MS09-044: Description of the security update for Remote Desktop Client Version 5.0 in Windows 2000: August 11, 2009
Microsoft has released security bulletin MS09-044. To view the complete security bulletin, visit one of the following Microsoft Web sites:
- Home users:Skip the details: Download the updates for your home computer or laptop from the Microsoft Update Web site now:
- IT professionals:
How to obtain help and support for this security updateHelp installing updates: Support for Microsoft Update
Security solutions for IT professionals: TechNet Security Troubleshooting and Support
Help protect your computer that is running Windows from viruses and malware:Virus Solution and Security Center
Local support according to your country: International Support
Security update 958471 updates the following binaries:
Note The files are updated only if the files were already present on the client computer.
|Binary Name||Standard locations|
|Mstsc.exe||a) %ProgramFiles%\Terminal Services Client|
| b) Install path under |
Security update 958471 updates the following binaries on the following operating systems:
Frequently asked questionsQuestion Is Remote Desktop Connection (RDC) client version 5.0 in Windows 2000 fixed?
Answer Yes, RDC version 5.0 in Windows 2000 is fixed by upgrading RDC from version 5.0 to version 5.1. Therefore, you see user interface changes in the RDC client. Additionally, RDC 5.1 contains some additional functionality, including "redirection."
Question My RDC client is in a custom location. Will it be updated?
Answer Because of the properties of the older RDC installer, RDC clients that are located in nonstandard locations may not be updated correctly. To address this issue, we recommend that you uninstall the client, reinstall the client by using the default installation properties, and then install the security update.
Question If I have an application that deploys the Remote Desktop Web Connection binaries in non-default locations, will this security update patch my installation?
Answer This update updates the Microsoft Remote Desktop Web Connection binaries in standard locations. If your redistributed Microsoft Remote Desktop Web Connection binaries are in a custom location, you will have to update custom location with the updated Microsoft Remote Desktop Web Connection binaries.
Question Why do I have to install both security update 958471 and security update 958470 when I use Windows 2000 with the in-box RDC 5.0 client?
Answer Installing security update 958471 upgrades the in-box RDC 5.0 component to a version of RDC 5.1 that includes this security update. Installing security update 958470 makes no further changes to any binaries, but it still deploys a killbit that prevents the old ActiveX control from being instantiated from Internet Explorer. Therefore, we recommend that you install of both security updates on affected Windows 2000 systems.
Note Remote Desktop Connection 5.0 is also known as Terminal Services Client and is sometimes described as RDP because it is the implementation of Remote Desktop Protocol on that system.
Question After I install security update 958471 on a Windows 2000-based computer, the RDC user interface changes significantly.Why?
Answer Windows 2000-based computers typically use RDC 5.0. After you install security update 958471, the RDC client upgrades to version 5.1. The newer version of RDC has following changes, compared to RDC 5.0:
- Better error handling
- New user interface
- Ability to use the Remote Desktop Client by using the connection file
- New functionality, including "redirection"
Question After I install security update 958471 or security update 958470 in Windows 2000, my other applications no longer work.Why?
Answer This problem may occur because security update 958471 upgrades RDC 5.0 to RDC 5.1.
Question After I installed security update 958470 or 958471, which upgraded my system from RDC 5.0 to RDC 5.1, I manually reinstalled RDC 5.0. Will I be re-offered the update?
Answer Security updates 958470 and 958471 upgrade the computer to RDC 5.1 from RDC 5.0. If you explicitly reinstall RDC 5.0 after deployment, this update will not be re-offered. However, we recommend that you manually download the security update and reinstall it. Note that Microsoft no longer makes RDC 5.0 available for download.
Question I have RDC 5.0 through Terminal Services Advanced Client (TSAC). However, this update is not offered to me. Why?
Answer The RDC 5.0 version that is installed through TSAC is updated by security update 958470. Therefore security update 958470 is offered.
Question I have RDC 5.0 installed on a computer that is running Windows Server 2000. If I try to install security update 958471, I receive an error message that states "RDC 5.0 is not present on the computer." Why?
Answer This update updates the RDC 5.0 binaries only at standard locations. You receive this error message if the binaries are in any location other than the standard location. The standard locations for RDC 5.0 are as follows:
- The UninstallString registry entry is located in the following registry location:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Terminal Server Client
- %SystemDrive%\Program Files\Terminal Services Client
Question Security updates 958469 and 958470 carry 26 Msrdp.ocx files. However, only one Msrdp.ocx file is deployed. Why?
Answer Frequently, the Msrdp.ocx is of a different language than the computer language. Therefore, this update updates the Msrdp.ocx file that is the same language as the original Msrdp.ocx file.
KB offer matrix based on the RDC version and platforms
RDC versions (in-band and Microsoft-supported out-of-band releases)
Note In this table, x = not applicable.
|RDC 5.0||RDC 5.1||RDC 5.2||RDC 6.0||RDC 6.1|
|Windows Vista RTM||x||x||x||KB956744*||x|
|Windows Vista SP1 and Windows Vista SP2||x||x||x||x||KB956744*|
|Windows XP SP2||x||KB958470*||KB958469||KB956744*||KB956744*|
|Windows XP SP3||x||x||KB958469||x||KB956744*|
|Windows Server 2003 SP2||x||x||KB958469*||KB956744*||x|
|Windows 2000 SP4||KB958471*||KB958470*||KB958470||x||x|
Note In this table, almost all users are represented by the scenarios in the table that contain asterisks (*).
The English (United States) version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
|File name||File version||File size||Date||Time||Platform|
|Mstsc.chm||Not Applicable||67,569||07-Jan-2009||03:28||Not Applicable|
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE WinNT Win2000
Article ID: 958471 - Last Review: 05/09/2012 17:11:00 - Revision: 7.0
Microsoft Windows 2000 Service Pack 4
- kbfix kbbug kbqfe kbsecvulnerability kbsecurity kbsecbulletin kbaccelerators kbsurveynew kbexpertiseinter kbexpertisebeginner KB958471