United States

Change

|

All Microsoft Sites

Microsoft Support

Article ID: 971486 - Last Review: October 13, 2009 - Revision: 1.0

MS09-058: Vulnerabilities in Windows kernel could allow elevation of privilege

View products that this article applies to.

On This Page

Expand all | Collapse all

INTRODUCTION

Microsoft has released security bulletin MS09-058. To view the complete security bulletin, visit one of the following Microsoft Web sites:

Home users:
http://www.microsoft.com/security/updates/bulletins/200910.aspx (http://www.microsoft.com/security/updates/bulletins/200910.aspx)
Skip the details: Download the updates for your home computer or laptop from the Microsoft Update Web site now:
http://update.microsoft.com/microsoftupdate (http://update.microsoft.com/microsoftupdate/)
IT professionals:
http://www.microsoft.com/technet/security/bulletin/MS09-058.mspx (http://www.microsoft.com/technet/security/bulletin/MS09-058.mspx)

Back to the top

How to obtain help and support for this security update

For home users, no-charge support is available by calling 1-866-PCSAFETY in the United States and Canada or by contacting your local Microsoft subsidiary. For more information about how to contact your local Microsoft subsidiary for support issues with security updates, visit the Microsoft International Support Web site:

http://support.microsoft.com/common/international.aspx?rdpath=4 (http://support.microsoft.com/common/international.aspx?rdpath=4)

North American customers can also obtain instant access to unlimited no-charge e-mail support or to unlimited individual chat support by visiting the following Microsoft Web site:

http://support.microsoft.com/oas/default.aspx?&prid=7552 (http://support.microsoft.com/oas/default.aspx?&prid=7552)

For enterprise customers, support for security updates is available through your usual support contacts.

Back to the top

FILE INFORMATION

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Back to the top

Windows 2000 file information

For all supported editions of Microsoft Windows 2000 Service Pack 4

Collapse this tableExpand this table

File Name	Version	Date	Time	Size
mup.sys	5.0.2195.7006	02-Dec-2004	00:37	89,328
ntkrnlmp.exe	5.0.2195.7319	03-Aug-2009	23:08	1,714,496
ntkrnlpa.exe	5.0.2195.7319	03-Aug-2009	23:08	1,713,536
ntkrpamp.exe	5.0.2195.7319	03-Aug-2009	23:09	1,735,808
ntoskrnl.exe	5.0.2195.7319	03-Aug-2009	23:08	1,690,880

Back to the top

Windows XP and Windows Server 2003 file information

The files that apply to a specific service branch (QFE, GDR) are noted in the "Service branch" column.
GDR service branches contain only those fixes that are widely released to address widespread, critical issues. QFE service branches contain hotfixes in addition to widely released fixes.
In addition to the files that are listed in these tables, this software update also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.

For all supported x86-based versions of Windows XP

Collapse this tableExpand this table

File Name	Version	Date	Time	Size	Service branch
ntkrnlmp.exe	5.1.2600.3610	04-Aug-2009	01:28	2,136,064	SP2GDR
ntkrnlpa.exe	5.1.2600.3610	04-Aug-2009	00:43	2,057,728	SP2GDR
ntkrpamp.exe	5.1.2600.3610	04-Aug-2009	00:43	2,015,744	SP2GDR
ntoskrnl.exe	5.1.2600.3610	04-Aug-2009	01:30	2,180,352	SP2GDR
ntkrnlmp.exe	5.1.2600.3610	04-Aug-2009	00:19	2,142,720	SP2QFE
ntkrnlpa.exe	5.1.2600.3610	03-Aug-2009	23:32	2,062,976	SP2QFE
ntkrpamp.exe	5.1.2600.3610	03-Aug-2009	23:32	2,020,864	SP2QFE
ntoskrnl.exe	5.1.2600.3610	04-Aug-2009	00:21	2,185,984	SP2QFE
ntkrnlmp.exe	5.1.2600.5857	04-Aug-2009	02:43	2,145,280	SP3GDR
ntkrnlpa.exe	5.1.2600.5857	04-Aug-2009	01:50	2,066,048	SP3GDR
ntkrpamp.exe	5.1.2600.5857	04-Aug-2009	01:50	2,023,936	SP3GDR
ntoskrnl.exe	5.1.2600.5857	04-Aug-2009	15:14	2,189,184	SP3GDR
ntkrnlmp.exe	5.1.2600.5857	04-Aug-2009	01:24	2,145,280	SP3QFE
ntkrnlpa.exe	5.1.2600.5857	04-Aug-2009	13:17	2,066,176	SP3QFE
ntkrpamp.exe	5.1.2600.5857	04-Aug-2009	00:47	2,023,936	SP3QFE
ntoskrnl.exe	5.1.2600.5857	04-Aug-2009	01:26	2,189,312	SP3QFE

For all supported x64-based versions of Windows Server 2003 and of Windows XP Professional x64 edition

