MS09-044: Description of the security update for Remote Desktop Client Version 5.1: August 11, 2009

View products that this article applies to.

Introduction

Microsoft has released security bulletin MS09-044. To view the complete security bulletin, visit one of the following Microsoft Web sites:

Home users:
http://www.microsoft.com/security/updates/bulletins/200908.aspx
Skip the details: Download the updates for your home computer or laptop from the Microsoft Update Web site now:
http://update.microsoft.com/microsoftupdate
IT professionals:
http://www.microsoft.com/technet/security/bulletin/ms09-044.mspx

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

↑ Back to the top

More information

Security update 958470 updates the following binaries:

Binary name	Standard locations
Mstscax.dll	a) %Windir%\System32 b) %SystemDrive%\Program Files\Remote Desktop
Mstsc.exe	a) %Windir%\System32 b) %SystemDrive%\Program Files\Remote Desktop
Msrdp.ocx	%Windir%\Download Program Files
Msrdp.cab	a) %Windir%\Web\Tsweb b) Install path under "hklm\software\microsoft\TS Web Clients" under value "InstallDir" c) %SystemDrive%\Inetpub\Remote

Note The files are updated only if the files were already present on the client computer.

Security update 958470 updates the following binaries on the following operating systems:

	Mstscax.dll	Msrdp.ocx *	Msrdp.cab *	Mstsc.exe
Windows XP	Yes	Yes	Yes	No
Windows 2000	Yes	Yes	Yes	Yes

Note that in specific deployments on out-of-box versions of the RDC client, files may be renamed during installation. The file names listed in the "File information" in this article are the original names prior to installation.

Platform	RDP version	Name of the binary carried in the package	Name of the binary after installation
Windows XP Service Pack 2	5.1	Msrdp*.ocx	Msrdp.ocx
Windows 2000	5.1 and 5.2	2k3mstscax.dll and 2k3mstsc.exe	Mstscax.dll and Mstsc.exe

Frequently asked questions

Question Is RDC 5.0 fixed in on Windows 2000?
Answer Yes, the Windows 2000 RDC is fixed by upgrading the RDC version from 5.0 to 5.1. Therefore, there are user interface changes in the RDC client. Also, RDC 5.1 contains some additional functionality, including "redirection."

Question My RDC client is in a custom location. Will it be updated?
Answer Because of the properties of the older RDC installer, RDC clients that are located in nonstandard locations may not be updated correctly. To address this issue, we recommend that you uninstall the client, reinstall the client by using the default installation properties, and then install the security update.

Question Why do I have to install both security update 958471 and security update 958470 when I use Windows 2000 with the in-box RDC 5.0 client?
Answer Installing security update 958471 upgrades the in-box RDC 5.0 component to a version of RDC 5.1 that includes this security update. Installing security update 958470 makes no further changes to any binaries, but it still deploys a killbit that prevents the old ActiveX control from being instantiated from Internet Explorer. Therefore, we recommend that you install of both security updates on affected Windows 2000 systems.

Note Remote Desktop Connection 5.0 is also known as Terminal Services Client and is sometimes described as RDP because it is the implementation of Remote Desktop Protocol on that system.

↑ Back to the top

Question After I install security updates 958470 and 958471 on a Windows 2000-based computer, my RDC user interface changes significantly. Why?
Answer By default, Windows 2000-based computers use RDC 5.0. After you install security update 958471, the RDC client is upgraded to RDC 5.1. The newer version of RDC has following changes, compared to RDC 5.0:

Better error handling
New user interface
The ability to use the Remote Desktop Client by using the connection file
New functionality, including "redirection"

Question After I install security update 958471 or security update 958470 in Windows 2000, I experience issues with older applications.
Answer You may experience limited application-specific compatibility issues because of user interface changes that are caused by the upgrade from RDC 5.0 to RDC 5.1.

↑ Back to the top

Question After I installed security update 958470 or 958471, which upgraded my system from RDC 5.0 to RDC 5.1, I manually reinstalled RDC 5.0. Will I be re-offered the update?
Answer Security updates 958470 and 958471 upgrade the computer to RDC 5.1 from RDC 5.0. If you explicitly reinstall RDC 5.0 after deployment, this update will not be re-offered. However, we recommend that you manually download the security update and reinstall it. Note that Microsoft no longer makes RDC 5.0 available for download.

Question I have RDC 5.0 through Terminal Services Advanced Client (TSAC). However, security update 958471 is not offered to me. Why?
Answer The RDC 5.0 version that is installed through TSAC is updated by security update 958470. Therefore, security update 958470 is offered to you.

