup file.
   3. Type a name for the registry backup file, and then click Save. The registry is now backed up.
3. In Registry Editor, delete the following registry subkeys:
   
   \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Press Interactive Training
   \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Interactive Training
   \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Interactive Training
   \HKEY_CLASSES_ROOT\.cbl (This is for Microsoft Press Interactive Training.)
   \HKEY_CLASSES_ROOT\.cbo (This is for Microsoft Interactive Training.)
   \HKEY_CLASSES_ROOT\.cbm (This is for Interactive Training.)
4. For each subkey that is found, click the subkey, and then press DELETE.
5. In the Confirm Key Delete dialog box, click OK.
6. Exit Registry Editor.