MS07-005: Vulnerability in Step-by-Step Interactive Training could allow remote code execution

Article translations Article translations
Article ID: 923723 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released security bulletin MS07-005. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

MORE INFORMATION

Known issue with this security update

When a user visits Windows Update, the Step-by-Step Interactive Training application is continuously reoffered, and the installation is always unsuccessful.

Note The symptoms occur when the user installs the Step-by-Step Interactive Training application that includes Lrun32.exe and then applies security update 923723.

Consider the following scenario:
  1. The user uninstalls the Step-by-Step Interactive Training application.

    Note Because the Lrun32.exe file was modified by security update 923723, this operation leaves the updated file on the computer.
  2. The user enables the display of updates in the Add or remove programs dialog box.
  3. The user uninstalls the Step-by-Step Interactive Training security update.

    Note The user must know which security update is associated with the Step-by-Step Interactive Training application. This operation makes the updated Lrun32.exe revert to the original version.
  4. The next time that the user visits Windows Update, the Step-by-Step Interactive Training application is reoffered. However, the installation is unsuccessful because the version of the Lrun32.exe file that is located on the computer is a partially installed version of the Step-by-Step Interactive Training application.
In this scenario, the user is reoffered the Step-by-Step Interactive Training application every time that the user goes to Windows update.

Resolution

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
To resolve this issue, follow these steps.

Step 1: Remove Step-by-Step Interactive Training

  1. Click Start, and then click Search.
  2. Use Windows Search to locate and to delete the following files:
    • Lrun32.exe
    • Mrun32.exe
    • Orun32.exe
    Note These three files are the program files for all three Step-by-Step Interactive programs. You may not have all these files installed on your computer.
  3. If you are asked to confirm the deletion of a file, click Yes or Confirm.

Step 2: Remove registry subkeys for Step-by-Step Interactive Training

  1. Click Start, and then click Run.
  2. Copy and then paste (or type) the following command in the Open box, and then press ENTER:
    regedt32
    Note Before you edit the registry, you must create a backup of the registry. To do this, follow these steps:
    1. In Registry Editor, click My Computer, click File, and then click Export.
    2. Select a location for the registry backup file.
    3. Type a name for the registry backup file, and then click Save. The registry is now backed up.
  3. In Registry Editor, delete the following registry subkeys:

    \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Press Interactive Training

    \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Interactive Training

    \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Interactive Training

    \HKEY_CLASSES_ROOT\.cbl
    (This is for Microsoft Press Interactive Training.)
    \HKEY_CLASSES_ROOT\.cbo
    (This is for Microsoft Interactive Training.)
    \HKEY_CLASSES_ROOT\.cbm
    (This is for Interactive Training.)
  4. For each subkey that is found, click the subkey, and then press DELETE.
  5. In the Confirm Key Delete dialog box, click OK.
  6. Exit Registry Editor.

Properties

Article ID: 923723 - Last Review: May 8, 2012 - Revision: 6.0
APPLIES TO
  • Microsoft Windows Server 2003 Service Pack 1, when used with:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 Service Pack 2, when used with:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows XP Service Pack 2, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
  • Microsoft Windows XP Service Pack 3, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
Keywords: 
kbresolve kbexpertiseinter kbexpertisebeginner kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix kbwin2000presp5fix KB923723

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com