↑ Back to the top

Question Before I installed the security update, I had the RDC 5.1 version of Msrdp.ocx. After I installed the security update, I do not see the RDC 5.1 version of Msrdp.ocx. Why?
Answer After you install this security update, the RDC 5.1 version of Msrdp.ocx is upgraded to the RDC 5.2 version of Msrdp.ocx.

Question If I have an application that deploys the Remote Desktop Web Connection binaries in non-default locations, will this security update patch my installation?
Answer This update updates the Microsoft Remote Desktop Web Connection binaries in standard locations. If your redistributed Microsoft Remote Desktop Web Connection binaries are in a custom location, you will have to update custom location with the updated Microsoft Remote Desktop Web Connection binaries.

Question I installed the security update, and now if I try to use ActiveX component of MSTSC (Msrdp.ocx), I cannot connect. Why?
Answer The scenario is broken (see Figure 1) because server is not updated. Therefore, the server is still pushing the vulnerable Msrdp.ocx file to the clients. Before you install the security update, the client computer does not have the ActiveX control (Msrdp.ocx). After you install the security update, the vulnerable ActiveX ClassIds were blocked. Therefore, if you try to use the vulnerable ActiveX Msrdp.ocx by using Internet Explorer, you cannot connect until the client computer receives the new Msrdp.ocx file. To resolve the problem, follow these steps:

Reinstall the security update on the client workstation to update the older version of the Msrdp.ocx file that was downloaded from the server.

Note The Msrdp.ocx file is updated only in the standard locations.
Ask your Web server administrators to update the server-side Msrdp.cab file by using the security update. Administrators should be aware that the update updates only Msrdp.cab files that are found in the standard locations. To update Msrdp.cab files that are in custom locations, follow these steps:
1. Extract the update (KB) by using the KB /x:<path> command.
2. Copy the Msrdp.cab from <location> to the custom path.

Figure 1: The Remote Desktop Web connection will not work until the client receives an updated Msrdp.ocx file. Note that Windows Update will offer the update automatically if the vulnerable Msrdp.ocx file is available in the standard location on the computer. For more information, visit the following Microsoft Web site:

http://technet.microsoft.com/en-us/library/cc775764(WS.10).aspx

* This scenario works if you have RDC 6.0 or a later version installed on the client (workstation) computer.

↑ Back to the top

Question After I install the security update, Internet Explorer 6 and Internet Explorer 7 do not install the ActiveX component on my computer. Why?
Answer Before you install the security update, the computer does not have the ActiveX control (Msrdp.ocx). After the security update is installed, the vulnerable ActiveX ClassIds are killbitted. Therefore, after you install the update, when you try to use the vulnerable ActiveX control (Msrdp.ocx) by using Internet Explorer, you cannot connect until the client computer receives the new Msrdp.ocx file from Windows Update. There are two ways to obtain the latest Msrdp.ocx file:

From the Windows Update Web site. However, Windows Update offers the updated version of the Msrdp.ocx file automatically if the client has the vulnerable Msrdp.ocx file in "%Windir%\Download Program Files."
By installing the update from the Terminal Services Web server. However, the update replaces the Msrdp.cab file only in the standard locations.
- To update the Msrdp.cab file in a custom location, you must manually extract the update. To do this, type the following command at a command prompt:
  Packagename /x <path>
  For more information, click the following article number to view the article in the Microsoft Knowledge Base:
  832475 Description of the new features in the package installer for Windows software updates
- Copy the Msrdp.cab file from <location> to the custom path.

Question After I install the update, I do not have the Msrdp.ocx file. Why?
Answer This update updates only the files that were present on the computer before you installed the update. Therefore, if the Msrdp.ocx file was not on the Windows XP SP2-based computer before you installed the update, the Msrdp.ocx file is not downloaded to or installed on the computer. When the client obtains the Msrdp.ocx file, Windows Update reoffers the update to the client computer.

Question How to I determine I have the Msrdp.ocx file on my system?
Answer To determine whether the Msrdp.ocx file exists in the default location, run the following command at a command prompt:

dir "%windir%\downloaded program files"

Question After I install the update, I do not have the Msrdp.cab. Why?
Answer This update updates only the files that were present on the computer before you installed the update. For example, if you did not have the Msrdp.cab file on the XP SP2-based computer before you installed the update, the Msrdp.cab file is not installed on the client computer.

