MS10-039: Description of the security update for Windows SharePoint Services 3.0: June 8, 2010

Article translations Article translations
Article ID: 983444 - View products that this article applies to.
Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released security bulletin MS10-039. To view the complete security bulletin, visit one of the following Microsoft websites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

MORE INFORMATION

Prerequisites to apply this security update

To install this security update, you must have one of the following installed:
  • Windows SharePoint Services 3.0 Service Pack 2 (SP2)
  • Windows SharePoint Services 3.0 Service Pack 1 (SP1)
For more information about how to obtain the latest service pack, click the following article number to view the article in the Microsoft Knowledge Base:
949582 How to obtain the latest service pack for Windows SharePoint Services 3.0

Known issues with this security update

  • Known issue 1

    Symptom
    If the SharePoint Products and Technologies Configuration Wizard does not complete successfully, this may leave SharePoint in an inconsistent state. You may be unable to browse the Central Administration or SharePoint site, and you see one of the following error messages:

    Error message 1
    Server Error: http://go.microsoft.com/fwlink?LinkID=96177

    Error message 2
    HTTP 404 Not Found

    Error message 3
    Cannot connect to the configuration database

    Resolution

    For more information about how to resolve this issue, click the following article number to view the article in the Microsoft Knowledge Base:
    944267 How to troubleshoot common errors that occur when you run the SharePoint Products and Technologies Configuration Wizard on a computer that is running Windows SharePoint Services 3.0 or SharePoint Server 2007
  • Known issue 2

    Symptom
    Users are prompted for authentication when they try to browse a SharePoint site. Windows Server 2003 SP1 and Windows Server 2008 include a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.


    Workaround

    There are two methods to work around this issue. Use one of the following methods, as appropriate for your situation.

    Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
    322756 How to back up and restore the registry in Windows

    Method 1: Specify host names (the preferred method for NTLM authentication)

    To specify the host names that are mapped to the loopback address and can connect to websites on your computer, follow these steps:
    1. Set the DisableStrictNameChecking registry entry to 1. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
      281308 Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
    2. Click Start, click Run, type regedit, and then click OK.
    3. In Registry Editor, locate and then click the following registry key:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
    4. Right-click MSV1_0, point to New, and then click Multi-String Value.
    5. Type BackConnectionHostNames, and then press ENTER.
    6. Right-click BackConnectionHostNames, and then click Modify.
    7. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
    8. Exit Registry Editor, and then restart the IISAdmin service.

    Method 2: Disable the loopback check (the less-recommended method)

    Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

    The second method is to disable the loopback check by setting the DisableLoopbackCheck registry entry.

    To set the DisableLoopbackCheck registry key, follow these steps:
    1. Set the DisableStrictNameChecking registry entry to 1. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
      281308 Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
    2. Click Start, click Run, type regedit, and then click OK.
    3. In Registry Editor, locate and then click the following registry key:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
    4. Right-click Lsa, point to New, and then click DWORD Value.
    5. Type DisableLoopbackCheck, and then press ENTER.
    6. Right-click DisableLoopbackCheck, and then click Modify.
    7. In the Value data box, type 1, and then click OK.
    8. Exit Registry Editor, and then restart your computer.
  • Known issue 3

    After you install this security update on a Windows Small Business Server that is running Windows SharePoint Services 3.0, in some scenarios, the SharePoint Companyweb and Central Administration pages may not be available. For more information about this issue, and for information about how to resolve the issue, visit the following Microsoft TechNet webpage:
    http://blogs.technet.com/b/sbs/archive/2010/06/18/companyweb-and-sharepoint-central-admin-not-accessible-after-installing-kb983444.aspx
  • Known issue 4

    This security update may appear multiple times in the Installed Updates list after you install it. This is because this update is applied to multiple Office applications. Therefore, it can appear multiple times in the Installed Updates list.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
944267 How to troubleshoot common errors that occur when you run the SharePoint Products and Technologies Configuration Wizard on a computer that is running Windows SharePoint Services 3.0 or SharePoint Server 2007

FILE INFORMATION

The English (United States) version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows SharePoint Services 3.0, 32-bit edition

Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
Admcmds.xml.x86Not Applicable50526-Feb-200918:34
Announce.gifNot Applicable2,42217-Oct-200314:48
Bpa.common.dll8.0.669.0208,89619-Jul-200703:36
Bpa.configcollector.dll8.0.669.0106,49619-Jul-200703:36
Bpa.networkcollector.dll8.0.669.045,05619-Jul-200703:36
Bpa.userinterface.dll8.0.669.0544,76819-Jul-200703:36
Camlqry.xsdNot Applicable9,58102-Feb-201008:25
Cfgupddl.sqlNot Applicable13808-Apr-201011:07
Configdb.sqlNot Applicable65,94708-Apr-201011:57
Configup.sqlNot Applicable49,18008-Apr-201011:07
Create.asxNot Applicable16,35028-Oct-200917:29
Custsat.dll9.0.3790.242840,82405-Jan-200711:55
Depl.xsdNot Applicable62,67206-Apr-201008:52
Dmslstschema_xmlNot Applicable358,47426-Feb-200917:52
Docexflt.xmlNot Applicable3,88326-Feb-200917:54
Docicon.xmlNot Applicable12,39126-Feb-200917:49
Dwdcw20.dll12.0.6500.5000438,61626-Feb-200923:58
Dws.asxNot Applicable4,44128-Oct-200917:29
Editourl.asxNot Applicable6,99526-Feb-200917:51
Exchmime.dll8.0.685.19564,12815-Aug-200800:16
Feature_0003.xmlNot Applicable51112-Mar-200905:12
Fldedit.asxNot Applicable181,42126-Feb-200917:51
Fldnew.asxNot Applicable177,04526-Feb-200917:51
Fldswss.xmlNot Applicable214,91303-Feb-201007:40
Gosearch.gifNot Applicable52915-Aug-200800:51
Htrinfo.xml_0001Not Applicable4,34526-Feb-200917:49
Icodp.pngNot Applicable72502-May-200804:07
Icods.pngNot Applicable73802-May-200804:07
Icodt.pngNot Applicable75402-May-200804:07
Iiswbste.ascNot Applicable14,46326-Feb-200917:50
Itemrwfassoc.aspxNot Applicable50,07426-Feb-200917:51
Lg_icodp.pngNot Applicable2,00902-May-200804:07
Lg_icods.pngNot Applicable2,08502-May-200804:34
Lg_icodt.pngNot Applicable2,06602-May-200804:07
Msscntrs.dll_0001.x8612.0.6529.500088,40803-Feb-201009:24
Mssdmn.exe_0001.x8612.0.6529.5000280,94403-Feb-201009:24
Mssearch.exe_0005.x8612.0.6529.5000156,05603-Feb-201009:24
Mssph.dll_0001.x8612.0.6529.5000700,24003-Feb-201009:24
Mssrch.dll_0001.x8612.0.6529.50002,063,18403-Feb-201009:24
Nlhtml.dll_0002.x862008.1231.6510.5000123,24022-Jun-200911:59
Noisecsy.txt.x86Not Applicable225-Jul-200800:27
Noisedan.txt_0001.x86Not Applicable2,78409-Jan-200805:30
Offfilt.dll_0002.x862008.1231.6532.5000199,53620-Mar-201009:15
Offprsx.dll12.0.6529.50001,133,46403-Feb-201008:20
Oisimg.dll12.0.6500.500022,88826-Feb-200919:11
Oleprsx.dll12.0.6500.500025,48826-Feb-200919:11
Onetnative.dll12.0.6500.5000354,69626-Feb-200916:46
Onetutil.dll12.0.6535.50031,980,28001-May-201006:51
Owssvr.dll_000112.0.6535.50033,024,24830-Apr-201010:40
Owstimer.exe_000112.0.6520.500054,62413-Oct-200906:14
Prescan.exe12.0.6500.5000104,27226-Feb-200919:11
Psconfig.exe12.0.6500.5000575,40026-Feb-200919:11
Psconfigui.exe12.0.6500.5000821,16026-Feb-200919:11
Qstedit.asxNot Applicable190,51426-Feb-200917:52
Qstnew.asxNot Applicable175,26026-Feb-200917:52
Query9x.dll_0002.x8612.0.6510.500081,21617-Jun-200923:27
Rgnldflt.xmlNot Applicable14,65317-Jun-200921:47
Schema.xml_announceNot Applicable92,05423-Apr-200905:30
Schema.xml_blog_postsNot Applicable337,75426-Feb-200917:53
Schema.xml_discussNot Applicable325,96303-Feb-201007:40
Schema.xml_doclibNot Applicable355,15926-Feb-200917:53
Schema.xml_usersNot Applicable371,41610-Sep-200903:21
Schema.xml_webtempNot Applicable152,56726-Feb-200917:52
Schema.xml_wplibNot Applicable85,58326-Feb-200917:52
Searchom.dll_0003.x8612.0.6531.50001,461,63209-Mar-201017:03
Searchom.dll_0005.x8612.0.6531.50001,461,63209-Mar-201017:03
Sigcfg.cerNot Applicable68908-Apr-201011:57
Sigcfg.dllNot Applicable8,03208-Apr-201011:57
Sigcfg.sqlNot Applicable41,76108-Apr-201011:57
Sigsdb.cer.x86Not Applicable68903-Feb-201009:24
Sigsdb.dll.x86Not Applicable8,03203-Feb-201009:24
Sigsdb.sql.x86Not Applicable154,21103-Feb-201009:24
Sigstore.cerNot Applicable68908-Apr-201011:57
Sigstore.dllNot Applicable8,02408-Apr-201011:57
Sigstore.sqlNot Applicable403,49408-Apr-201011:57
Spadmin.rsxNot Applicable220,52326-Feb-200917:50
Spwriter.exe_000112.0.6500.500034,16826-Feb-200919:11
Store.sqlNot Applicable2,757,92908-Apr-201011:57
Storeup.sqlNot Applicable2,683,10808-Apr-201011:07
Stoupddl.sqlNot Applicable13808-Apr-201011:07
Stsadm.exe12.0.6529.5000571,29603-Feb-201008:20
Stsap.dll12.0.6535.5000628,63208-Apr-201011:57
Stsapa.dll12.0.6500.5000268,13626-Feb-200919:11
Stslib.dll_000112.0.6517.5000128,87218-Sep-200905:41
Stsmmc.dll12.0.6500.500096,64826-Feb-200919:11
Stsom.dll12.0.6535.50039,566,07230-Apr-201010:40
Stsom.dll_000112.0.6535.50039,566,07230-Apr-201010:40
Stsomdr.dll12.0.6500.5000485,24026-Feb-200919:11
Stssoap.dll12.0.6535.5000313,20808-Apr-201011:57
Stswel.dll12.0.6535.50031,936,76030-Apr-201010:40
Stswfacb.dll12.0.6505.5000194,44006-May-200914:35
Stswfact.dll12.0.6505.5000194,44006-May-200914:35
Svrsetup.exe12.0.6500.5000439,14426-Feb-200922:24
Timezone.xmlNot Applicable64,37519-Nov-200923:34
Tquery.dll_0002.x8612.0.6535.50002,357,58408-Apr-201014:44
Traceman.exe12.0.6500.500045,41626-Feb-200919:11
Tscsy.xml.x86Not Applicable1,14225-Jul-200800:27
Usageids.xmlNot Applicable5,59326-Feb-200917:54
Viewedit.asxNot Applicable185,92026-Feb-200917:53
Viewnew.asxNot Applicable183,47726-Feb-200917:53
Web.cfgNot Applicable23,90126-Feb-200917:58
Wss.intl.dll.x8612.0.6500.5000198,57626-Feb-200919:43
Wss.rsxNot Applicable453,41003-Feb-201007:37
Wss.search.sql.x86Not Applicable431,50103-Feb-201009:24
Wss.search.up.sql.x86Not Applicable338,77603-Feb-201008:41
Wss.xsdNot Applicable72,86712-Aug-200901:10
Wssadmin.exe_000112.0.6500.500015,25626-Feb-200919:11
Wssadmop.dll_000112.0.6500.5000485,24026-Feb-200919:11
Wsspreupgradecheck.xmlNot Applicable10,57413-Oct-200905:24
Wsssetup.dll12.0.6500.50006,783,84826-Feb-200922:24
Xmlfiltr.dll.x862008.1231.6514.5000102,24818-Aug-200907:42

