MS08-059: Vulnerability in the Host Integration Server RPC service could allow remote code execution

Microsoft has released security bulletin MS08-059. To view the complete security bulletin, visit one of the following Microsoft Web sites:

• Home users:
  http://www.microsoft.com/protect/computer/updates/bulletins/200810.mspx (http://www.microsoft.com/protect/computer/updates/bulletins/200810.mspx)
  Skip the details: Download the updates for your home computer or laptop from the Microsoft Update Web site now:
  http://update.microsoft.com/microsoftupdate (http://update.microsoft.com/microsoftupdate/)
• IT professionals:
  http://www.microsoft.com/technet/security/bulletin/MS08-059.mspx (http://www.microsoft.com/technet/security/bulletin/MS08-059.mspx)

How to obtain the latest Host Integration Server 2006 service pack

To resolve this problem, obtain the latest service pack for Host Integration Server 2006. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update (http://support.microsoft.com/ph/6527)

Security solutions for IT professionals: TechNet Security Troubleshooting and Support (http://technet.microsoft.com/security/bb980617.aspx)

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center (http://support.microsoft.com/contactus/cu_sc_virsec_master)

Local support according to your country: International Support (http://support.microsoft.com/common/international.aspx)

Known issues with this security update

You cannot suppress the progress dialog box during an unattended uninstallation

Symptoms

When you perform an unattended uninstallation of this security update, a progress dialog box is displayed. You cannot suppress the progress dialog box during an unattended uninstallation.

Cause

The option to suppress the progress dialog box is not supported by the hotfix installer.

You may be prompted for the original installation media when you uninstall the Japanese version of this security update

Symptoms

You may have to provide the original installation media if you uninstall the Japanese version of this security update. When you uninstall the Japanese version of this security update, you may be prompted for the location of the original installation media.

Cause

This issue occurs because one of the binaries that is updated is not cached locally on the affected system. During the uninstallation process, Windows Installer must access the original installation media to restore the file.

Workaround

To avoid this issue, make sure that the system has access to the original installation media before you uninstall this security update.

SNA Server services are stopped on multi-node systems

Symptoms

This update stops the following services on Host Integration Server 2006-based servers that use additional Microsoft SNA Server services in a multi-node configuration:

• SnaSrv02
• SnaSrv03
• SnaSrv04

Note This issue does not affect the SNAServer node (SnaServr).

Cause

This issue occurs because these services are part of the same feature as the SNARPC binaries that are updated in Host Integration Server 2006.

Workaround

To avoid interruption of users, this update should only be applied when the additional nodes can be stopped. These services must be manually restarted after the installation of the update is complete.

How to determine if a system has Host Integration Server installed

Use one of the following methods to determine if systems have Host Integration Server installed.

Use the registry to determine if a system has Host Integration Server installed

• Host Integration Server 2000
  If Host Integration Server 2000 is installed, the following subkey will exist in the registry:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Host Integration Server\5.0
• Host Integration Server 2004
  If Host Integration Server 2004 is installed, the following subkey will exist in the registry:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Host Integration Server\6.0
• Host Integration Server 2006
  If Host Integration Server 2006 is installed, the following subkey will exist in the registry:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Host Integration Server\7.0

Use an Active Directory service connection point to identify systems that have Host Integration Server 2006 installed

A service connection point (SCP) is created in Active Directory during the installation of Host Integration Server 2006. This service connection point can be used to identify all of the Host Integration Server 2006 servers in an enterprise. You can use tools such as Active Directory Explorer to query Active Directory for these service connection points. For more information about Active Directory Explorer, visit the following Microsoft Web site: Use the following table to determine the Host Integration Server 2006 service connection point details:

File information

The English (United States) version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

For all supported 32-bit editions of Microsoft Host Integration Server 2006

For all supported x64-based editions Host Integration Server 2006

For all supported editions of Host Integration Server 2004 (client)

For all supported editions of Host Integration Server 2004 Service Pack 1 (client)

For all supported editions of Host Integration Server 2004 Service Pack 1 (server)

For all supported editions of Host Integration Server 2000 Administrator Client

For all supported editions of Host Integration Server 2000 Service Pack 2 (server)