Question I have an old Msrdp.cab file that is being redistributed from my Terminal Server Web Server computer. Are my clients vulnerable?
Answer Your updated client computers will not be vulnerable even if the server is not updated. We strongly recommend that you apply the update on the Terminal Services Web Server so that the redistribution of vulnerable Msrdp.ocx files can be prevented to any clients that are not updated.

Question Why is security update 958470 offered to my Windows 2000-based computer even when RDP is not installed?

Answer Security update 958470 is offered to Windows 2000-based computers regardless of whether RDP is installed or not. If RDP is not installed, security update 958470 will still deploy killbits to prevent invocation of the affected RDP ActiveX control, but it will not replace any binary.

↑ Back to the top

KB offer matrix based on the RDC version and platforms

RDC versions (in-band and Microsoft-supported out-of-band releases)

	RDC 5.0	RDC 5.1	RDC 5.2	RDC 6.0	RDC 6.1
Windows Vista RTM	x	x	x	KB956744*	x
Windows Vista SP1 and Windows Vista SP2	x	x	x	x	KB956744*
Windows XP SP2	x	KB958470*	KB958469	KB956744*	KB956744*
Windows XP SP3	x	x	KB958469	x	KB956744*
Windows Server 2003 SP2	x	x	KB958469*	KB956744*	x
Windows 2000 SP4	KB958471*	KB958470*	KB958470	x	x

Note In this table, x = not applicable.
Note In this table, almost all users are represented by the scenarios in the table that contain asterisks (*).

↑ Back to the top

File information

The English (United States) version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows 2000 file information

For all supported editions of Microsoft Windows 2000 Service Pack 4

File name	File version	File size	Date	Time	Platform
2k3mstsc.exe	5.2.3790.4522	421,376	05-Jun-2009	11:48	x86
2k3mstscax.dll	5.2.3790.4524	755,200	15-Jun-2009	07:23	x86
Msrdp.ocx	5.2.3790.4522	760,320	15-Jun-2009	07:23	x86
Msrdpara.ocx	5.2.3790.4522	759,808	15-Jun-2009	07:23	x86
Msrdpchs.ocx	5.2.3790.4522	757,248	15-Jun-2009	07:23	x86
Msrdpcht.ocx	5.2.3790.4522	757,248	15-Jun-2009	07:23	x86
Msrdpcsy.ocx	5.2.3790.4522	759,808	15-Jun-2009	07:23	x86
Msrdpcustom.dll	5.0.2195.7303	16,144	30-Jun-2009	07:44	x86
Msrdpda.ocx	5.2.3790.4522	760,320	15-Jun-2009	07:23	x86
Msrdpdeu.ocx	5.2.3790.4522	761,344	15-Jun-2009	07:23	x86
Msrdpel.ocx	5.2.3790.4522	761,856	15-Jun-2009	07:23	x86
Msrdpesn.ocx	5.2.3790.4522	760,320	15-Jun-2009	07:23	x86
Msrdpfi.ocx	5.2.3790.4522	760,320	15-Jun-2009	07:23	x86
Msrdpfra.ocx	5.2.3790.4522	760,832	15-Jun-2009	07:23	x86
Msrdpheb.ocx	5.2.3790.4522	759,296	15-Jun-2009	07:23	x86
Msrdphun.ocx	5.2.3790.4522	760,320	15-Jun-2009	07:23	x86
Msrdpita.ocx	5.2.3790.4522	760,320	15-Jun-2009	07:23	x86
Msrdpjpn.ocx	5.2.3790.4522	758,272	16-Jun-2009	08:23	x86
Msrdpkor.ocx	5.2.3790.4522	758,272	15-Jun-2009	07:23	x86
Msrdpnld.ocx	5.2.3790.4522	760,832	15-Jun-2009	07:23	x86
Msrdpno.ocx	5.2.3790.4522	760,832	15-Jun-2009	07:23	x86
Msrdpplk.ocx	5.2.3790.4522	760,320	15-Jun-2009	07:23	x86
Msrdpptb.ocx	5.2.3790.4522	759,808	15-Jun-2009	07:23	x86
Msrdpptg.ocx	5.2.3790.4522	760,320	15-Jun-2009	07:23	x86
Msrdprus.ocx	5.2.3790.4522	760,832	15-Jun-2009	07:23	x86
Msrdpsve.ocx	5.2.3790.4522	760,320	15-Jun-2009	07:23	x86
Msrdptrk.ocx	5.2.3790.4522	760,320	15-Jun-2009	07:23	x86
Mstsc.chm	Not Applicable	67,569	06-Jan-2009	14:58	Not Applicable
Mstsc.exe	5.1.2600.3552	407,552	23-Apr-2009	09:05	x86
Mstscax.dll	5.1.2600.3581	655,872	15-Jun-2009	07:23	x86
Msrdp.ocx	5.2.3790.4522	760,320	04-Jun-2009	10:17	x86
Msrdpcustom.dll	5.0.2195.7303	16,144	01-Jun-2009	17:33	x86

