Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. MS09-058: Vulnerabilities in Windows kernel could allow elevation of privilege

MS09-058: Vulnerabilities in Windows kernel could allow elevation of privilege

View products that this article applies to.

Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: Support is ending for some versions of Windows.

↑ Back to the top

INTRODUCTION

Microsoft has released security bulletin MS09-058. To view the complete security bulletin, visit one of the following Microsoft Web sites:

How to obtain help and support for this security update


Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

↑ Back to the top

More Information

Known issues with this security update

After you install this security update, you may receive a stop error message on a terminal server that is running Windows Server 2003 SP2. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

978243 A terminal server that is running Windows Server 2003 Service Pack 2 restarts unexpectedly after hotfix 971280 or security update 971486 (MS09-058) is installed


To resolve this issue, either install hotfix 978243 or security update 977165 (documented in security bulletin MS10-015). Security update 971486 is superseded by security update 977165, which includes hotfix 978243.
For more information about security update 977165, click the following article number to view the article in the Microsoft Knowledge Base:

977165 MS10-015: Vulnerabilities in Windows kernel could allow elevation of privilege

↑ Back to the top

FILE INFORMATION

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Windows 2000 file information

For all supported editions of Microsoft Windows 2000 Service Pack 4

File NameVersionDateTimeSize
mup.sys5.0.2195.700602-Dec-200400:3789,328
ntkrnlmp.exe5.0.2195.731903-Aug-200923:081,714,496
ntkrnlpa.exe5.0.2195.731903-Aug-200923:081,713,536
ntkrpamp.exe5.0.2195.731903-Aug-200923:091,735,808
ntoskrnl.exe5.0.2195.731903-Aug-200923:081,690,880

Windows XP and Windows Server 2003 file information

  • The files that apply to a specific service branch (QFE, GDR) are noted in the "Service branch" column.
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. QFE service branches contain hotfixes in addition to widely released fixes.
  • In addition to the files that are listed in these tables, this software update also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.

For all supported x86-based versions of Windows XP

File NameVersionDateTimeSizeService branch
ntkrnlmp.exe5.1.2600.361004-Aug-200901:282,136,064SP2GDR
ntkrnlpa.exe5.1.2600.361004-Aug-200900:432,057,728SP2GDR
ntkrpamp.exe5.1.2600.361004-Aug-200900:432,015,744SP2GDR
ntoskrnl.exe5.1.2600.361004-Aug-200901:302,180,352SP2GDR
ntkrnlmp.exe5.1.2600.361004-Aug-200900:192,142,720SP2QFE
ntkrnlpa.exe5.1.2600.361003-Aug-200923:322,062,976SP2QFE
ntkrpamp.exe5.1.2600.361003-Aug-200923:322,020,864SP2QFE
ntoskrnl.exe5.1.2600.361004-Aug-200900:212,185,984SP2QFE
ntkrnlmp.exe5.1.2600.585704-Aug-200902:432,145,280SP3GDR
ntkrnlpa.exe5.1.2600.585704-Aug-200901:502,066,048SP3GDR
ntkrpamp.exe5.1.2600.585704-Aug-200901:502,023,936SP3GDR
ntoskrnl.exe5.1.2600.585704-Aug-200915:142,189,184SP3GDR
ntkrnlmp.exe5.1.2600.585704-Aug-200901:242,145,280SP3QFE
ntkrnlpa.exe5.1.2600.585704-Aug-200913:172,066,176SP3QFE
ntkrpamp.exe5.1.2600.585704-Aug-200900:472,023,936SP3QFE
ntoskrnl.exe5.1.2600.585704-Aug-200901:262,189,312SP3QFE

For all supported x64-based versions of Windows Server 2003 and of Windows XP Professional x64 edition

File NameVersionDateTimeSizeCPUService branch
ntkrnlmp.exe5.2.3790.456606-Aug-200913:474,587,520X64SP2GDR
ntoskrnl.exe5.2.3790.456606-Aug-200913:474,519,424X64SP2GDR
hal.dll5.2.3790.435406-Aug-200913:44280,064X64SP2QFE
ntkrnlmp.exe5.2.3790.456606-Aug-200913:444,613,632X64SP2QFE
ntoskrnl.exe5.2.3790.456606-Aug-200913:444,540,416X64SP2QFE

For all supported x86-based versions of Windows Server 2003

File NameVersionDateTimeSizeService branch
ntkrnlmp.exe5.2.3790.456605-Aug-200903:092,488,832SP2GDR
ntkrnlpa.exe5.2.3790.456605-Aug-200901:302,300,928SP2GDR
ntkrpamp.exe5.2.3790.456605-Aug-200901:312,340,352SP2GDR
ntoskrnl.exe5.2.3790.456605-Aug-200903:072,449,408SP2GDR
ntkrnlmp.exe5.2.3790.456605-Aug-200902:512,499,584SP2QFE
ntkrnlpa.exe5.2.3790.456605-Aug-200901:412,310,656SP2QFE
ntkrpamp.exe5.2.3790.456606-Aug-200913:422,351,104SP2QFE
ntoskrnl.exe5.2.3790.456605-Aug-200902:502,458,112SP2QFE

