Sujet Précédent Sujet Suivant

Ordinateur Lent + Mises à jour désactivées

Résolu
Gohantanemoub Messages postés 50 Statut Membre -  
 adama02 -
Bonjour tout le monde je rencontres des problèmes depuis hier à savoir les mises à jour automatiques sont désactivées, pas moyen de les réactiver et mon ordinateur et subitement lent ainsi qu'internet.... Merci de m'aider
A voir également:

31 réponses

Précédent
  • 1
  • 2
Réponse 21 / 31
Gohantanemoub Messages postés 50 Statut Membre
 
up...
0
Réponse 22 / 31
Gohantanemoub Messages postés 50 Statut Membre
 
pleaze aide moi c'est de pire en pire !
0
Réponse 23 / 31
Utilisateur anonyme
 
bonjour pour commencer :

nettoie ton pc avec ccleaner(gratuit)
https://www.ccleaner.com/

télécharge/installe/met a jour et nettoie ton pc avec spybot (gratuit)
http://users.skynet.be/fa936042/spybotsd13.exe

télécharge/installe/met a jour et nettoie ton pc avec adaware (gratuit)
https://www.adaware.com/fr

télécharge/installe/met a jour et nettoie ton pc avec Microsoft anti-spyware (GIANT anti-spyware) (gratuit)
https://www.microsoft.com/fr-fr/security?rtc=1

en cas d'échec des solutions gratuites précédentes:
télécharge/installe/met a jour et nettoie ton pc avec spysweeper:
(démo valable 30 jours)
https://www.webroot.com/fr/fr

afin de ne plus te faire infecter a nouveau applique les solutions préventives ci-dessous:

préventif==>

télécharge/installe et vaccine ton pc avec spywareblaster (gratuit)
http://www.brightfort.com/spywareblaster.html

change de navigateur internet
remplace internet explorer par firefox (gratuit)
http://www.mozilla-europe.org/fr/products/firefox/

si tu est sous Windows 2000 / XP / 2003 server
vaccine ton pc avec Windows Worms Doors Cleaner (gratuit)
http://www.firewallleaktester.com/tools/wwdc.exe
0
Réponse 24 / 31
Gohantanemoub Messages postés 50 Statut Membre
 
Merci beaucoup sa refonctionne
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 31
isa
 
ma mise a jour est desactive j ai fait a plusieur reprise la reactivation automatique mais sa marche toujours pas
0
Réponse 26 / 31
cybernad
 
Bonsoir,

J'ai le même problème. De plus DSS ne fonctionne pas sur mon pc j'ai un message d'erreur.

Je viens d'utiliser l'autre programme worms doors et là j'ai quelques messages ... deux ok et trois problèmes. Lorsque je clique sur le lien pour expliquer le problème c'est en anglais.. Je poste le premier message. Si l'on peut m'aider?

Microsoft Security Bulletin MS03-026
Buffer Overrun In RPC Interface Could Allow Code Execution (823980)

Originally posted: July 16, 2003
Revised: September 10, 2003

Summary
Who should read this bulletin:
Users running Microsoft ® Windows ®

Impact of vulnerability:
Run code of attacker's choice

Maximum Severity Rating:
Critical

Recommendation:
Systems administrators should apply the patch immediately

End User Bulletin:
An end user version of this bulletin is available at:

https://www.microsoft.com/fr-fr/security?rtc=1

Protect your PC:
Additional information on how you can help protect your PC is available at the following locations:

• End Users can visit the Protect Your PC Web site.

• IT Professionals can visit the Microsoft TechNet Security Center Web site.

Affected Software:

• Microsoft Windows NT® 4.0

• Microsoft Windows NT 4.0 Terminal Services Edition

• Microsoft Windows 2000

• Microsoft Windows XP

• Microsoft Windows Server™ 2003

Not Affected Software:

• Microsoft Windows Millennium Edition

Top of section
General Information
Technical details

Technical description:

Microsoft originally released this bulletin and patch on July 16, 2003 to correct a security vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface. Subsequent to the release of this bulletin Microsoft has been made aware that additional ports involving RPC can be used to exploit this vulnerability. Information regarding these additional ports has been added to the mitigating factors and the Workaround section of the bulletin. In addition, Microsoft has released security bulletin MS03-039 and an updated scanning tool which supersedes this bulletin and the original scanning tool provided with it.

The updated tool provided with MS03-039 supersedes the one provided in Microsoft Knowledge Base article 826369. If the tool originally provided with this bulletin is used against a system which has installed the security patch provided MS03-039, the outdated tool will incorrectly report that the system is missing the patch provided in MS03-026. Microsoft encourages customers to run the latest version of the tool available in Microsoft Knowledge Base article 827363 to determine if their systems are patched.

Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions.

There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerability affects a Distributed Component Object Model (DCOM) interface with RPC, which listens on RPC enabled ports. This interface handles DCOM object activation requests that are sent by client machines to the server. An attacker who successfully exploited this vulnerability would be able to run code with Local System privileges on an affected system. The attacker would be able to take any action on the system, including installing programs, viewing changing or deleting data, or creating new accounts with full privileges.

To exploit this vulnerability, an attacker would need to send a specially formed request to the remote computer on specific RPC ports.

Mitigating factors:

• To exploit this vulnerability, the attacker would require the ability to send a specially crafted request to port 135, 139, 445 or 593 or any other specifically configured RPC port on the remote machine. For intranet environments, these ports would normally be accessible, but for Internet connected machines, these would normally be blocked by a firewall. In the case where these ports are not blocked, or in an intranet configuration, the attacker would not require any additional privileges.

• Best practices recommend blocking all TCP/IP ports that are not actually being used, and most firewalls including the Windows Internet Connection Firewall (ICF) block those ports by default. For this reason, most machines attached to the Internet should have RPC over TCP or UDP blocked. RPC over UDP or TCP is not intended to be used in hostile environments such as the Internet. More robust protocols such as RPC over HTTP are provided for hostile environments.

To learn more about securing RPC for client and server please refer to https://docs.microsoft.com/en-us/windows/win32/rpc/writing-a-secure-rpc-client-or-server?redirectedfrom=MSDN

To learn more about the ports used by RPC, please refer to: https://docs.microsoft.com/en-us/

Severity Rating:

Windows NT 4.0
Critical

Windows NT 4.0 Terminal Server Edition
Critical

Windows 2000
Critical

Windows XP
Critical

Windows Server 2003
Critical

The above assessment is based on the types of systems affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them.