Windows XP file information

The files that apply to a specific milestone (RTM, SPn) and service branch (QFE, GDR) are noted in the "SP requirement" and "Service branch" columns.
GDR service branches contain only those fixes that are widely released to address widespread, critical issues. QFE service branches contain hotfixes in addition to widely released fixes.
In addition to the files that are listed in these tables, this software update also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.

For all supported x86-based versions of Windows XP

File name	File version	File size	Date	Time	Platform
2k3mstsc.exe	5.2.3790.4522	421,376	05-Jun-2009	11:48	x86
2k3mstscax.dll	5.2.3790.4524	755,200	15-Jun-2009	07:23	x86
Msrdp.ocx	5.2.3790.4522	760,320	15-Jun-2009	07:23	x86
Msrdpara.ocx	5.2.3790.4522	759,808	15-Jun-2009	07:23	x86
Msrdpchs.ocx	5.2.3790.4522	757,248	15-Jun-2009	07:23	x86
Msrdpcht.ocx	5.2.3790.4522	757,248	15-Jun-2009	07:23	x86
Msrdpcsy.ocx	5.2.3790.4522	759,808	15-Jun-2009	07:23	x86
Msrdpcustom.dll	5.0.2195.7303	16,144	30-Jun-2009	07:44	x86
Msrdpda.ocx	5.2.3790.4522	760,320	15-Jun-2009	07:23	x86
Msrdpdeu.ocx	5.2.3790.4522	761,344	15-Jun-2009	07:23	x86
Msrdpel.ocx	5.2.3790.4522	761,856	15-Jun-2009	07:23	x86
Msrdpesn.ocx	5.2.3790.4522	760,320	15-Jun-2009	07:23	x86
Msrdpfi.ocx	5.2.3790.4522	760,320	15-Jun-2009	07:23	x86
Msrdpfra.ocx	5.2.3790.4522	760,832	15-Jun-2009	07:23	x86
Msrdpheb.ocx	5.2.3790.4522	759,296	15-Jun-2009	07:23	x86
Msrdphun.ocx	5.2.3790.4522	760,320	15-Jun-2009	07:23	x86
Msrdpita.ocx	5.2.3790.4522	760,320	15-Jun-2009	07:23	x86
Msrdpjpn.ocx	5.2.3790.4522	758,272	16-Jun-2009	08:23	x86
Msrdpkor.ocx	5.2.3790.4522	758,272	15-Jun-2009	07:23	x86
Msrdpnld.ocx	5.2.3790.4522	760,832	15-Jun-2009	07:23	x86
Msrdpno.ocx	5.2.3790.4522	760,832	15-Jun-2009	07:23	x86
Msrdpplk.ocx	5.2.3790.4522	760,320	15-Jun-2009	07:23	x86
Msrdpptb.ocx	5.2.3790.4522	759,808	15-Jun-2009	07:23	x86
Msrdpptg.ocx	5.2.3790.4522	760,320	15-Jun-2009	07:23	x86
Msrdprus.ocx	5.2.3790.4522	760,832	15-Jun-2009	07:23	x86
Msrdpsve.ocx	5.2.3790.4522	760,320	15-Jun-2009	07:23	x86
Msrdptrk.ocx	5.2.3790.4522	760,320	15-Jun-2009	07:23	x86
Mstsc.chm	Not Applicable	67,569	06-Jan-2009	14:58	Not Applicable
Mstscax.dll	5.1.2600.3581	655,872	15-Jun-2009	07:23	x86
Msrdp.ocx	5.2.3790.4522	760,320	04-Jun-2009	10:17	x86
Msrdpcustom.dll	5.0.2195.7303	16,144	01-Jun-2009	17:33	x86

