You are currently offline, waiting for your internet to reconnect

MS09-033: Vulnerability in Virtual PC and Virtual Server could allow elevation of privilege

INTRODUCTION
Microsoft has released security bulletin MS09-033. To view the complete security bulletin, visit one of the following Microsoft Web sites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:Virus Solution and Security Center

Local support according to your country: International Support

Known issues that affect this security update

  • When you try to install this update in Windows Vista or in Windows Server 2008, you may receive an error message that resembles the following:
    Access is denied
    To resolve this issue, install this update by using an "elevated prompt." To do this, follow these steps:
    1. Download the update file to a temporary folder, such as the "Downloads" folder.
    2. Right-click the update, and then click "Run as administrator."

      User Account Control permission If you are prompted for an administrator password or for confirmation, type your password or click Continue.
    When you run the file as an administrator, the update should install successfully.
  • When you install the security update in Windows Vista or in Windows Server 2008 for Virtual PC 2007 or Virtual PC 2007 SP1 from the Download Center, you may receive a message that states the name of the software is "Microsoft Virtual PC 2004 SP1 Patcher Package".This issue occurs for both the x86 and x64 versions of the update. This message is incorrect and can be ignored. The binary is correct for the platform. This can be validated by reviewing the file name.
  • When you install the 64-bit version of update 969856 on a 32-bit operating system, the installation may fail. This issue occurs because the Advpack.dll file experiences an error when it creates the process for the update. When this issue occurs, you may receive an error message that states that the update did not install.
  • The file date of VMM.sys file that is installed by this security update corresponds to the date of installation, and not to the date that the files were produced by Microsoft. To determine whether the update was installed, we recommend that you validate the version number of the respective files as documented in the "File Information" section.
  • The update for Microsoft Virtual PC 2007 RTM does install on installations of Virtual PC 2007 Service Pack 1. This issue might occur if you accidentally download and install the incorrect version of the update. The binary that is installed by both updates is identical, and will not cause compatibility issues or user experience issues. The security vulnerability will protect the system as intended in this scenario. However, the version of VMM.sys will be 1.1.598.0. Although this is earlier than the version before installation, the security update is installed and does protect the system. However, we do not recommend that you install the RTM version of the security update on a Service Pack 1-based system.
  • This security update will not create a log file during installation.
  • This security update cannot be uninstalled after you install it. If you want to roll back the security update, we recommend that you uninstall and then reinstall Virtual PC or Virtual Server. You can do this without losing data inside the virtual machines.
  • This security update does not leave an entry in Add Or Remove Programs.
  • To use the registry entries to validate whether the security update is installed, you have to determine whether the value of the registry key that is listed in the bulletin is "VSPatcher2." These entries are already present on an installation that does not have the security update installed. However, the entry will have a different value.
  • This security update does not force a restart after installation when it is downloaded and installed from the Microsoft Download Center. However, you must restart the system for the updated kernel VMM driver to take effect.
FILE INFORMATION
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

For 32-bit editions of Virtual PC 2007

File NameVersionDateTimeSize
VMM.sys1.1.598.0Date of update installationTime of update installation229,224

For x64-based editions of Virtual PC 2007

File NameVersionDateTimeSize
VMM.sys1.1.598.0Date of update installationTime of update installation294,232

For 32-bit editions of Virtual PC 2007 Service Pack 1

File NameVersionDateTimeSize
VMM.sys1.1.656.0Date of update installationTime of update installation229,224

For x64-based editions of Virtual PC 2007 Service Pack 1

File NameVersionDateTimeSize
VMM.sys1.1.656.0Date of update installationTime of update installation294,232

For 32-bit editions of Virtual Server 2005 R2 Service Pack 1

File NameVersionDateTimeSize
VMM.sys1.1.656.0Date of update installationTime of update installation229,224

For x64-based editions of Virtual Server 2005 R2 Service Pack 1

File NameVersionDateTimeSize
VMM.sys1.1.656.0Date of update installationTime of update installation294,232

For Virtual Server 2005

File NameVersionDateTimeSize
VMM.sys1.1.465.16Date of update installationTime of update installation1,51,552

For 32-bit editions of Virtual PC 2004 Service Pack 1

File NameVersionDateTimeSize
VMM.sys1.1.465.15Date of update installationTime of update installation145,408
MORE INFORMATION

How to determine whether you are running a 32-bit or 64-bit edition of Windows

If you are not sure which version of Windows that you are running, or whether it is a 32-bit version or a 64-bit version, open System Information (Msinfo32.exe) to review the value that is listed for System Type.To do this, follow these steps:
  1. Click Start, and then click Run or click Start Search.
  2. Type msinfo32.exe, and then press ENTER.
  3. In System Information, review the value for System Type.
    • For 32-bit editions of Windows, the System Type value is x86-based PC.
    • For 64-bit editions of Windows, the System Type value is x64-based PC.
For more information about how to determine whether you are running a 32-bit or 64-bit edition of Windows, click the following article number to view the article in the Microsoft Knowledge Base:
827218How to determine whether your computer is running a 32-bit version or a 64-bit version of the Windows operating system
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE WinNT Win2000
Properties

Article ID: 969856 - Last Review: 05/09/2012 16:55:00 - Revision: 5.0

Microsoft Virtual PC 2007 Service Pack 1, Microsoft Virtual PC 2007, Microsoft Virtual Server 2005 R2 Service Pack 1, Microsoft Virtual Server 2005 Enterprise Edition, Microsoft Virtual Server 2005 Standard Edition

  • atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability kbsurveynew KB969856
Feedback