Collapse this tableExpand this table

File Name	Version	Date	Time	Size	CPU	Service branch
ntkrnlmp.exe	5.2.3790.4566	06-Aug-2009	13:47	4,587,520	X64	SP2GDR
ntoskrnl.exe	5.2.3790.4566	06-Aug-2009	13:47	4,519,424	X64	SP2GDR
hal.dll	5.2.3790.4354	06-Aug-2009	13:44	280,064	X64	SP2QFE
ntkrnlmp.exe	5.2.3790.4566	06-Aug-2009	13:44	4,613,632	X64	SP2QFE
ntoskrnl.exe	5.2.3790.4566	06-Aug-2009	13:44	4,540,416	X64	SP2QFE

For all supported x86-based versions of Windows Server 2003

Collapse this tableExpand this table

File Name	Version	Date	Time	Size	Service branch
ntkrnlmp.exe	5.2.3790.4566	05-Aug-2009	03:09	2,488,832	SP2GDR
ntkrnlpa.exe	5.2.3790.4566	05-Aug-2009	01:30	2,300,928	SP2GDR
ntkrpamp.exe	5.2.3790.4566	05-Aug-2009	01:31	2,340,352	SP2GDR
ntoskrnl.exe	5.2.3790.4566	05-Aug-2009	03:07	2,449,408	SP2GDR
ntkrnlmp.exe	5.2.3790.4566	05-Aug-2009	02:51	2,499,584	SP2QFE
ntkrnlpa.exe	5.2.3790.4566	05-Aug-2009	01:41	2,310,656	SP2QFE
ntkrpamp.exe	5.2.3790.4566	06-Aug-2009	13:42	2,351,104	SP2QFE
ntoskrnl.exe	5.2.3790.4566	05-Aug-2009	02:50	2,458,112	SP2QFE

For all supported IA-64-based versions of Windows Server 2003

Collapse this tableExpand this table

File Name	Version	Date	Time	Size	CPU	Service branch
ntkrnlmp.exe	5.2.3790.4566	06-Aug-2009	13:47	6,554,112	IA-64	SP2GDR
ntdll.dll	5.2.3790.4455	06-Aug-2009	13:45	1,646,592	IA-64	SP2QFE
ntkrnlmp.exe	5.2.3790.4566	06-Aug-2009	13:45	6,580,736	IA-64	SP2QFE
wntdll.dll	5.2.3790.4455	06-Aug-2009	13:45	775,168	X86	SP2QFE\wow

Back to the top

Windows Vista and Windows Server 2008 file information

The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

Collapse this tableExpand this table

Version	Product	Milestone	Service branch
6.0.6000.16`xxx`	Windows Vista	RTM	GDR
6.0.6000.20`xxx`	Windows Vista	RTM	LDR
6.0.6001.18`xxx`	Windows Vista SP1 and Windows Server 2008 SP1	SP1	GDR
6.0.6001.22`xxx`	Windows Vista SP1 and Windows Server 2008 SP1	SP1	LDR
6.0.6002.18`xxx`	Windows Vista SP2 and Windows Server 2008 SP2	SP2	GDR
6.0.6002.22`xxx`	Windows Vista SP2 and Windows Server 2008 SP2	SP2	LDR

Service Pack 1 is integrated into the release version of Windows Server 2008. Therefore, RTM milestone files apply only to Windows Vista. RTM milestone files have a 6.0.0000.xxxxxx version number.
GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

For all supported x86-based versions of Windows Vista and Windows Server 2008

Collapse this tableExpand this table

File Name	Version	Date	Time	Size	Service branch
ntkrnlpa.exe	6.0.6000.16901	05-Aug-2009	01:58	3,502,152	Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16901_none_6a4b28f6b6fb9243
ntoskrnl.exe	6.0.6000.16901	05-Aug-2009	01:58	3,467,864	Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16901_none_6a4b28f6b6fb9243
ntkrnlpa.exe	6.0.6000.21101	05-Aug-2009	01:40	3,503,688	Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21101_none_6ad49de3d019654f
ntoskrnl.exe	6.0.6000.21101	05-Aug-2009	01:40	3,469,896	Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21101_none_6ad49de3d019654f
ntkrnlpa.exe	6.0.6001.18304	05-Aug-2009	01:52	3,597,896	Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18304_none_6c34687ab41f6f39
ntoskrnl.exe	6.0.6001.18304	05-Aug-2009	01:52	3,546,184	Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18304_none_6c34687ab41f6f39
ntkrnlpa.exe	6.0.6001.22489	05-Aug-2009	04:45	3,599,960	Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22489_none_6c6c8757cd796d3e
ntoskrnl.exe	6.0.6001.22489	05-Aug-2009	04:45	3,547,736	Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22489_none_6c6c8757cd796d3e
ntkrnlpa.exe	6.0.6002.18082	04-Aug-2009	00:04	3,600,456	Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18082_none_6dc25a6eb1887137
ntoskrnl.exe	6.0.6002.18082	04-Aug-2009	00:04	3,548,216	Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18082_none_6dc25a6eb1887137
ntkrnlpa.exe	6.0.6002.22191	05-Aug-2009	01:40	3,599,928	Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22191_none_6e402703caaf139b
ntoskrnl.exe	6.0.6002.22191	05-Aug-2009	01:40	3,548,216	Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22191_none_6e402703caaf139b