Vulnerability identifier: CAN-2003-0352

Tested Versions:

Microsoft tested Windows Me, Windows NT 4.0, Windows NT 4.0 Terminal Services Edition, Windows 2000, Windows XP and Windows Server 2003, to assess whether they are affected by this vulnerability. Previous versions are no longer supported, and may or may not be affected by this vulnerability.

Top of section
Frequently asked questions

Why have you revised this bulletin?
Subsequent to the release of this bulletin Microsoft has been made aware that additional ports involving RPC can be used to exploit this vulnerability. Information regarding these additional ports has been added to the mitigating factors and the Workaround section of the bulletin. In addition, Microsoft has released security bulletin MS03-039 and a new scanning tool which supersedes this bulletin and the original scanning tool provided with it. As such, the bulletin has also been updated to reflect the release of the new patch and new scanning tool.

Is the patch supported on Windows 2000 Service Pack 2?
This security patch will install on Windows 2000 Service Pack 2. However, Microsoft no longer supports this version, according to the Microsoft Support Lifecycle policy found at https://docs.microsoft.com/en-us/lifecycle/ In addition, this security patch has only received minimal testing on Windows 2000 Service Pack 2. Customers are strongly advised to upgrade to a supported service pack as soon as possible. Microsoft Product Support Services will support customers who have installed this patch on Windows 2000 Service Pack 2 if a problem results from installation of the patch.

Is the patch supported on Windows NT 4.0 Workstation?
This security patch will install on Windows NT 4.0 Workstation Service Pack 6a. However, Microsoft no longer supports this version, according to the Microsoft Support Lifecycle policy found at https://docs.microsoft.com/en-us/lifecycle/ In addition, this security patch has only received minimal testing on Windows NT 4.0 Workstation Service Pack 6a. Customers are strongly advised to upgrade to a supported version as soon as possible. Microsoft Product Support Services will support customers who have installed this patch on Windows NT 4.0 Workstation Service Pack 6a if a problem results from installation of the patch.

Are there any tools I can use to detect systems on my network that do not have the MS03-026 patch installed?
Yes - Microsoft has released a tool that can be used to scan a network for the presence of systems which have not had the MS03-026 or the newly released MS03-039 patch installed. More details on this tool are available in Microsoft Knowledge Base article 827363.

I previously downloaded the scanning tool for MS03-026, should I download the updated tool?
Yes - although the original scanning tool still scans properly for systems that do not have MS03-026 installed, Microsoft has released MS03-039, which supersedes this bulletin. Once MS03-039 is installed, the original scanning tool will no longer give reliable results. However, the newly released scanning tool will properly scan for vulnerable computers and provide the proper results if MS03-039 has been installed.

What's the scope of the vulnerability?
This is a buffer overrun vulnerability. An attacker who successfully exploited this vulnerability could gain complete control over a remote computer. This would give the attacker the ability to take any action on the server that they want. For example, and attacker could change Web pages, reformat the hard disk, or add new users to the local administrators group.
To carry out such an attack, an attacker would require the ability to send a malformed message to the RPC service and thereby cause the target machine to fail in such a way that arbitrary code could be executed.

What causes the vulnerability?
The vulnerability results because the Windows RPCSS service does not properly check message inputs under certain circumstances. After establishing a connection, an attacker could send a specially crafted malformed RPC message to cause the underlying Distributed Component Object Model (DCOM) process on the remote system to fail in such a way that arbitrary code could be executed.

What is DCOM?
The Distributed Component Object Model (DCOM) is a protocol that enables software components to communicate directly over a network. Previously called "Network OLE," DCOM is designed for use across multiple network transports, including Internet protocols such as HTTP.

What is Remote Procedure Call (RPC)?
Remote Procedure Call (RPC) is a protocol that a program can use to request a service from a program located on another computer in a network. RPC helps with interoperability because the program using RPC does not have to understand the network protocols that are supporting communication. In RPC, the requesting program is the client and the service-providing program is the server.

What is COM Internet Services (CIS) and RPC over HTTP?
RPC over HTTP - v1 (Windows NT 4.0, Windows 2000) and v2 (Windows XP, Windows Server 2003) introduce support for a new RPC transport protocol that allows RPC to operate over TCP ports 80 and 443 (v2 only). This allows a client and a server to communicate in the presence of most proxy servers and firewalls. COM Internet Services (CIS) allows DCOM to use RPC over HTTP to communicate between DCOM clients and DCOM servers.
More information on "RPC over HTTP " for Windows Server 2003 can be found at the following URL:
https://docs.microsoft.com/en-us/windows/win32/rpc/remote-procedure-calls-using-rpc-over-http?redirectedfrom=MSDN
More information on COM Internet Services (sometimes referred to as CIS) can be found at the following URL:
http://msdn2.microsoft.com/en-us/library/ms809302

How do I know if I have COM Internet Services (CIS) or RPC over HTTP installed?
To determine whether a server has COM Internet Services or RPC over HTTP installed follow the steps below:

• On Windows NT 4.0 systems with the Windows NT Option Pack installed: Search on all partitions for "rpcproxy.dll". If "rpcproxy.dll" is found on the server, COM Internet Services is installed.

• On Windows 2000 and Windows Server 2003 servers:

In Control Panel, double-click Add/Remove Programs, and then double-click Add/Remove Windows Components.
The Windows Components Wizard starts.
Click Networking Services, and then click Details.
If the COM Internet Services Proxy (for Windows 2000 Server) or the RPC over HTTP Proxy (for Windows Server 2003) check box is selected, CIS or RPC over HTTP support is enabled on the server.

Note: You can also search for "rpcproxy.dll" on Windows 2000 and Windows Server 2003 installations if you want to remotely or programmatically determine if CIS or RPC over HTTP is installed.
To search for a specific file on your computer: click Start, click Search, click For Files or Folders, and then type the name of the file that you want to search for.
The search may take several minutes, depending on the size of your hard disk.

