This guidance contains recommendations and information that can help IT professionals understand how to use various tools for detection and deployment of security updates. For more information, see Microsoft Knowledge Base Article Microsoft Baseline Security Analyzer MBSA lets administrators scan local and remote systems for missing security updates as well as common security misconfigurations.
For more information, see Microsoft Baseline Security Analyzer. Windows Server Update Services WSUS enables information technology administrators to deploy the latest Microsoft product updates to computers that are running the Windows operating system. Note Microsoft discontinued support for SMS 2.
Customers are encouraged to upgrade to System Center Configuration Manager. See also Downloads for Systems Management Server For more information, see System Center. For more detailed information, see Microsoft Knowledge Base Article : Summary list of monthly detection and deployment guidance articles.
Updates often write to the same files and registry settings required for your applications to run. This can trigger incompatibilities and increase the time it takes to deploy security updates.
You can streamline testing and validating Windows updates against installed applications with the Update Compatibility Evaluator components included with Application Compatibility Toolkit. The Application Compatibility Toolkit ACT contains the necessary tools and documentation to evaluate and mitigate application compatibility issues before deploying Windows Vista, a Windows Update, a Microsoft Security Update, or a new version of Windows Internet Explorer in your environment.
For information about the specific security update for your affected software, click the appropriate link:. The following table contains the security update information for this software.
You can find additional information in the subsection, Deployment Information , in this section. When you install this security update, the installer checks whether one or more of the files that are being updated on your system have previously been updated by a Microsoft hotfix. Security updates may not contain all variations of these files. For more information about this behavior, see Microsoft Knowledge Base Article For more information about the installer, see Microsoft Knowledge Base Article For more information about the terminology that appears in this bulletin, such as hotfix , see Microsoft Knowledge Base Article See the section, Detection and Deployment Tools and Guidance , earlier in this bulletin for more information.
Because there are several editions of Microsoft Windows, the following steps may be different on your system. If they are, see your product documentation to complete these steps. You may also be able to verify the files that this security update has installed by reviewing the registry keys listed in the Reference Table in this section. These registry keys may not contain a complete list of installed files.
Also, these registry keys may not be created correctly when an administrator or an OEM integrates or slipstreams this security update into the Windows installation source files. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode. Please rate your experience Yes No.
Any additional feedback? In this article. In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. See Microsoft Knowledge Base Article Unattended Setup mode. No user interaction is required, but installation status is displayed. If a restart is required at the end of Setup, a dialog box will be presented to the user with a timer warning that the computer will restart in 30 seconds.
Quiet mode. This is the same as unattended mode, but no status or error messages are displayed. Restarts the computer after installation and force other applications to close at shutdown without saving open files first. The default setting is 30 seconds. Integrates the update into the Windows source files. These files are located at the path that is specified in the switch.
Enables verbose logging. This log details the files that are copied. For more information, see the subsection, Affected and Non-Affected Software , in this section. The security update addresses the vulnerability by correcting the way that Windows Partition Manager allocates objects in memory.
For more information about the vulnerability, see the Frequently Asked Questions FAQ subsection for the specific vulnerability entry under the next section, Vulnerability Information. The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update at the earliest opportunity using update management software, or by checking for updates using the Microsoft Update service.
See also the section, Detection and Deployment Tools and Guidance , later in this bulletin. The following software have been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected.
To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle. Where are the file information details? Refer to the reference tables in the Security Update Deployment section for the location of the file information details.
I am using an older release of the software discussed in this security bulletin. What should I do? The affected software listed in this bulletin have been tested to determine which releases are affected. Other releases are past their support life cycle. For more information about the product lifecycle, visit the Microsoft Support Lifecycle website. It should be a priority for customers who have older releases of the software to migrate to supported releases to prevent potential exposure to vulnerabilities.
To determine the support lifecycle for your software release, see Select a Product for Lifecycle Information. For more information about service packs for these software releases, see Service Pack Lifecycle Support Policy. Customers who require custom support for older software must contact their Microsoft account team representative, their Technical Account Manager, or the appropriate Microsoft partner representative for custom support options.
Customers without an Alliance, Premier, or Authorized Contract can contact their local Microsoft sales office. For contact information, visit the Microsoft Worldwide Information website, select the country in the Contact Information list, and then click Go to see a list of telephone numbers.
When you call, ask to speak with the local Premier Support sales manager. The following severity ratings assume the potential maximum impact of the vulnerability.
For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the May bulletin summary. For more information, see Microsoft Exploitability Index. An elevation of privilege vulnerability exists in the way that Windows Partition Manager handles device relations requests. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:. What is the scope of the vulnerability?
This is an elevation of privilege vulnerability. What causes the vulnerability? The vulnerability is caused when two or more processes or threads call Plug and Play PnP Configuration Manager functions at the same time. What is the component affected by this vulnerability? You would have the opportunity to download individual files on the "Thank you for downloading" page after completing your download.
Files larger than 1 GB may take much longer to download and might not download correctly. You might not be able to pause the active downloads or resume downloads that have failed.
Details Note: There are multiple files available for this download. Once you click on the "Download" button, you will be prompted to select the files you need.
File Name:. Date Published:. File Size:. System Requirements Supported Operating System. Install Instructions To start the download, click the Download button and then do one of the following, or select another language from Change Language and then click Change. Click Run to start the installation immediately. Click Save to copy the download to your computer for installation at a later time.
Related Resources Knowledge Base Article.
0コメント