For all supported x64-based versions of Windows Vista and Windows Server 2008

Collapse this tableExpand this table

File Name	Version	Date	Time	Size	CPU	Service branch
ntoskrnl.exe	6.0.6000.16901	05-Aug-2009	02:37	4,425,288	X64	Windows6.0-KB971486-x64\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16901_none_c669c47a6f590379
ntoskrnl.exe	6.0.6000.21101	05-Aug-2009	02:44	4,412,488	X64	Windows6.0-KB971486-x64\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21101_none_c6f339678876d685
ntoskrnl.exe	6.0.6001.18304	05-Aug-2009	02:26	4,691,016	X64	Windows6.0-KB971486-x64\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18304_none_c85303fe6c7ce06f
ntoskrnl.exe	6.0.6001.22489	05-Aug-2009	01:42	4,682,824	X64	Windows6.0-KB971486-x64\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22489_none_c88b22db85d6de74
ntoskrnl.exe	6.0.6002.18082	04-Aug-2009	00:17	4,698,168	X64	Windows6.0-KB971486-x64\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18082_none_c9e0f5f269e5e26d
ntoskrnl.exe	6.0.6002.22191	05-Aug-2009	01:39	4,693,576	X64	Windows6.0-KB971486-x64\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22191_none_ca5ec287830c84d1

For all supported IA-64-based versions of Windows Server 2008

Collapse this tableExpand this table

File Name	Version	Date	Time	Size	CPU	Service branch
ntoskrnl.exe	6.0.6001.18304	05-Aug-2009	01:59	9,491,544	IA-64	Windows6.0-KB971486-ia64\ia64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18304_none_6c360c70b41d7835
ntoskrnl.exe	6.0.6001.22489	05-Aug-2009	01:47	9,483,848	IA-64	Windows6.0-KB971486-ia64\ia64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22489_none_6c6e2b4dcd77763a
ntoskrnl.exe	6.0.6002.18082	03-Aug-2009	23:57	9,469,000	IA-64	Windows6.0-KB971486-ia64\ia64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18082_none_6dc3fe64b1867a33
ntoskrnl.exe	6.0.6002.22191	05-Aug-2009	01:29	9,462,328	IA-64	Windows6.0-KB971486-ia64\ia64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22191_none_6e41caf9caad1c97

Back to the top

APPLIES TO

Windows Server 2008 Service Pack 2, when used with:

Windows Server 2008 Datacenter without Hyper-V
Windows Server 2008 Enterprise without Hyper-V
Windows Server 2008 for Itanium-Based Systems
Windows Server 2008 Standard without Hyper-V
Windows Server 2008 Datacenter
Windows Server 2008 Enterprise
Windows Server 2008 Standard
Windows Web Server 2008

Windows Vista Service Pack 2, when used with:

Windows Vista Business
Windows Vista Enterprise
Windows Vista Home Basic
Windows Vista Home Premium
Windows Vista Starter
Windows Vista Ultimate
Windows Vista Enterprise 64-bit Edition
Windows Vista Home Basic 64-bit Edition
Windows Vista Home Premium 64-bit Edition
Windows Vista Ultimate 64-bit Edition
Windows Vista Business 64-bit Edition

Windows Vista Service Pack 1, when used with:

Windows Vista Business
Windows Vista Enterprise
Windows Vista Home Basic
Windows Vista Home Premium
Windows Vista Starter
Windows Vista Ultimate
Windows Vista Enterprise 64-bit Edition
Windows Vista Home Basic 64-bit Edition
Windows Vista Home Premium 64-bit Edition
Windows Vista Ultimate 64-bit Edition
Windows Vista Business 64-bit Edition

Microsoft Windows Server 2003 Service Pack 2, when used with:

Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
Microsoft Windows Server 2003, Web Edition
Microsoft Windows Server 2003, Datacenter x64 Edition
Microsoft Windows Server 2003, Enterprise x64 Edition
Microsoft Windows Server 2003, Standard x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems

Microsoft Windows XP Service Pack 2, when used with:

Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Microsoft Windows XP Service Pack 3, when used with:

Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Microsoft Windows 2000 Service Pack 4, when used with:

Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional Edition
Microsoft Windows 2000 Server

Back to the top

atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability kbsurveynew KB971486

Back to the top

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

Related Support Centers

Page Tools

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Microsoft Support

|

Services Agreement

|

|

|

Privacy Statement

Microsoft

Microsoft

©2009 Microsoft