What's wrong with the RPCSS Service?
There is a flaw in the RPCSS Service that deals with DCOM activation. A failure results because of incorrect handling of malformed messages. This particular failure affects the underlying RPCSS Service used for DCOM activation, which listens on UDP ports 135, 137, 138, 445 and TCP ports 135, 139, 445, 593. Additionally, it can listen on ports 80 and 443 if CIS or RPC over HTTP is enabled.
By sending a malformed RPC message, an attacker could cause the RPCSS Service on a system to fail in such a way that arbitrary code could be executed.

Is this a flaw in the RPC Endpoint Mapper?
No - Although the RPC endpoint mapper shares the RPCSS service with the DCOM infrastructure, the flaw actually occurs in the DCOM Activation infrastructure. The RPC endpoint mapper allows RPC clients to determine the port number currently assigned to a particular RPC service. An endpoint is a protocol-specific identifier of a service on a host machine. For protocols like TCP or UDP, this is a port. For named pipes, it is a named pipe name. Other protocols use other protocol specific endpoints.

What could this vulnerability enable an attacker to do?
An attacker who successfully exploited this vulnerability could be able to run code with Local System privileges on an affected system. The attacker could be able to take any action on the system, including installing programs, viewing changing or deleting data, or creating new accounts with full privileges.

How could an attacker exploit this vulnerability?
An attacker could seek to exploit this vulnerability by creating a program that could communicate with a vulnerable server over an affected TCP/UDP port to send a specific kind of malformed RPC message. Receipt of such a message could cause the RPCSS service on the vulnerable system to fail in such a way that it could execute arbitrary code.
It could also be possible to access the affected component through another vector, such as one that would involve logging onto the system interactively or by using another application that passed parameters to the vulnerable component-- locally or remotely.

Who could exploit this vulnerability?
Any user who could deliver a malformed RPC message to the RPCSS Service on an affected system could attempt to exploit this vulnerability. Because the RPCSS Service is on by default in all versions of Windows, this in essence means that any user who could establish a connection with an affected system could attempt to exploit this vulnerability.

What does the patch do?
The patch corrects the vulnerability by altering the DCOM implementation to properly check the information passed to it.

Workarounds:

Are there any workarounds that can be used to help block exploitation of this vulnerability while I am testing or evaluating the patch?

Yes. Although Microsoft urges all customers to apply the patch at the earliest possible opportunity, there are a number of workarounds that can be applied to help prevent the vector used to exploit this vulnerability in the interim. There is no guarantee that the workarounds will block all possible attack vectors.
It should be noted that these workarounds should be considered temporary measures as they just help block paths of attack rather than correcting the underlying vulnerability.

• Block UDP ports 135, 137, 138, 445 and TCP ports 135, 139, 445, 593 at your firewall and disable COM Internet Services (CIS) and RPC over HTTP, which listen on ports 80 and 443, on the affected systems.

These ports are used to initiate an RPC connection with a remote computer. Blocking them at the firewall ,will help prevent systems behind that firewall from being attacked by attempts to exploit these vulnerabilities. You should also be sure and block any other specifically configured RPC port on the remote machine.
If enabled, CIS and RPC over HTTP allow DCOM calls to operate over TCP ports 80 (and 443 on XP and Windows Server 2003). Make sure that CIS and RPC over HTTP are disabled on all the affected systems.
More information on how to disable CIS can be found in Microsoft Knowledge Base Article 825819.
For information regarding RPC over HTTP, see https://docs.microsoft.com/en-us/windows/win32/rpc/rpc-over-http-security?redirectedfrom=MSDN

• Use a personal firewall such as Internet Connection Firewall (only available on XP and Windows Server 2003) and disable COM Internet Services (CIS)and RPC over HTTP, which listen on ports 80 and 443, on the affected machines, especially any machines that connect to a corporate network remotely using a VPN or similar.

If you are using the Internet Connection Firewall in Windows XP or Windows Server 2003 to protect your Internet connection, it will by default block inbound RPC traffic from the Internet. Make sure that CIS and RPC over HTTP are disabled on all affected machines.
More information on how to disable CIS can be found in Microsoft Knowledge Base Article 825819.
For information regarding RPC over HTTP, see https://docs.microsoft.com/en-us/windows/win32/rpc/rpc-over-http-security?redirectedfrom=MSDN

• Block the affected ports using an IPSEC filter and disable COM Internet Services (CIS) and RPC over HTTP, which listen on ports 80 and 443, on the affected machines.

You can secure network communications on Windows 2000-based computers if you use Internet Protocol Security (IPSec). Detailed information on IPSec and how to apply filters can be found in Microsoft Knowledge Base Article 313190 and 813878. Make sure that CIS and RPC over HTTP are disabled on all affected machines.
More information on how to disable CIS can be found in Microsoft Knowledge Base Article 825819.
For information regarding RPC over HTTP, see https://docs.microsoft.com/en-us/windows/win32/rpc/rpc-over-http-security?redirectedfrom=MSDN

• Disable DCOM on all affected machines

When a computer is part of a network, the DCOM wire protocol enables COM objects on that computer to communicate with COM objects on other computers. You can disable DCOM for a particular computer to help protect against this vulnerability, but doing so will disable all communication between objects on that computer and objects on other computers.
If you disable DCOM on a remote computer, you will not be able to remotely access that computer afterwards to re-enable DCOM. To re-enable DCOM, you will need physical access to that computer.
Information on how to disable DCOM is available in Microsoft Knowledge Base Article 825750.

Note: For Windows 2000, the methods described above will only work on systems running Service Pack 3 or later. Customers using Service Pack 2 or below should upgrade to a later Service Pack or use one of the other workarounds.

Top of section
Patch availability

Download locations for this patch

• Windows NT 4.0

• Windows NT 4.0 Terminal Server Edition

• Windows 2000

• Windows XP 32 bit Edition

• Windows XP 64 bit Edition

• Windows Server 2003 32 bit Edition

• Windows Server 2003 64 bit Edition

Additional information about this patch

Installation platforms:

• The Windows NT 4.0 patch can be installed on systems running Service Pack 6a.

• The Windows NT 4.0, Terminal Server Edition patch can be installed on systems running Windows NT 4.0, Terminal Server Edition Service Pack 6.

• The Windows 2000 patch can be installed on systems running Windows 2000 Service Pack 2, Service Pack 3, or Service Pack 4.

• The patch for Windows XP can be installed on systems running Windows XP Gold or Service Pack 1.

• The patch for Windows Server 2003 can be installed on systems running Windows Server 2003 Gold.