For all supported x64-based versions of Windows XP

File name	File version	File size	Date	Time	Platform	SP requirement	Service branch
Mstscax.dll	5.1.2600.3581	655,872	05-Jun-2009	07:42	x86	SP2	SP2GDR
Msrdp.ocx	5.2.3790.4522	760,320	05-Jun-2009	20:12	x86	SP2	SP2GDR\MSRDP.CAB_CAB_FILES
Mstscax.dll	5.1.2600.3581	655,872	05-Jun-2009	10:26	x86	SP2	SP2QFE
Msrdp.ocx	5.2.3790.4522	759,808	05-Jun-2009	10:26	x86	SP2	SP2QFE\ARA
Msrdp.ocx	5.2.3790.4522	759,808	05-Jun-2009	10:26	x86	SP2	SP2QFE\BR
Msrdp.ocx	5.2.3790.4522	757,248	05-Jun-2009	10:26	x86	SP2	SP2QFE\CHS
Msrdp.ocx	5.2.3790.4522	757,248	05-Jun-2009	22:56	x86	SP2	SP2QFE\CHT
Msrdp.ocx	5.2.3790.4522	759,808	05-Jun-2009	22:56	x86	SP2	SP2QFE\CS
Msrdp.ocx	5.2.3790.4522	760,320	05-Jun-2009	10:26	x86	SP2	SP2QFE\DA
Msrdp.ocx	5.2.3790.4522	761,856	05-Jun-2009	10:26	x86	SP2	SP2QFE\EL
Msrdp.ocx	5.2.3790.4522	760,320	05-Jun-2009	10:26	x86	SP2	SP2QFE\ENU
Msrdp.ocx	5.2.3790.4522	760,320	05-Jun-2009	10:26	x86	SP2	SP2QFE\ES
Msrdp.ocx	5.2.3790.4522	760,320	05-Jun-2009	10:26	x86	SP2	SP2QFE\FI
Msrdp.ocx	5.2.3790.4522	760,832	05-Jun-2009	10:26	x86	SP2	SP2QFE\FR
Msrdp.ocx	5.2.3790.4522	761,344	05-Jun-2009	10:26	x86	SP2	SP2QFE\GER
Msrdp.ocx	5.2.3790.4522	759,296	05-Jun-2009	10:26	x86	SP2	SP2QFE\HEB
Msrdp.ocx	5.2.3790.4522	760,320	05-Jun-2009	10:26	x86	SP2	SP2QFE\HU
Msrdp.ocx	5.2.3790.4522	760,320	05-Jun-2009	10:26	x86	SP2	SP2QFE\IT
Msrdp.ocx	5.2.3790.4522	758,272	05-Jun-2009	10:26	x86	SP2	SP2QFE\JPN
Msrdp.ocx	5.2.3790.4522	758,272	05-Jun-2009	10:26	x86	SP2	SP2QFE\KOR
Msrdp.ocx	5.2.3790.4522	760,320	04-Jun-2009	23:38	x86	SP2	SP2QFE\MSRDP.CAB_CAB_FILES
Msrdp.ocx	5.2.3790.4522	760,832	05-Jun-2009	10:26	x86	SP2	SP2QFE\NL
Msrdp.ocx	5.2.3790.4522	760,832	05-Jun-2009	10:26	x86	SP2	SP2QFE\NO
Msrdp.ocx	5.2.3790.4522	760,320	05-Jun-2009	10:26	x86	SP2	SP2QFE\PL
Msrdp.ocx	5.2.3790.4522	760,320	05-Jun-2009	10:26	x86	SP2	SP2QFE\PT
Msrdp.ocx	5.2.3790.4522	760,832	05-Jun-2009	10:26	x86	SP2	SP2QFE\RU
Msrdp.ocx	5.2.3790.4522	760,320	05-Jun-2009	10:26	x86	SP2	SP2QFE\SV
Msrdp.ocx	5.2.3790.4522	760,320	05-Jun-2009	10:26	x86	SP2	SP2QFE\TR
Msrdpcustom.dll	Not Applicable	17,408	05-Jun-2009	07:42	x86	None	Not Applicable

↑ Back to the top

Applies to:

↑ Back to the top

Keywords: kbfix, kbbug, kbqfe, kbsecvulnerability, kbsecurity, kbsecbulletin, kbaccelerators, kbsurveynew, kbexpertiseinter, kbexpertisebeginner, KB958470

↑ Back to the top

Article Info

Article ID	:	958470
Revision	:	8
Created on	:	5/9/2012
Published on	:	5/9/2012
Exists online	:	False
Views	:	828

Microsoft KB Archive Search

MS09-044: Description of the security update for Remote Desktop Client Version 5.1: August 11, 2009

Introduction

How to obtain help and support for this security update

More information

Frequently asked questions

KB offer matrix based on the RDC version and platforms

File information

Windows 2000 file information

For all supported editions of Microsoft Windows 2000 Service Pack 4

Windows XP file information

For all supported x86-based versions of Windows XP

For all supported x64-based versions of Windows XP

Applies to: