Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.
Microsoft has released security bulletin MS07-061. This security bulletin contains all the relevant information about the corresponding security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:
The update that is provided by security bulletin MS07-061 addresses only those Universal Resource Identifiers (URIs) that are passed to the Windows Shell. Applications that are enabled to pass URIs to the Windows Shell32 ShellExecute function for execution must be carefully designed to protect against this threat.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
How to implement URL validation in application development for Windows XP or for Windows Server 2003
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
How to back up and restore the registry in Windows
More information about this security update
If an application no longer works after you install this security update, you can configure the registry to exempt the application from the update. To do this, use either of the following methods.
For applications
Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.
To configure an application to exempt itself from this security update, follow these steps:
Click Start, click Run, type regedit in the Open box, and then click OK.
Locate and then click the following registry subkey, where Application_name is the name of the application that you want to exempt:
Note You may have to create the Application_name subkey. To do this, follow these steps:
On the Edit menu, point to New, and then click Key.
Type a name for the Application subkey, and then press ENTER.
Note The name for the Application subkey must match the name of the executable file for the application. The name must also include the three-letter extension of the executable file for the application. For example, Microsoft Office Excel uses the following excel.exe subkey:
On the Edit menu, point to New, and then click DWORD Value.
Type AllowShellExecHandleCIFFailure for the name of the DWORD value, and then press ENTER.
Right-click AllowShellExecHandleCIFFailure, and then click Modify.
In the Value data box, type 1, and then click OK.
Exit Registry Editor.
For administrators
Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.
Administrators can disable the security update for specific applications. To do this, follow these steps:
Click Start, click Run, type regedit in the Open box, and then click OK.
Locate and then click the following registry subkey:
On the Edit menu, point to New, and then click DWORD Value.
Type Application_name.exe for the name of the DWORD value, where Application_name is the name of the application, and then press ENTER.
Right-click Application_name, and then click Modify.
In the Value data box, type 1, and then click OK.
Exit Registry Editor.
Known issues with this security update
After you install this security update on a Windows XP Service Pack 2 (SP2)-based computer that has an Arabic Multilingual User Interface Pack (MUI) or a Hebrew MUI installed, English text may appear on the menu bars and on the Start menu.
For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
After you install security update 943460 on a Windows XP Service Pack 2-based computer that has an Arabic MUI or a Hebrew MUI installed, English text may appear on the menu bars and on the Start menu
After you install this security update on a Windows XP SP2-based computer, the Internet Explorer check box does not appear when you open the Desktop Items dialog box to customize the desktop. Therefore, you cannot use this method to create a desktop shortcut for Windows Internet Explorer.
For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
The Internet Explorer check box disappears from the Desktop Items dialog box after you install the QFE version of security update MS07-061 on a Windows XP Service Pack 2-based computer
Back to the top