Inclusion in future service packs:

The fix for this issue will be included in Windows 2000 Service Pack 5, Windows XP Service Pack 2, and Windows Server 2003 Service Pack 1.

Reboot needed: Yes.

Patch can be uninstalled: Yes.

Superseded patches:

• The Windows 2000 and Windows XP patches supercede the Windows 2000 and Windows XP patches discussed in Microsoft Security Bulletin MS03-010.

• This patch supercedes the patch provided with Microsoft Security Bulletin MS01-048 for Microsoft Windows NT 4.0.

Verifying patch installation:

• Windows NT 4.0:

To verify that the patch has been installed on the machine, confirm that all files listed in the file manifest in Knowledge Base article 823980 are present on the system.

• Windows NT 4.0 Terminal Server Edition:

To verify that the patch has been installed on the machine, confirm that all files listed in the file manifest in Knowledge Base article 823980 are present on the system.

• Windows 2000:

To verify that the patch has been installed on the machine, confirm that the following registry key has been created on the machine:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB823980.

To verify the individual files, use the date/time and version information provided in the file manifest in Knowledge Base article 823980 are present on the system.

• Windows XP

• If installed on Windows XP Gold:

To verify that the patch has been installed on the machine, confirm that the following registry key has been created on the machine:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP1\KB823980
To verify the individual files, use the date/time and version information provided in the file manifest in Knowledge Base article 823980 are present on the system.

• If installed on Windows XP Service Pack 1:

To verify that the patch has been installed on the machine, confirm that the following registry key has been created on the machine:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB823980.
To verify the individual files, use the date/time and version information provided in the file manifest in Knowledge Base article 823980 are present on the system.

• Windows Server 2003:

To verify that the patch has been installed on the machine, confirm that the following registry key has been created on the machine:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Window Server 2003\SP1\KB823980.
To verify the individual files, use the date/time and version information provided in the file manifest in Knowledge Base article 823980 are present on the system.

Caveats:

None

Localization:

Localized versions of this patch are available at the locations discussed in "Patch Availability".

Obtaining other security patches:

Patches for other security issues are available from the following locations:

• Security patches are available from the Microsoft Download Center, and can be most easily found by doing a keyword search for "security_patch".

• Patches for consumer platforms are available from the WindowsUpdate web site

Top of section
Top of section
Other information:
Acknowledgments

Microsoft thanks The Last Stage of Delirium Research Group for reporting this issue to us and working with us to protect customers.

Support:

• Microsoft Knowledge Base article 823980 discusses this issue and will be available approximately 24 hours after the release of this bulletin. Knowledge Base articles can be found on the Microsoft Online Support web site.

• Technical support is available from Microsoft Product Support Services. There is no charge for support calls associated with security patches.

Security Resources: The Microsoft TechNet Security Center Web site provides additional information about security in Microsoft products.

Disclaimer:

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions:

• V1.0 (July 16, 2003): Bulletin Created.

• V1.1 (July 18, 2003): Mitigating factors and Workaround section updated to reflect additional ports.

• V1.2 (July 21, 2003): Added Windows XP gold patch verification registry key.

• V1.3 (July 27, 2003): Updated Workaround section to include additonal information about how to disable DCOM.

• V1.4 (August 12, 2003): Updated to include information about Windows 2000 Service Pack 2 support for this patch and updated bulletin with additonal workaround information.

• V1.5 (August 14, 2003): Added details for scanner tool.

• V1.6 (August 15, 2003): Updated download links, removed the word "Server" from the NT4 link.

• V1.7 (August 18, 2003): Corrected minor formatting errors in the Frequently Asked Questions section.

• V1.8 (August 21, 2003): Updated supercedence information in the Additional Information section.

• V1.9 (August 25, 2003): Updated to include information about Windows NT 4.0 Workstation Service Pack 6a support for this patch

• V2.0 (September 10, 2003): Updated to include information about the release of MS03-039 and tool supercedence.

Top of section
0
Réponse 27 / 31
cybernad
 
Microsoft Security Bulletin MS03-001
Unchecked Buffer in Locator Service Could Lead to Code Execution (810833)

Originally posted: January 22, 2003

Summary
Who should read this bulletin:
Customers using Microsoft® Windows® NT 4.0, Windows 2000, or Windows XP.

Impact of vulnerability:
Run code of the attacker's choice

Maximum Severity Rating:
Critical

Recommendation:
Customers running Windows NT 4.0 server or Windows 2000 server should apply the patch immediately. Customers who are running Windows NT 4.0 Workstation, Windows 2000 workstation, and Windows XP should install the patch at the earliest opportunity.

Affected Software:

• Microsoft Windows NT 4.0

• Microsoft Windows NT 4.0, Terminal Server Edition

• Microsoft Windows 2000

• Microsoft Windows XP

End User Bulletin:
An end user version of this bulletin is available at: https://www.microsoft.com/fr-fr/security?rtc=1

Top of section
General Information
Technical details

Technical description:

The Microsoft Locator service is a name service that maps logical names to network-specific names. It ships with Windows NT 4.0, Windows 2000, and Windows XP. By default, the Locator service is enabled only on Windows 2000 domain controllers and Windows NT 4.0 domain controllers; it is not enabled on Windows NT 4.0 workstations or member servers, Windows 2000 workstations or member servers, or Windows XP.

A security vulnerability results from an unchecked buffer in the Locator service. By sending a specially malformed request to the Locator service, an attacker could cause the Locator service to fail, or to run code of the attacker's choice on the system.

Mitigating factors:

• The Locator service is not enabled by default on any affected versions of Windows with the exception of Windows 2000 domain controllers and Windows NT 4.0 domain controllers.

• A properly-configured firewall would block the calls to the Locator service, which would protect an affected machine from an Internet-based attack.

Severity Rating:

Windows NT 4.0 (Workstations and Member Servers)
Moderate

Windows NT 4.0 (Domain Controllers Only)
Critical

Windows NT 4.0, Terminal Server Edition
Moderate

Windows 2000 (Workstations and Member Servers)
Moderate

Windows 2000 (Domain Controllers Only)
Critical

Windows XP
Moderate

The above assessment is based on the types of systems affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them.

Vulnerability identifier: CAN-2003-0003

Tested Versions:

Microsoft tested Windows NT 4.0, Windows 2000, and Windows XP to assess whether they are affected by this vulnerability. The Locator service was not available in versions of Windows prior to Windows NT 4.0.

Top of section
Frequently asked questions

What's the scope of the vulnerability?
This is a buffer overrun vulnerability. An attacker who successfully exploited this vulnerability could cause the Locator service to fail, or could cause code of the attacker's choice to be executed with system privileges.
The Locator service is not enabled by default except on Windows 2000 domain controllers and Windows NT 4.0 domain controllers. A properly-configured firewall would block the calls to the Locator service, which would protect an affected machine from an Internet-based attack.

What causes the vulnerability?
The vulnerability results because of an unchecked buffer in the Microsoft Locator service. If the Locator service was called using a specially malformed argument, it could have the effect of overrunning the buffer.

What is the Locator service?
The Microsoft Locator service is a name service that maps names to objects. The name is a logical name that is easy for users to recognize and use. The Locator service ships with Windows NT 4.0, Windows 2000, and Windows XP.

What is the Locator service used for?
A client that is going to make a Remote Procedure Call (RPC) can call the Locator service to resolve a logical name for a network object to a network-specific name for use in the RPC. For example, if a print server has the logical name "laserprinter", an RPC client could call the Locator service to find out the network-specific name that mapped to "laserprinter". The RPC client uses the network-specific name when it makes the RPC call to the service.
By default, the Locator service is only enabled on Windows 2000 domain controllers and Windows NT 4.0 domain controllers. An administrator could enable the Locator service on any Windows NT 4.0, Windows 2000, or Windows XP system.

What is a Remote Procedure Call?
A Remote Procedure Call is an interprocess communication technique which allows client/server software to communicate. RPC can be used in client/server applications based on Microsoft Windows operating systems and can also be used in heterogeneous network environments that include other operating systems.

What's wrong with Locator service?
There is a flaw in the way the Locator service handles certain parameter information that is passed to it. Specially malformed parameter data could be passed to the Locator service and could cause a buffer to be overrun.

What could this vulnerability enable an attacker to do?
If an attack were successful, this vulnerability could enable an attacker to cause the Locator service to fail, or to be able to run code on the system.

How could an attacker exploit this vulnerability?
An attacker could seek to exploit this vulnerability by forming an RPC call that would employ the Locator service to resolve a logical name, and using the RPC call to pass specially malformed data.
Because a properly configured firewall that blocked NetBIOS traffic would block access to the Locator service from the Internet, a successful attack would need to be launched from an organization's internal network.

Does the Locator service require authentication?
No, the system making the RPC request does not have to be authenticated by the system running the Locator service.

Could this vulnerability be exploited from the Internet?
A properly-configured firewall would block the calls to the Locator service, which would protect an affected machine from an Internet-based attack. An attacker would be much more likely to attempt to exploit this vulnerability from an organization's internal network.

How do I tell if the Locator service is enabled?
The status of the "Remote Procedure Call (RPC) Locator" service and how it is started (automatically or manually) can be viewed in the Control Panel. For Windows 2000 and Windows XP, use Control Panel | Administrative Tools | Services, and on Windows NT 4.0, use Control Panel | Services.
It is also possible to determine the status of the Locator service from the command line by entering:

net start

A list of services will be displayed. If "Remote Procedure Call (RPC) Locator" appears in the list, then the locator service is running.

Are there any applications that enables the locator service on member servers?
Yes - There are several applications, for example Microsoft Exchange Server, that enable the locator service on member servers. Microsoft recommends customers to install the patch at their earliest opportunity on all systems that have the locator service enabled.

If I am not using the Locator service, can I disable it?
Yes. An administrator can disable the Locator service by setting the RpcLocator service status to "disabled" in the services control panel.
The service can also be stopped via the command line using the sc.exe program, which ships with Windows XP and is included as part of the Windows 2000 Resource Kit. The following command will stop the service:

sc stop RpcLocator

To disable the service using the command line tool, use the following:

sc config RpcLocator start= disabled

What systems would be at greatest risk from this vulnerability?
Only Windows 2000 domain controllers and Windows NT 4.0 domain controllers have the Locator service enabled by default, so those would be the systems at greatest risk. The Locator service can be enabled on Windows NT 4.0, Windows NT 4.0, Terminal Server Edition, Windows 2000, and Windows XP.

What does the patch do?
The patch addresses the vulnerability by correctly handling the information passed to the RPC Locator service.

Top of section
Patch availability

Download locations for this patch

• Windows NT 4.0:

• All except Japanese NEC and Chinese - Hong Kong

• Japanese NEC

• Chinese - Hong Kong

• Windows NT 4.0, Terminal Server Edition:

• All

• Windows 2000:

• All except Japanese NEC

• Japanese NEC

• Windows XP:

• 32-bit Edition

• 64-bit Edition

Additional information about this patch

Installation platforms:

• The Windows NT 4.0 patch can be installed on systems running Service Pack 6a.

• The Windows NT 4.0, Terminal Server Edition patch can be installed on systems running Windows NT 4.0, Terminal Server Edition Service Pack 6.

• The Windows 2000 patch can be installed on systems running Windows 2000 Service Pack 2 or Service Pack 3.

• The patch for Windows XP can be installed on systems running Windows XP Gold or Service Pack 1.

Inclusion in future service packs:

The fix for this issue will be included in Windows 2000 Service Pack 4 and Windows XP Service Pack 2.

Reboot needed: Yes

Patch can be uninstalled: Yes

Superseded patches: None.

Verifying patch installation:

• Windows NT 4.0:

To verify that the patch has been installed on the machine, confirm that all files listed in the file manifest in Knowledge Base article 810833 are present on the system.

• Windows NT 4.0 Terminal Server Edition:

To verify that the patch has been installed on the machine, confirm that all files listed in the file manifest in Knowledge Base article 810833 are present on the system.

• Windows 2000:

To verify that the patch has been installed on the machine, confirm that the following registry key has been created on the machine: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP4\Q810833.

To verify the individual files, use the date/time and version information provided in the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP4\Q810833\Filelist.

• Windows XP:

• If installed on Windows XP Gold:

To verify that the patch has been installed, confirm that the following registry key has been created on the machine: HKLM\Software\Microsoft\Updates\Windows XP\SP1\Q810833.

To verify the individual files, use the date/time and version information provided in the following registry key: HKLM\Software\Microsoft\Updates\Windows XP\SP1\Q810833\Filelist.

• If installed on Windows XP Service Pack 1:

To verify that the patch has been installed, confirm that the following registry key has been created on the machine: HKLM\Software\Microsoft\Updates\Windows XP\SP2\Q810833.

To verify the individual files, use the date/time and version information provided in the following registry key: HKLM\Software\Microsoft\Updates\Windows XP\SP2\Q810833\Filelist.

Caveats:

None

Localization:

Localized versions of this patch are available at the locations discussed in "Patch Availability".

Obtaining other security patches:

Patches for other security issues are available from the following locations:

• Security patches are available from the Microsoft Download Center, and can be most easily found by doing a keyword search for "security_patch".

• Patches for consumer platforms are available from the WindowsUpdate web site

Top of section
Top of section
Other information:
Acknowledgments

Microsoft thanks David Litchfield of Next Generation Security Software Ltd. (http://www.nextgenss.com) for reporting this issue to us and working with us to protect customers.

Support:

• Microsoft Knowledge Base article 810833 discusses this issue and will be available approximately 24 hours after the release of this bulletin. Knowledge Base articles can be found on the Microsoft Online Support web site.

• Technical support is available from Microsoft Product Support Services. There is no charge for support calls associated with security patches.

Security Resources: The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products.

Disclaimer:

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions:

• V1.0 (January 22, 2003): Bulletin Created.

• V1.1 (October 28, 2003): Updated bulletin to reflect recommendation for patching member servers

Top of section
0
Réponse 28 / 31
cybernad
 
Microsoft Security Bulletin MS03-049
Buffer Overrun in the Workstation Service Could Allow Code Execution (828749)

Issued: November 11, 2003
Updated: November 19, 2003
Version Number: 1.2

See all Windows bulletins released November, 2003

Summary
Who Should Read This Document:
Customers using Microsoft® Windows®

Impact of Vulnerability:
Remote Code Execution

Maximum Severity Rating:
Critical

Recommendation:
Systems administrators should apply the patch immediately.

Security Update Replacement:
None

Caveats:
None

Tested Software and Security Update Download Locations:

Affected Software

• Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4 - Download the update

• Microsoft Windows XP, Microsoft Windows XP Service Pack 1 - Download the update from MS03-043 (828035)

• Microsoft Windows XP 64-Bit Edition - Download the update from MS03-043 (828035)

Note: There is no Windows XP version of the MS03-049 security update. The Windows XP security updates that released as part of Security Bulletin MS03-043 (828035) include the updated file that helps protect from this vulnerability. The Windows XP download links in this bulletin link to the Windows XP MS03-043 security update. If you have applied the Windows XP security updates for MS03-043 (828035) you do not have to reapply the update to be protected against the vulnerability described in this bulletin. However, the Windows 2000 security update that is released as part of this security bulletin contains updated files that were not part of the MS03-043 (828035) security bulletin. Customers have to apply this Windows 2000 security update even if they applied the Windows 2000 security updates for MS03-043 (828035). Future updates to the MS03-043 Windows XP security update may be released, they will also contain the necessary files to be protected against this vulnerability.

Non Affected Software

• Microsoft Windows NT Workstation 4.0, Service Pack 6a

• Microsoft Windows NT Server 4.0, Service Pack 6a

• Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6

• Microsoft Windows Millennium Edition

• Microsoft Windows XP 64-Bit Edition Version 2003

• Microsoft Windows Server 2003

• Microsoft Windows Server 2003 64-Bit Edition

The software listed above has been tested to determine if the versions are affected. Other versions are no longer supported, and may or may not be affected.

Top of section
General Information
Technical Details

Technical description:

A security vulnerability exists in the Workstation service that could allow remote code execution on an affected system. This vulnerability results because of an unchecked buffer in the Workstation service.

If exploited, an attacker could gain System privileges on an affected system, or could cause the Workstation service to fail. An attacker could take any action on the system, including installing programs, viewing data, changing data, or deleting data, or creating new accounts with full privileges.

Mitigating factors:

• If users have blocked inbound UDP ports 138, 139, 445 and TCP ports 138, 139, 445 by using a firewall an attacker would be prevented from sending messages to the Workstation service. Most firewalls, including Internet Connection Firewall in Windows XP, block these ports by default.

• Disabling the Workstation service will prevent the possibility of attack. However there are a number of impacts when performing this workaround. Please see the Workaround section for more details.

• Only Windows 2000 and Window XP are affected. Other operating systems are not vulnerable to this attack.

Severity Rating:

Microsoft Windows 2000
Critical

Microsoft Windows XP
Critical

The above assessment is based on the types of systems affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them.

Vulnerability identifier: CAN-2003-0812

Top of section
Workarounds

Microsoft has tested the following workarounds that apply to this vulnerability. These workarounds help block known attack vectors, however they will not correct the underlying vulnerability. Workarounds may reduce functionality in some cases; in such cases, the reduction in functionality is identified below.

• Block UDP ports 138, 139, 445 and TCP ports 138, 139, 445 at your firewall.

These ports are used to accept a Remote Procedure Call (RPC) connection at a remote computer. Blocking them at the firewall will help prevent systems behind that firewall from being attacked by attempts to exploit this vulnerability.

• Use a personal firewall such as Internet Connection Firewall, which is included with Windows XP.

If you use the Internet Connection Firewall feature in Windows XP to help protect your Internet connection, Internet Connection Firewall blocks inbound traffic from the Internet or from the intranet by default.

To enable the Internet Connection Firewall feature by using the Network Setup Wizard:

1.
Click Start, and then click Control Panel.

2.
In the default Category View, click Network and Internet Connections, and then click Setup or change your home or small office network. The Internet Connection Firewall feature is enabled when you select a configuration in the Network Setup Wizard that indicates that your computer is connected directly to the Internet.

To configure Internet Connection Firewall manually for a connection:

1.
Click Start, and then click Control Panel.

2.
In the default Category View, click Networking and Internet Connections, and then click Network Connections.

3.
Right-click the connection on which you want to enable Internet Connection Firewall, and then click Properties.

4.
Click the Advanced tab.

5.
Select the Protect my computer or network by limiting or preventing access to this computer from the Internet check box, and then click OK.

Note: If you want to enable the use of some applications and services through the firewall, click Settings on the Advanced tab, and then select the programs, the protocols, and the services.

• Enable advanced TCP/IP filtering on Windows 2000-based systems and on Windows XP-based systems.

You can enable advanced TCP/IP filtering to block all unsolicited, inbound traffic. For additional information about how to configure TCP/IP filtering, click the following article number to view the article in the Microsoft Knowledge Base:

309798 HOW TO: Configure TCP/IP Filtering in Windows 2000

• Disable the Workstation service.

You can disable the Workstation service to help prevent the possibility of an attack.

To disable the Workstation service on Windows XP:

• Click Start, and then click Control Panel.

• In the default Category View, click Performance and Maintenance.

• Click Administrative Tools.

• Double-click Services.

• Double-click Workstation.

• On the General tab, click Disabled in the Startup type list.

• Click Stop under Service status, and then click OK.

To disable the Workstation service on Windows 2000:

• Click Start, point to Settings, and then click Control Panel.

• Double-click Administrative Tools.

• Double-click Services.

• Double-click Workstation.

• On the General tab, click Disabled in the Startup type list.

• Click Stop under Service status, and then click OK.

Impact of Workaround: If the Workstation service is disabled, the system cannot connect to any shared file resources or shared print resources on a network. Only use this workaround on stand-alone systems (such as many home systems) that do not connect to a network. If the Workstation service is disabled, any services that explicitly depend on the Workstation service do not start, and an error message is logged in the system event log. The following services depend on the Workstation service:

• Alerter

• Browser

• Messenger

• Net Logon

• RPC Locator

These services are required to access resources on a network and to perform domain authentication. Internet connectivity and browsing for stand-alone systems, such as users on dial-up connections, on DSL connections, or on cable modem connections, should not be affected if these services are disabled.

Note: The Microsoft Baseline Security Analyzer will not function if the Workstation service is disabled. It is possible that other applications may also require the Workstation service. If an application requires the Workstation service, simply re-enable the service. This can be performed by changing the Startup Type for the Workstation service back to Automatic and restarting the system.

Top of section
Frequently Asked Questions

What is the scope of the vulnerability?
This is a buffer overrun vulnerability. An attacker who successfully exploited this vulnerability could allow remote code execution with System privileges on an affected system, or an attacker could cause the Workstation service to fail. The attacker could then take any action on the system, including installing programs, viewing data, changing data, or deleting data, or creating new accounts with full privileges.

What causes the vulnerability?
The vulnerability results because of an unchecked buffer within the Workstation service.

What is the Workstation Service?
Both local file system requests and remote file or print network requests are routed through the Workstation service. This service determines where the resource is located and then routes the request to the local file system or to the networking components. When the Workstation service is stopped, all requests are assumed to be local requests. For a detailed understanding of the Windows networking architecture, visit the following Microsoft Web site: https://www.microsoft.com/fr-fr/ /technet/prodtechnol/windows2000serv/reskit/cnet/cnad_arc_tfgi.mspx

What could this vulnerability enable an attacker to do?
An attacker who successfully exploited this vulnerability could cause code to execute with System privileges on an affected system or could cause the Workstation service to fail. An attacker could then take any action on the system, including installing programs, viewing data, changing data, or deleting data, or creating new accounts with full privileges.

Who could exploit the vulnerability?
Any anonymous user who could deliver a malformed message to the Workstation service on an affected system could attempt to exploit this vulnerability. Because the Workstation service is enabled by default in all versions of Windows, this means that any user who could establish a connection with an affected system could attempt to exploit this vulnerability.

How could an attacker exploit this vulnerability?
An attacker could seek to exploit this vulnerability by creating a specially-crafted network message and by sending the message to the Workstation service on an affected system. Receipt of such a message could cause the Workstation service on the vulnerable system to fail in such a way that could allow the Workstation service to execute code.
An attacker could also access the affected component through another vector, such as one that would involve logging onto the system interactively or by using another application that passed parameters to the vulnerable component (locally or remotely).

What does the update do?
The update eliminates the vulnerability by ensuring that the Workstation service properly validates the length of a message before passing the message to the allocated buffer.

Why does the Windows XP update reference the MS03-043 Security Bulletin?
There is no Windows XP version of the MS03-049 security update. The Windows XP security updates that released as part of Security Bulletin MS03-043 (828035) include the updated file that helps protect from this vulnerability. The Windows XP download links in this bulletin link to the Windows XP MS03-043 security update. If you have applied the Windows XP security updates for MS03-043 (828035) you do not have to reapply the update to be protected against the vulnerability described in this bulletin. However, the Windows 2000 security update that is released as part of this security bulletin contains updated files that were not part of the MS03-043 (828035) security bulletin. Customers have to apply this Windows 2000 security update even if they applied the Windows 2000 security updates for MS03-043 (828035). Future updates to the MS03-043 Windows XP security update may be released, they will also contain the necessary files to be protected against this vulnerability.

Top of section
Security Update Information

Installation platforms and Prerequisites:

For information about the specific security update for your platform, click the appropriate link:

Windows XP (all versions)

Note: There is no Windows XP version of the MS03-049 security update. The Windows XP security updates that released as part of Security Bulletin MS03-043 (828035) include the updated file that helps protect from this vulnerability. The Windows XP download links in this bulletin link to the Windows XP MS03-043 security update. If you have applied the Windows XP security updates for MS03-043 (828035) you do not have to reapply the update to be protected against the vulnerability described in this bulletin. However, the Windows 2000 security update that is released as part of this security bulletin contains updated files that were not part of the MS03-043 (828035) security bulletin. Customers have to apply this Windows 2000 security update even if they applied the Windows 2000 security updates for MS03-043 (828035). Future updates to the MS03-043 Windows XP security update may be released, they will also contain the necessary files to be protected against this vulnerability. For complete Windows XP security update details please consult the MS03-043 security bulletin

Top of section
Windows 2000 (all versions)

Prerequisites

For Windows 2000 this security update requires Service Pack 2 (SP2), Service Pack 3 (SP3), or Service Pack 4 (SP4).

For information about the Windows desktop product life cycle, visit the following Microsoft Web site: https://docs.microsoft.com/en-us/lifecycle/

For additional information, click the following article number to view the article in the Microsoft Knowledge Base: 260910 How to Obtain the Latest Windows 2000 Service Pack

Inclusion in future service packs:

The fix for this issue will be included in Windows 2000 Service Pack 5.

