Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS10-083: Vulnerability in COM Validation in Windows Shell and WordPad could allow remote code execution


View products that this article applies to.

Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: Support is ending for some versions of Windows.

↑ Back to the top


INTRODUCTION

Microsoft has released security bulletin MS10-083. To view the complete security bulletin, visit one of the following Microsoft websites:

How to obtain help and support for this security update


Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

↑ Back to the top


More Information

Known issues and additional information about this security update

Update links for Windows Vista SP1 or for Windows Server 2008

Update for systems that have Windows Search 4.0 installed

Systems that have Windows Search 4.0 (update 940157) installed on Windows Vista or Windows Server 2008 must install the following update instead of the update that is provided in the security bulletin MS10-083. This is because, by default, update 940157 for Windows Search 4.0 installs a higher binary version than the binaries that are on the system. The updates that are offered by security bulletin MS10-083 will not overwrite the binary versions that are installed by update 940157.

Systems that have automatic update turned on or that use detection and deployment tools such as Microsoft Windows Server Update Services (WSUS) server will be offered the update automatically. If you have to manually install this update on Windows Vista SP1, Windows Vista SP2, Windows Server 2008, or Windows Server 2008 SP2 with Windows Search 4.0 installed, visit the following Microsoft Download Center webpages.


The following files are available for download from the Microsoft Download Center:


For Windows Vista SP1 with Windows Search 4.0 installed

Download Download the Windows6.0-KB979688-v2-x86.msu package now.

For Windows Vista SP1 x64 edition with Windows Search 4.0 installed

Download Download the Windows6.0-KB979688-v2-x64.msu package now.

For Windows Server 2008 with Windows Search 4.0 installed

Download Download the Windows6.0-KB979688-v2-x86.msu package now.

For Windows Server 2008 x64 edition with Windows Search 4.0 installed

Download Download the Windows6.0-KB979688-v2-x64.msu package now.

Release Date: October 12, 2010

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Update links for Windows Vista SP2 or for Windows Server 2008 SP2





The following updates are being offered to customers who have systems that were updated in the following order:

  1. Windows Vista SP1 or Windows Server 2008 is installed.
  2. Windows Desktop Search 4.0 is installed.
  3. The updates offered previously in this article are installed.
  4. The system is migrated to Windows Vista SP2 or to Windows Server 2008 SP2.

For Windows Vista SP2 with Windows Search 4.0 installed

Download Download the Security Update for Windows Vista Service Pack 2 package now.

For Windows Vista SP2 x64 edition with Windows Search 4.0 installed

Download Download the Security Update for Windows Vista for x64-based Systems Service Pack 2 package now.

For Windows Server 2008 SP2 with Windows Search 4.0 installed


Download Download the Security Update for Windows Server 2008 Service Pack 2 package now.

For Windows Server 2008 x64 edition SP2 with Windows Search 4.0 installed

Download Download the Security Update for Windows Server 2008 x64 Edition Service Pack 2 package now.

Release Date: December 14, 2010

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.


The following articles contain more information about this security update as it relates to individual product versions. The articles may contain information about known issues. When this is the case, the known issue is listed below each article link.
  • 979687 MS10-083: Description of the security update for WordPad: October 12, 2010

  • 979688 MS10-083: Description of the security update for Windows Shell: October 12, 2010


↑ Back to the top


FILE INFORMATION


The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.



Windows Vista and Windows Server 2008 file information

  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:



    VersionProductMilestoneService branch
    6.0.6000.16xxxWindows VistaRTMGDR
    6.0.6000.20xxxWindows VistaRTMLDR
    6.0.6001.18xxxWindows Vista SP1 and Windows Server 2008 SP1SP1GDR
    6.0.6001.22xxxWindows Vista SP1 and Windows Server 2008 SP1SP1LDR
    6.0.6002.18xxxWindows Vista SP2 and Windows Server 2008 SP2SP2GDR
    6.0.6002.22xxxWindows Vista SP2 and Windows Server 2008 SP2SP2LDR
  • Service Pack 1 is integrated into the release version of Windows Server 2008. Therefore, RTM milestone files apply only to Windows Vista. RTM milestone files have a 6.0.0000. xxxxxx version number.
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
  • The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately. MUM and MANIFEST files, and the associated security catalog (.cat) files, are critical to maintaining the state of the updated component. The security catalog files (attributes not listed) are signed with a Microsoft digital signature.

For all supported x86-based versions of Windows Vista and of Windows Server 2008

File name File version Date TimeFile Size
msshsq.dll 7.0.6001.18528 2010/09/20 18:25:01 231,936

For all supported x64-based versions of Windows Vista and of Windows Server 2008

File name File version Date TimeFile SizePlatform
msshsq.dll 7.0.6001.18528 2010/09/20 18:25:01 231,936x86
msshsq.dll 7.0.6001.18528 2010/09/20 21:14:32 316,416x64

For all supported IA-64-based versions of Windows Server 2008

File name File version Date TimeFile SizePlatform
msshsq.dll 7.0.6001.18528 2010/09/20 18:25:01 231,936x86
msshsq.dll 7.0.6001.18528 2010/09/20 21:14:32 316,416x64

↑ Back to the top


Applies to:

↑ Back to the top

Keywords: atdownload, kbbug, kbexpertiseinter, kbfix, kblangall, kbmustloc, kbsecbulletin, kbsecreview, kbsecurity, kbsecvulnerability, kbsurveynew, kb

↑ Back to the top

Article Info
Article ID : 2405882
Revision : 2
Created on : 4/13/2020
Published on : 4/13/2020
Exists online : False
Views : 341