Windows SharePoint Services 3.0, 64-bit edition

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Admcmds.xml.x64Not Applicable50526-Feb-200918:34Not Applicable
Announce.gifNot Applicable2,42217-Oct-200314:48Not Applicable
Bpa.common.dll8.0.669.0208,89619-Jul-200703:36x86
Bpa.configcollector.dll8.0.669.0106,49619-Jul-200703:36x86
Bpa.networkcollector.dll8.0.669.045,05619-Jul-200703:36x86
Bpa.userinterface.dll8.0.669.0544,76819-Jul-200703:36x86
Camlqry.xsdNot Applicable9,58102-Feb-201008:25Not Applicable
Cfgupddl.sqlNot Applicable13808-Apr-201011:07Not Applicable
Configdb.sqlNot Applicable65,94708-Apr-201011:57Not Applicable
Configup.sqlNot Applicable49,18008-Apr-201011:07Not Applicable
Create.asxNot Applicable16,35028-Oct-200917:29Not Applicable
Custsat.dll9.0.3790.242840,82405-Jan-200711:55x86
Depl.xsdNot Applicable62,67206-Apr-201008:52Not Applicable
Dmslstschema_xmlNot Applicable358,47426-Feb-200917:52Not Applicable
Docexflt.xmlNot Applicable3,88326-Feb-200917:54Not Applicable
Docicon.xmlNot Applicable12,39126-Feb-200917:49Not Applicable
Dwdcw20.dll12.0.6500.50001,093,44826-Feb-200917:02x64
Dws.asxNot Applicable4,44128-Oct-200917:29Not Applicable
Editourl.asxNot Applicable6,99526-Feb-200917:51Not Applicable
Exchmime.dll8.0.685.19564,13615-Aug-200800:16x86
Feature_0003.xmlNot Applicable51112-Mar-200905:12Not Applicable
Fldedit.asxNot Applicable181,42126-Feb-200917:51Not Applicable
Fldnew.asxNot Applicable177,04526-Feb-200917:51Not Applicable
Fldswss.xmlNot Applicable214,91303-Feb-201007:40Not Applicable
Gosearch.gifNot Applicable52915-Aug-200800:51Not Applicable
Htrinfo.xml_0001Not Applicable4,34526-Feb-200917:49Not Applicable
Icodp.pngNot Applicable72502-May-200804:07Not Applicable
Icods.pngNot Applicable73802-May-200804:07Not Applicable
Icodt.pngNot Applicable75402-May-200804:07Not Applicable
Iiswbste.ascNot Applicable14,46326-Feb-200917:50Not Applicable
Itemrwfassoc.aspxNot Applicable50,07426-Feb-200917:51Not Applicable
Lg_icodp.pngNot Applicable2,00902-May-200804:07Not Applicable
Lg_icods.pngNot Applicable2,08502-May-200804:34Not Applicable
Lg_icodt.pngNot Applicable2,06602-May-200804:07Not Applicable
Msscntrs.dll_0001.x6412.0.6529.5000437,08003-Feb-201008:46Not Applicable
Mssdmn.exe_0001.x6412.0.6529.5000797,04003-Feb-201008:46Not Applicable
Mssearch.exe_0005.x6412.0.6529.5000572,31203-Feb-201008:46Not Applicable
Mssph.dll_0001.x6412.0.6529.50001,954,64003-Feb-201008:46Not Applicable
Mssrch.dll_0001.x6412.0.6529.50004,758,35203-Feb-201008:46Not Applicable
Nlhtml.dll_0002.x642008.1231.6510.5000228,19217-Jun-200921:48Not Applicable
Noisecsy.txt.x64Not Applicable225-Jul-200800:27Not Applicable
Noisedan.txt_0001.x64Not Applicable2,78409-Jan-200805:30Not Applicable
Offfilt.dll_0002.x642008.1231.6532.5000387,95217-Mar-201011:57Not Applicable
Offprsx.dll12.0.6529.50001,760,15203-Feb-201008:25x64
Oisimg.dll12.0.6500.500034,66426-Feb-200917:57x64
Oleprsx.dll12.0.6500.500035,21626-Feb-200917:57x64
Onetnative.dll12.0.6500.5000953,73626-Feb-200916:39x64
Onetutil.dll12.0.6535.50033,385,20830-Apr-201009:58x64
Owssvr.dll_000112.0.6535.50035,163,38430-Apr-201010:29Not Applicable
Owstimer.exe_000112.0.6520.500089,44013-Oct-200906:03Not Applicable
Prescan.exe12.0.6500.5000104,26426-Feb-200917:57x86
Psconfig.exe12.0.6500.5000575,40026-Feb-200917:57x86
Psconfigui.exe12.0.6500.5000821,16026-Feb-200917:57x86
Qstedit.asxNot Applicable190,51426-Feb-200917:52Not Applicable
Qstnew.asxNot Applicable175,26026-Feb-200917:52Not Applicable
Query9x.dll_0002.x6412.0.6510.5000219,45617-Jun-200923:01Not Applicable
Rgnldflt.xmlNot Applicable14,65317-Jun-200921:47Not Applicable
