We have just released a fix for MS03-039. This fix is
available here
http://www.microsoft.com/downloads/details.aspx
FamilyId=36A0E5FB-C7D3-4039-B42D-
ACBC446A3DE9&displaylang=en
This patch addresses a buffer overrun in the RPC Service.
We also have released a document which outlines steps you
can follow to directly patch your Windows XP Embedded
(RTM or SP1)-based devices. The content of that is
below, and will be available on the XPe homepage on
ms.com shortly (the version below is sans hyperlinks).
For a direct link to the Microsoft Security Bulletin MS-
039, please visit
http://www.microsoft.com/security/se...ulletins/ms03-
039.asp
We will have information available on
microsoft.com/windows/embedded/xp shortly.
Thanks,
Ravi, MS
Embedded Devices Group
Disclaimer: This posting is provided *AS IS* with no
warranties, and confers no rights.
Installing Microsoft QFE #824146 on Windows XP Embedded
(with and without Service Pack 1) runtimes
Windows XP Embedded customers can patch their devices to
address the critical security flaw in Windows caused by a
buffer overrun in the remote procedure call service
(RPCSS). By following the steps outlined in this
document, you can deploy a Windows XP (desktop) fix
directly to your Windows XP Embedded-based device.
.. Windows XP Embedded with Service Pack 1 customers
can use this method to directly deploy the fix to their
device.
.. If your device has Device Update Agent (DUA)
support built into it, you can use DUA to deploy the
embedded patch (located here) to your device, eliminating
the need to read this document.
Note: These steps do not detail a supported method of
applying arbitrary desktop or embedded QFEs directly to
Windows XP Embedded (with and without Service Pack 1)
runtimes.
To complete these steps, you will need:
1. The Windows XP desktop QFE package. The QFE is
#824146, and pertains to Microsoft Security Bulletin MS03-
039 (Buffer Overrun in RPCSS Could Allow Code Execution).
2. The ability to copy files to the Windows XP
Embedded device. This can be through any supported
method (direct network connection, offline file copy,
DUA, etc.) If EWF is enabled on the device, it must be
disabled before proceeding with this procedure.
Steps:
1. Download the Windows XP desktop QFE 824146
package to your development machine. Create the folder
C:\XPQFE and place it there.
2. Open a command prompt in the C:\XPQFE folder.
3. Expand the contents of the QFE package into the
folder C:\XPQFE using the following command line:
WindowsXP-KB824146-x86-ENU.exe /q /x:.
4. The C:\XPQFE\SP2 folder contains files necessary
to update a Windows XP Embedded with Service Pack 1
device. The C:\XPQFE\SP1 folder contains files necessary
to update a Windows XP Embedded device.
5. If you have a Windows XP Embedded with Service
Pack 1 runtime,
a. Copy the files from the C:\XPQFE\SP2 folder to
C:\XPEUpdate. Do not copy the contents of the
C:\XPQFE\SP2\Update folder, just the files in the root of
the C:\XPQFE\SP2 folder.
b. You should have the following files in
C:\XPEUpdate:
i. OLE32.DLL, file size 1,172,992 bytes, version
5.1.2600.1263.
ii.RPCRT4.DLL, file size 532,480 bytes, version
5.1.2600.1254.
iii.RPCSS.DLL, file size 260,608 bytes, version
5.1.2600.1263.
6. If you have a Windows XP Embedded runtime,
a. Copy the files from the C:\XPQFE\SP1 folder to
C:\XPEUpdate. Do not copy the contents of the
C:\XPQFE\SP1\Update folder, just the files in the root of
the C:\XPQFE\SP1 folder.
b. You should have the following files in
C:\XPEUpdate:
i. OLE32.DLL, file size 1,093,632 bytes, version
5.1.2600.118.
ii.RPCRT4.DLL, file size 439,296 bytes, version
5.1.2600.109.
iii.RPCSS.DLL, file size 204,288 bytes, version
5.1.2600.118.
7. For each file in C:\XPEUpdate:
a. Make sure each file is located in the
\Windows\System32 folder on the Windows XP Embedded
device.
b. Copy the file from C:\XPEUpdate to the Windows XP
Embedded device.
c. Note that files that are in use cannot be
overwritten. If you cannot copy these files to the live
Windows XP Embedded device, you will have to:
i. Use Device Update Agent to deploy the files.
ii.Copy the files offline to the device's media.
8. Using RegEdit on the Windows XP Embedded device,
add the following registry keys:
a. HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Hotfix\KB824146\Installed
Type REG_DWORD, Value=1
b. HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Hotfix\KB824146\Comments
Type REG_SZ, Value = "Windows XP Hotfix - KB824146"
c. HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Hotfix\KB824146\Backup Dir
Type REG_SZ, Value = <null>
d. HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Hotfix\KB824146\Fix Description
Type REG_SZ, Value = "Windows XP Hotfix - KB824146"
e. HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Hotfix\KB824146\Installed By
Type REG_SZ, Value = <null>
f. HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Hotfix\KB824146\Installed On
Type REG_SZ, Value = <null>
g. HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Hotfix\KB824146\Service Pack
Type REG_DWORD
i. If you are updating a Windows XP Embedded with
Service Pack 1 device
Value = 2
ii.If you are updating a Windows XP Embedded device,
Value = 1
h. HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Hotfix\KB824146\Valid
Type REG_DWORD, Value = 1
i. HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Hotfix\KB824146\File 1\Flags
Type REG_SZ, Value = <null>
j. HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Hotfix\KB824146\File 1\New File
Type REG_SZ, Value = <null>
k. HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Hotfix\KB824146\File 1\New Link Date
Type REG_SZ, Value = <null>
l. HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Hotfix\KB824146\File 1\Old Link Date
Type REG_SZ, Value = <null>
Once these changes are done, reboot the Windows XP
Embedded device to enable the hotfix.
You can then use the KB 824146 Scanning Tool located at
http://support.microsoft.com/?kbid=827363 to verify your
systems have the 824146 QFE properly installed.
Similar Threads
