You are currently offline, waiting for your internet to reconnect

Your browser is out-of-date

You need to update your browser to use the site.

Update to the latest version of Internet Explorer

MS10-083: Vulnerability in COM Validation in Windows Shell and WordPad could allow remote code execution

Support for Windows XP has ended

Microsoft ended support for Windows XP on April 8, 2014. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: Support is ending for some versions of Windows.
INTRODUCTION
Microsoft has released security bulletin MS10-083. To view the complete security bulletin, visit one of the following Microsoft websites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:Virus Solution and Security Center

Local support according to your country: International Support

MORE INFORMATION

Known issues and additional information about this security update

Update links for Windows Vista SP1 or for Windows Server 2008

Update for systems that have Windows Search 4.0 installed

Systems that have Windows Search 4.0 (update 940157) installed on Windows Vista or Windows Server 2008 must install the following update instead of the update that is provided in the security bulletin MS10-083. This is because, by default, update 940157 for Windows Search 4.0 installs a higher binary version than the binaries that are on the system. The updates that are offered by security bulletin MS10-083 will not overwrite the binary versions that are installed by update 940157.

Systems that have automatic update turned on or that use detection and deployment tools such as Microsoft Windows Server Update Services (WSUS) server will be offered the update automatically. If you have to manually install this update on Windows Vista SP1, Windows Vista SP2, Windows Server 2008, or Windows Server 2008 SP2 with Windows Search 4.0 installed, visit the following Microsoft Download Center webpages.


The following files are available for download from the Microsoft Download Center:


For Windows Vista SP1 with Windows Search 4.0 installed

DownloadDownload the Windows6.0-KB979688-v2-x86.msu package now.

For Windows Vista SP1 x64 edition with Windows Search 4.0 installed

DownloadDownload the Windows6.0-KB979688-v2-x64.msu package now.

For Windows Server 2008 with Windows Search 4.0 installed

DownloadDownload the Windows6.0-KB979688-v2-x86.msu package now.

For Windows Server 2008 x64 edition with Windows Search 4.0 installed

DownloadDownload the Windows6.0-KB979688-v2-x64.msu package now.

Release Date: October 12, 2010

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Update links for Windows Vista SP2 or for Windows Server 2008 SP2

The following updates are being offered to customers who have systems that were updated in the following order:
  1. Windows Vista SP1 or Windows Server 2008 is installed.
  2. Windows Desktop Search 4.0 is installed.
  3. The updates offered previously in this article are installed.
  4. The system is migrated to Windows Vista SP2 or to Windows Server 2008 SP2.

For Windows Vista SP2 with Windows Search 4.0 installed

DownloadDownload the Security Update for Windows Vista Service Pack 2 package now.

For Windows Vista SP2 x64 edition with Windows Search 4.0 installed

DownloadDownload the Security Update for Windows Vista for x64-based Systems Service Pack 2 package now.

For Windows Server 2008 SP2 with Windows Search 4.0 installed

DownloadDownload the Security Update for Windows Server 2008 Service Pack 2 package now.

For Windows Server 2008 x64 edition SP2 with Windows Search 4.0 installed

DownloadDownload the Security Update for Windows Server 2008 x64 Edition Service Pack 2 package now.

Release Date: December 14, 2010

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

The following articles contain more information about this security update as it relates to individual product versions. The articles may contain information about known issues. When this is the case, the known issue is listed below each article link.
  • 979687 MS10-083: Description of the security update for WordPad: October 12, 2010
  • 979688 MS10-083: Description of the security update for Windows Shell: October 12, 2010
FILE INFORMATION
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Windows Vista and Windows Server 2008 file information

  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.0.6000.16xxxWindows VistaRTMGDR
    6.0.6000.20xxxWindows VistaRTMLDR
    6.0.6001.18xxxWindows Vista SP1 and Windows Server 2008 SP1SP1GDR
    6.0.6001.22xxxWindows Vista SP1 and Windows Server 2008 SP1SP1LDR
    6.0.6002.18xxxWindows Vista SP2 and Windows Server 2008 SP2SP2GDR
    6.0.6002.22xxxWindows Vista SP2 and Windows Server 2008 SP2SP2LDR
  • Service Pack 1 is integrated into the release version of Windows Server 2008. Therefore, RTM milestone files apply only to Windows Vista. RTM milestone files have a 6.0.0000. xxxxxx version number.
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
  • The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately. MUM and MANIFEST files, and the associated security catalog (.cat) files, are critical to maintaining the state of the updated component. The security catalog files (attributes not listed) are signed with a Microsoft digital signature.

For all supported x86-based versions of Windows Vista and of Windows Server 2008

File name File version Date TimeFile Size
msshsq.dll 7.0.6001.18528 2010/09/20 18:25:01 231,936

For all supported x64-based versions of Windows Vista and of Windows Server 2008

File name File version Date TimeFile SizePlatform
msshsq.dll 7.0.6001.18528 2010/09/20 18:25:01 231,936x86
msshsq.dll 7.0.6001.18528 2010/09/20 21:14:32 316,416x64

For all supported IA-64-based versions of Windows Server 2008

File name File version Date TimeFile SizePlatform
msshsq.dll 7.0.6001.18528 2010/09/20 18:25:01 231,936x86
msshsq.dll 7.0.6001.18528 2010/09/20 21:14:32 316,416x64
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE
Properties

Article ID: 2405882 - Last Review: 05/11/2012 22:42:00 - Revision: 4.0

  • Windows 7 Enterprise
  • Windows 7 Home Basic
  • Windows 7 Home Premium
  • Windows 7 Professional
  • Windows 7 Ultimate
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 Service Pack 2
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Web Server 2008
  • Windows Vista Service Pack 2
  • Windows Vista Service Pack 1
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows XP Service Pack 3
  • atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability KB2405882
Feedback
mp;t=">I=4050&did=1&t="> var varCustomerTracking = 1; var Route = "76500"; var Ctrl = ""; document.write(" ')[0].appendChild(m);" onload="var m=document.createElement('meta');m.name='ms.dqp0';m.content='false';document.getElementsByTagName('head')[0].appendChild(m);" src="http://c1.microsoft.com/c.gif?"> d=1&t=">