Schema.xml_announceNot Applicable92,05423-Apr-200905:30Not Applicable
Schema.xml_blog_postsNot Applicable337,75426-Feb-200917:53Not Applicable
Schema.xml_discussNot Applicable325,96303-Feb-201007:40Not Applicable
Schema.xml_doclibNot Applicable355,15926-Feb-200917:53Not Applicable
Schema.xml_usersNot Applicable371,41610-Sep-200903:21Not Applicable
Schema.xml_webtempNot Applicable152,56726-Feb-200917:52Not Applicable
Schema.xml_wplibNot Applicable85,58326-Feb-200917:52Not Applicable
Searchom.dll_0003.x6412.0.6531.50001,564,03209-Mar-201017:12Not Applicable
Searchom.dll_0005.x6412.0.6531.50001,564,03209-Mar-201017:12Not Applicable
Sigcfg.cerNot Applicable68908-Apr-201011:57Not Applicable
Sigcfg.dllNot Applicable8,03208-Apr-201011:57x86
Sigcfg.sqlNot Applicable41,76108-Apr-201011:57Not Applicable
Sigsdb.cer.x64Not Applicable68903-Feb-201009:24Not Applicable
Sigsdb.dll.x64Not Applicable8,03203-Feb-201009:24Not Applicable
Sigsdb.sql.x64Not Applicable154,21103-Feb-201009:24Not Applicable
Sigstore.cerNot Applicable68908-Apr-201011:57Not Applicable
Sigstore.dllNot Applicable8,02408-Apr-201011:57x86
Sigstore.sqlNot Applicable403,49408-Apr-201011:57Not Applicable
Spadmin.rsxNot Applicable220,52326-Feb-200917:50Not Applicable
Spwriter.exe_000112.0.6500.500056,16826-Feb-200917:57Not Applicable
Store.sqlNot Applicable2,757,92908-Apr-201011:57Not Applicable
Storeup.sqlNot Applicable2,683,10808-Apr-201011:07Not Applicable
Stoupddl.sqlNot Applicable13808-Apr-201011:07Not Applicable
Stsadm.exe12.0.6529.5000571,29603-Feb-201008:25x86
Stsap.dll12.0.6535.5000628,63208-Apr-201011:41x86
Stsapa.dll12.0.6500.5000268,13626-Feb-200917:57x86
Stslib.dll_000112.0.6517.5000128,87218-Sep-200905:32Not Applicable
Stsmmc.dll12.0.6500.5000160,64026-Feb-200917:57x64
Stsom.dll12.0.6535.50039,566,07230-Apr-201010:29x86
Stsom.dll_000112.0.6535.50039,566,07230-Apr-201010:29Not Applicable
Stsomdr.dll12.0.6500.5000485,22426-Feb-200917:57x86
Stssoap.dll12.0.6535.5000313,20808-Apr-201011:41x86
Stswel.dll12.0.6535.50033,328,88830-Apr-201010:29x64
Stswfacb.dll12.0.6505.5000194,45606-May-200914:15x86
Stswfact.dll12.0.6505.5000194,45606-May-200914:15x86
Svrsetup.exe12.0.6500.5000439,14426-Feb-200922:24x86
Timezone.xmlNot Applicable64,37519-Nov-200923:34Not Applicable
Tquery.dll_0002.x6412.0.6535.50004,783,95208-Apr-201012:32Not Applicable
Traceman.exe12.0.6500.500084,32826-Feb-200917:57x64
Tscsy.xml.x64Not Applicable1,14225-Jul-200800:27Not Applicable
Usageids.xmlNot Applicable5,59326-Feb-200917:54Not Applicable
Viewedit.asxNot Applicable185,92026-Feb-200917:53Not Applicable
Viewnew.asxNot Applicable183,47726-Feb-200917:53Not Applicable
Web.cfgNot Applicable23,90126-Feb-200917:58Not Applicable
Wss.intl.dll.x6412.0.6500.5000198,56026-Feb-200918:24Not Applicable
Wss.rsxNot Applicable453,41003-Feb-201007:37Not Applicable
Wss.search.sql.x64Not Applicable431,50103-Feb-201009:24Not Applicable
Wss.search.up.sql.x64Not Applicable338,77603-Feb-201008:41Not Applicable
Wss.xsdNot Applicable72,86712-Aug-200901:10Not Applicable
Wssadmin.exe_000112.0.6500.500015,25626-Feb-200917:57Not Applicable
Wssadmop.dll_000112.0.6500.5000485,22426-Feb-200917:57Not Applicable
Wsspreupgradecheck.xmlNot Applicable10,57413-Oct-200905:24Not Applicable
Wsssetup.dll12.0.6500.50006,783,84826-Feb-200922:24x86
Xmlfiltr.dll.x642008.1231.6514.5000204,13614-Aug-200915:25Not Applicable

Properties

Article ID: 983444 - Last Review: May 8, 2012 - Revision: 8.0
APPLIES TO
Keywords: 
kbexpertiseinter kbsecbulletin kbsecurity kbsecvulnerability kbqfe kbbug kbfix kbsurveynew KB983444

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com