Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS11-017: Vulnerability in Remote Desktop client could allow remote code execution: March 8, 2011


View products that this article applies to.

Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: Support is ending for some versions of Windows.

↑ Back to the top


INTRODUCTION

Microsoft has released security bulletin MS11-017. To view the complete security bulletin, visit one of the following Microsoft websites:

How to obtain help and support for this security update


Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

↑ Back to the top


More Information

Known issues and additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.
  • 2483614 MS11-017: Description of the security update for Remote Desktop client 7.0: March 08, 2011
  • 2483618 MS11-017: Description of the security update for Remote Desktop client 5.2: March 08, 2011
  • 2483619  Description of the Remote Desktop Connection 6.1 MUI (upgrade for RDP 6.0)

    Known issues in update 2483619:  
    • After you install this update, the Remote Desktop Connection shortcut text on the Start menu always appears in English. 
    • Consider the following scenario: You upgrade from Remote Desktop Connection 6.0 to Remote Desktop Connection 6.1. Then you run a system restore procedure. In this scenario, the system restore procedure fails to restore the Remote Desktop Connection client to Remote Desktop Connection 6.0 together with the Remote Desktop Connection 6.0 MUI.

    Frequently asked questions about update 2483619
    • Question Before I installed update 2483619, I had RDC 6.0 MUI running on Windows Server 2003. After I installed the update, I am running RDC 6.1. Why? 
      Answer Microsoft does not service RDC 6.0. Customers are migrated to RDC 6.1 with this update.
  • 2481109 MS11-017: Description of the security update for Remote Desktop client 6.0: March 08, 2011



    Known issues in security update 2481109:

    • After you install this security update on a Windows XP-based computer, you may receive an error message that resembles the following:




      :5.375: FileVersion of C:\WINDOWS\system32\mstscax.dll is Less Than 6.0.6001.0 for QFE branch
      This problem only affects Windows XP based computers that were updated by using updates to address specific issues that are not delivered by Windows Update. For example, computers that have "Limited Distribution Release" (LDR) branch updates installed.




      To work around this problem, use either of the following methods:

      • Uninstall security update 956744, and then install security update 2481109.
      • Alternatively, if you already have security update 956744 installed, you can install hotfix 967885. Then you can successful install security update 2481109.
    • If you have the Remote Desktop Connection 6.0 Multilingual User Interface Pack (MUI) installed, you must install the RDC 6.1 MUI for RDC to work with MUI.

      For more information about the Remote Desktop Connection 6.0 MUI, click the following article number to view the article in the Microsoft Knowledge Base:
      925877 Description of the Remote Desktop Connection 6.0 MUI


      For more information about the RDC 6.0 MUI, click the following article number to view the article in the Microsoft Knowledge Base:
      2483619 MS11-017: Description of the security update for Remote Desktop client 6.0 Client Multilingual User Interface (MUI): March 08, 2011
    • Connections from the Remote Desktop Microsoft Management Console (MMC) snap-in on computers that have RDC 6.1 installed do not connect to the console session on the server. (The console session is also known as the "admin" session).
    • Consider the following scenario: You upgrade from Remote Desktop Connection 6.0 to Remote Desktop Connection 6.1. Then you run a system restore procedure. In this scenario, the system restore procedure fails to restore the Microsoft Terminal Services Client (MSTSC) Remote Desktop Connection 6.0.

    • After you install this security update (the security update for MUI for Remote Desktop Connection 6.1), the Remote Desktop Connection shortcut text on the Start menu always appears in English.
    Frequently asked questions about security update 2481109
    • Question Before I installed security update 2481109, I had RDC 6.0 running. After I installed the security update, I am running RDC 6.1. Why?

      Answer Microsoft does not service RDC 6.0. Customers are migrated to RDC 6.1 with this update.

↑ Back to the top


Applies to:

↑ Back to the top

Keywords: kbsurveynew, kbsecreview, kbsecvulnerability, kbsecurity, kbsecbulletin, atdownload, kblangall, kbfix, kbexpertiseinter, kbbug, kb, kbmustloc

↑ Back to the top

Article Info
Article ID : 2508062
Revision : 1
Created on : 1/7/2017
Published on : 5/11/2012
Exists online : False
Views : 372