For all supported IA-64-based versions of Windows Server 2003

File NameVersionDateTimeSizeCPUService branch
ntkrnlmp.exe5.2.3790.456606-Aug-200913:476,554,112IA-64SP2GDR
ntdll.dll5.2.3790.445506-Aug-200913:451,646,592IA-64SP2QFE
ntkrnlmp.exe5.2.3790.456606-Aug-200913:456,580,736IA-64SP2QFE
wntdll.dll5.2.3790.445506-Aug-200913:45775,168X86SP2QFE\wow

Windows Vista and Windows Server 2008 file information

  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.0.6000.16xxxWindows VistaRTMGDR
    6.0.6000.20xxxWindows VistaRTMLDR
    6.0.6001.18xxxWindows Vista SP1 and Windows Server 2008 SP1SP1GDR
    6.0.6001.22xxxWindows Vista SP1 and Windows Server 2008 SP1SP1LDR
    6.0.6002.18xxxWindows Vista SP2 and Windows Server 2008 SP2SP2GDR
    6.0.6002.22xxxWindows Vista SP2 and Windows Server 2008 SP2SP2LDR
  • Service Pack 1 is integrated into the release version of Windows Server 2008. Therefore, RTM milestone files apply only to Windows Vista. RTM milestone files have a 6.0.0000.xxxxxx version number.
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

For all supported x86-based versions of Windows Vista and Windows Server 2008

File NameVersionDateTimeSizeService branch
ntkrnlpa.exe6.0.6000.1690105-Aug-200901:583,502,152Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16901_none_6a4b28f6b6fb9243
ntoskrnl.exe6.0.6000.1690105-Aug-200901:583,467,864Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16901_none_6a4b28f6b6fb9243
ntkrnlpa.exe6.0.6000.2110105-Aug-200901:403,503,688Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21101_none_6ad49de3d019654f
ntoskrnl.exe6.0.6000.2110105-Aug-200901:403,469,896Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21101_none_6ad49de3d019654f
ntkrnlpa.exe6.0.6001.1830405-Aug-200901:523,597,896Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18304_none_6c34687ab41f6f39
ntoskrnl.exe6.0.6001.1830405-Aug-200901:523,546,184Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18304_none_6c34687ab41f6f39
ntkrnlpa.exe6.0.6001.2248905-Aug-200904:453,599,960Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22489_none_6c6c8757cd796d3e
ntoskrnl.exe6.0.6001.2248905-Aug-200904:453,547,736Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22489_none_6c6c8757cd796d3e
ntkrnlpa.exe6.0.6002.1808204-Aug-200900:043,600,456Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18082_none_6dc25a6eb1887137
ntoskrnl.exe6.0.6002.1808204-Aug-200900:043,548,216Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18082_none_6dc25a6eb1887137
ntkrnlpa.exe6.0.6002.2219105-Aug-200901:403,599,928Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22191_none_6e402703caaf139b
ntoskrnl.exe6.0.6002.2219105-Aug-200901:403,548,216Windows6.0-KB971486-x86\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22191_none_6e402703caaf139b

For all supported x64-based versions of Windows Vista and Windows Server 2008

File NameVersionDateTimeSizeCPUService branch
ntoskrnl.exe6.0.6000.1690105-Aug-200902:374,425,288X64Windows6.0-KB971486-x64\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16901_none_c669c47a6f590379
ntoskrnl.exe6.0.6000.2110105-Aug-200902:444,412,488X64Windows6.0-KB971486-x64\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21101_none_c6f339678876d685
ntoskrnl.exe6.0.6001.1830405-Aug-200902:264,691,016X64Windows6.0-KB971486-x64\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18304_none_c85303fe6c7ce06f
ntoskrnl.exe6.0.6001.2248905-Aug-200901:424,682,824X64Windows6.0-KB971486-x64\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22489_none_c88b22db85d6de74
ntoskrnl.exe6.0.6002.1808204-Aug-200900:174,698,168X64Windows6.0-KB971486-x64\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18082_none_c9e0f5f269e5e26d
ntoskrnl.exe6.0.6002.2219105-Aug-200901:394,693,576X64Windows6.0-KB971486-x64\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22191_none_ca5ec287830c84d1

For all supported IA-64-based versions of Windows Server 2008

File NameVersionDateTimeSizeCPUService branch
ntoskrnl.exe6.0.6001.1830405-Aug-200901:599,491,544IA-64Windows6.0-KB971486-ia64\ia64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18304_none_6c360c70b41d7835
ntoskrnl.exe6.0.6001.2248905-Aug-200901:479,483,848IA-64Windows6.0-KB971486-ia64\ia64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22489_none_6c6e2b4dcd77763a
ntoskrnl.exe6.0.6002.1808203-Aug-200923:579,469,000IA-64Windows6.0-KB971486-ia64\ia64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18082_none_6dc3fe64b1867a33
ntoskrnl.exe6.0.6002.2219105-Aug-200901:299,462,328IA-64Windows6.0-KB971486-ia64\ia64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22191_none_6e41caf9caad1c97

↑ Back to the top

Applies to:

↑ Back to the top

Keywords: kbsecurity, kbsecvulnerability, kb, kbsecreview, kbsurveynew, kbsecbulletin, atdownload, kblangall, kbfix, kbexpertiseinter, kbbug, kbmustloc

↑ Back to the top

Article Info
Article ID : 971486
Revision : 4
Created on : 4/17/2018
Published on : 11/6/2019
Exists online : False
Views : 413