Installation Information

This security update supports the following Setup switches:

/help Displays the command line options

Setup Modes

/quiet Quiet mode (no user interaction or display)

/passive Unattended mode (progress bar only)<

/uninstall Uninstalls the package

Restart Options

/norestart Do not restart when installation is complete

/forcerestart Restart after installation

Special Options

/l Lists installed Windows hotfixes or update packages

/o Overwrite OEM files without prompting

/n Do not backup files needed for uninstall

/f Force other programs to close when the computer shuts down

Note: For backward compatibility, the security update also supports the setup switches used by the previous version of the setup utility, however usage of the previous switches should be discontinued as this support may be removed in future security updates.

Deployment Information

To install the security update without any user intervention, use the following command line for Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4:

Windows2000-kb828749-x86-enu /passive /quiet

To install the security update without forcing the computer to restart, use the following command line for Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4:

Windows2000-kb828749-x86-enu /norestart

Note: You can combine these switches into one command line.

For information about how to deploy this security update with Software Update Services, visit the following Microsoft Web site:

https://azure.microsoft.com/en-us/?ocid=cloudplat_hp

Restart Requirement

You must restart your computer after you apply this security patch.

Removal Information

To remove this security update, use the Add/Remove Programs tool in Control Panel.

System administrators can use the Spuninst.exe utility to remove this security update. The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB828749$\Spuninst folder, and it supports the following Setup switches:

/?: Show the list of installation switches.

/u: Use unattended mode.

/f: Force other programs to quit when the computer shuts down.

/z: Do not restart when the installation is complete.

/q: Use Quiet mode (no user interaction).

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4:

Date Time Version Size File Name
02-Oct-2003
22:53
5.00.2195.6862
96,528
Wkssvc.dll

Verifying Update Installation

To verify that the security update is installed on your computer use the Microsoft Baseline Security Analyzer (MBSA) tool. For additional information about MBSA, click the following article number to view the article in the Microsoft Knowledge Base:

320454 Microsoft Baseline Security Analyzer Version 1.1.1 Is Available

You may also be able to verify the files that this security update installed by reviewing the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB828749\Filelist

Note: This registry key may not be not created properly when an administrator or an OEM integrates or slipstreams the 828749 security update into the Windows installation source files.

Top of section
Top of section
Acknowledgments

Microsoft thanks the following for working with us to protect customers:

• eEye Digital Security for reporting the issue in MS03-049.

Obtaining other security updates:

Updates for other security issues are available from the following locations:

• Security updates are available from the Microsoft Download Center, and can be most easily found by doing a keyword search for "security_patch".

• Updates for consumer platforms are available from the Windows Update web site

Support:

• Technical support is available from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls associated with security patches.

• International customers can get support from their local Microsoft subsidiaries. There is no charge for support associated with security updates. Information on how to contact Microsoft support is available at https://support.microsoft.com/en-us

Security Resources:

• The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products.

• Microsoft Software Update Services: https://azure.microsoft.com/en-us/?ocid=cloudplat_hp

• Microsoft Baseline Security Analyzer (MBSA) details: https://docs.microsoft.com/en-us/ Please see https://support.microsoft.com/en-us for list of security updates that have detection limitations with MBSA tool.

• Windows Update Catalog: https://support.microsoft.com/en-us

• Windows Update: http://www.update.microsoft.com/windowsupdate/v6/default.aspx

• Office Update: http://office.microsoft.com/officeupdate/

Software Update Services (SUS):

Microsoft Software Update Services (SUS) enables administrators to quickly and reliably deploy the latest critical updates and security updates to Windows® 2000 and Windows Server™ 2003-based servers, as well as to desktop computers running Windows 2000 Professional or Windows XP Professional.

For information about how to deploy this security patch with Software Update Services, visit the following Microsoft Web site:

https://azure.microsoft.com/en-us/?ocid=cloudplat_hp

Systems Management Server (SMS):

Systems Management Server can provide assistance deploying this security update. For information about Systems Management Server visit the SMS Web Site. SMS also provides several additional tools to assist administrators in the deployment of security updates such as the SMS 2.0 Software Update Services Feature Pack and the SMS 2.0 Administration Feature Pack. The SMS 2.0 Software Update Services Feature Pack utilizes the Microsoft Baseline Security Analyzer and the Microsoft Office Detection Tool to provide broad support for security bulletin remediation. Some software updates may require administrative rights following a restart of the computer.

Note: The inventory capabilities of the SMS 2.0 Software Update Services Feature Pack may be used for targeting updates to specific computers, and the SMS 2.0 Administration Feature Pack's Elevated Rights Deployment Tool can be used for installation. This provides optimal deployment for updates that require explicit targeting using Systems Management Server and administrative rights after the computer has been restarted.

Disclaimer:

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions:

• V1.0 (November 11, 2003): Bulletin published

• V1.1 November 11, 2003: Updated the File Manifest and Restart Requirement sections for Windows 2000.

• V1.2 November 19, 2003: Updated Information Relating to the Windows XP Security Update.

Voilà donc les trois explications dirons nous suite aux messages d'erreurs données par Worms Door
0
Réponse 29 / 31
cybernad
 
Re bonjour,

personne n'a d'idée ?

Je suis dans la semoule et maintenant j'ai un soucis avec userinit.exe qui ne démarre pas.

Pour utiliser mon pc je dois lorsque mon bureau s'affiche vide seul le papier peint s'active faire ctrl alt del pour pouvoir executer des taches via le gestionnaire.

Aidez-moi svp sans devoir formater car je n'ai pas de système d'exploitation sous la main

Merci
0
Réponse 30 / 31
mantis6521 Messages postés 83 Statut Membre
 
Pour ceux qui ont des problèmes avec Windows media player qui plante et message d'erreur indiv01.key
Allez dans C:\Documents and Settings\All Users\DRM\Cache

Et effacer tout ce qui se trouve dedans.
0
Réponse 31 / 31
adama02
 
en fait je te conseille de contacter ce monsieur. un as d'internet... Mengue Christian Ulrich . il pourra vous donnez donner des explications. merci
son lien est
https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fhome.php#/profile.php?id=1664400259
0

Discussions similaires

mise à jour boitier X96 mini
Brunoche -
Vico -

3 réponses
Mise à jour impossible à terminer
jeannets -
Salv -

27 réponses