Microsoft Security Bulletin MS07-017
Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
Published: April 3, 2007
Version: 1.0
Summary
Who Should Read this Document: Customers who use Microsoft Windows
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately
Security Update Replacement: This bulletin replaces a prior security update. See the Frequently Asked Questions (FAQ) section of this bulletin for details.
Affected Software:
Windows 2000 Server
Windows 2000 Professional
Windows 2000 Datacenter Server
Windows 2000 Advanced Server
Windows XP Home Edition
Windows XP Professional
Windows XP Professional 64-Bit Edition
Windows Server 2003 for Small Business Server
Windows Server 2003, Datacenter Edition
Windows Server 2003, Enterprise Edition
Windows Server 2003, Standard Edition
Windows Server 2003, Web Edition
Windows Server 2003 Datacenter Edition for Itanium-based Systems
Windows Server 2003 Enterprise Edition for Itanium-based Systems
Windows Server 2003 Datacenter x64 Edition
Windows Server 2003 Enterprise x64 Edition
Windows Server 2003 Standard x64 Edition
Windows Vista
Windows Vista x64
Tested Software and Security Update Download
Locations:
Affected Software: 以下是不同系统相关的补丁下载链接(看清楚对应的系统下载)
• Microsoft Windows 2000 Service Pack 4 — Download the update
http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=zh-cn&SrcCategoryId=&SrcFamilyId=92f20599-3e7b-4217-91e6-fdcfb4c56856&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2fd%2f4%2fd%2fd4d5b707-58a9-4fbc-ab58-e20cc86db7bb%2fWindows2000-KB925902-x86-CHS.EXE
• Microsoft Windows XP Service Pack 2 — Download the update
http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=zh-cn&SrcCategoryId=&SrcFamilyId=f82ea184-945f-4b78-9463-10ac20a75020&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2f5%2f8%2f3%2f58324bce-00c5-42b7-bd05-1353c0604dab%2fWindowsXP-KB925902-x86-CHS.exe
• Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2 — Download the update
http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=zh-cn&SrcCategoryId=&SrcFamilyId=ea5e1b87-4db5-4b1a-891e-29c6bd6c0184&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2fc%2f9%2f8%2fc9801bd3-60f1-4d7f-9059-57786b2e0fb6%2fWindowsServer2003.WindowsXP-KB925902-x64-CHS.exe
• Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 Service Pack 2 — Download the update
http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=zh-cn&SrcCategoryId=&SrcFamilyId=9f73a782-deaf-46e0-b3e0-79042ff39979&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2fd%2f8%2ff%2fd8fc1f92-a8a3-490a-b8c1-70258436e37f%2fWindowsServer2003-KB925902-x86-CHS.exe
• Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems — Download the update
http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=zh-cn&SrcCategoryId=&SrcFamilyId=9f73a782-deaf-46e0-b3e0-79042ff39979&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2fd%2f8%2ff%2fd8fc1f92-a8a3-490a-b8c1-70258436e37f%2fWindowsServer2003-KB925902-x86-CHS.exe
• Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2 — Download the update
http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=zh-cn&SrcCategoryId=&SrcFamilyId=3276dd11-4e2f-4183-a542-82ac3c6d9754&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2f3%2fe%2ff%2f3ef26e17-4a40-4a26-afe9-806fc06c4135%2fWindowsServer2003.WindowsXP-KB925902-x64-CHS.exe
• Windows Vista — Download the update
http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=zh-cn&SrcCategoryId=&SrcFamilyId=d8b0e65c-5b41-46eb-92df-0b062cfcdeec&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2f0%2f4%2f7%2f0472557e-05f2-471e-a018-3286d63c51c3%2fWindows6.0-KB925902-x86.msu
• Windows Vista x64 Edition — Download the update
http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=zh-cn&SrcCategoryId=&SrcFamilyId=fb0ff2b5-05fe-4158-b4b7-da0d7f82c04b&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2fe%2fc%2f6%2fec655640-a995-436a-895a-5997bd3a7552%2fWindows6.0-KB925902-x64.msu
MS07 - 017: GDI 中的漏洞可能允许远程代码执行
注意:这篇文章是由无人工介入的自动的机器翻译系统翻译完成。这些文章是微软为不懂英语的用户提供的, 以使他们能够理解这些文章的内容。微软不保证机器翻译的正确度,也不对由于内容的误译或者客户对它的使用所引起的任何直接的, 或间接的可能的问题负责。
文章编号 : 925902
最后修改 : 2007年4月3日
修订 : 2.0
已知问题
Microsoft 已发布安全公告 MS07 - 017。 该安全公告包含有关安全更新所有相关信息。 此信息包括文件清单信息和部署选项。 要查看完整安全公告, 请访问以下 MicrosoftWeb 站点之一:
家庭用户:http://www.microsoft.com/athome/security/update/bulletins/200704oob.mspx
IT 专家:http://www.microsoft.com/technet/security/bulletin/ms07-017.mspx (http://www.microsoft.com/technet/security/bulletin/ms07-017.mspx)
已知问题
基于 Windows XP Service Pack 2 (SP 2) 上安装此安全更新后计算机, Realtek HD 音频控制面板 (Rthdcpl.exe) 可能无法启动 - 基于。 此外, 收到是类似于以下错误信息:
Rthdcpl.exe - 非法系统 DLL 定位
系统 DLL user32.dll 被定位内存中。 应用程序将不运行正常。 定位时由于 DLL C:\Windows\System32\Hhctrl.ocx 占用保留供 Windows 系统 DLL 的地址范围。 供应商提供 DLL 应能联系对新 DLL。
有关此问题, 请单击下列文章编号以查看 Microsoft 知识库中相应:
935448 (http://support.microsoft.com/kb/935448/) 可能无法启动 Realtek HD 音频控制面板, 并且启动计算机时收到错误信息: " 非法系统 DLL Re
location "。
注意 是 4月 3, 2007年, 存为 Microsoft 并不知道的任何其他受此问题影响的程序。 如果使用其他程序, 时收到类似消息请与 Microsoft 客户支持服务以获取 935448 修复程序。 如果我们确认程序都受此问题, 我们提供详细信息更新 Microsoft 知识库文章 935448
