You are currently offline, waiting for your internet to reconnect

MS09-043: Description of the security update for Office 2003 Web Components in Internet Security and Acceleration Server 2004 and in Internet Security and Acceleration Server 2006: August 11, 2009

INTRODUCTION
Microsoft has released security bulletin MS09-043. To view the complete security bulletin, visit the following Microsoft Web site:Notes
  • This update makes no changes to Microsoft Internet Security and Acceleration (ISA) Server. Instead, this security update sets the killbit in the registry for the Microsoft Office 2003 Web Components control. Office Web Components are used together by ISA Server to generate ISA Server reports. Setting this killbit does not adversely affect ISA Server report generation or viewing. For more information, see the "More Information" section. Additionally, you can view the complete security bulletin by using the link earlier in this article.
  • If you use Office 2003 Web Components together with a product other than ISA Server 2004 or ISA Server 2006, you must obtain a separate update.

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:Virus Solution and Security Center

Local support according to your country: International Support

MORE INFORMATION
This section describes the registry subkeys that are written when this security update is installed. All the registry subkeys that are written by this security update are global. The registry subkeys are the same for every locale. There are two sets of subkeys that are written by this security update. One set of registry subkeys kills the Office 2003 Web Components controls. The other registry subkey is used by the detection services such as Microsoft Update to determine whether this security update is installed.

The killbit is set in the following registry subkeys:
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E559-0000-0000-C000-000000000046}


    Note The DWORD Compatibility Flags value is set to 0x00000400.
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E55B-0000-0000-C000-000000000046}


    Note The DWORD Compatibility Flags value is set to 0x00000400.
When these registry settings are set, the following table lists the Office 2003 Web Components controls that are blocked.
ControlOld GUID
Spreadsheet Component{0002E559-0000-0000-C000-000000000046}
Office DataSource Component{0002E55B-0000-0000-C000-000000000046}
Additionally, the following registry subkey is set for the detection services to determine whether this security update is installed:
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Self-Extractor\Package\{660F4016-321C-4AA3-821D-D927A88F4C9C}


    Note The REG_SZ Name value is set to " Security Update for Internet Security and Acceleration Server (KB947826)."
Isa2004 isa2006 isa2k4 isa2k6 owc2003 owc2k3 update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service dos 2003 components owc patch performance security stability update web isa 2004 isa 2006 office
Properties

Article ID: 947826 - Last Review: 05/08/2012 16:28:00 - Revision: 3.0

  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2004 Standard Edition
  • Microsoft Windows Small Business Server 2003 R2 Premium Edition
  • kbsurveynew kbsecvulnerability kbsecurity kbsecbulletin kbfix kbexpertiseinter kbbug atdownload KB947826
Feedback