KB935840, MS07-031, Installing WindowsXP-KB935840-x86-ENU.exe Patch using Desktop Central

How to?

Support

Download

Website

Forums

Live Demo

Patch Management Software

Desktop Central helps administrators to automate patch deployment of both Microsoft and Non-Microsoft Applications from a central point.

Windows XP Professional Patch Details

Windows XP Professional Patches

Patch Name :

WindowsXP-KB935840-x86-ENU.exe

Patch Description :

Security Update for Windows XP (KB935840)

Bulletin Id :

MS07-031

Bulletin Title :

Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)

KnowledgeBase :

935840

Severity :

Critical

Location Path :

WindowsXP-KB935840-x86-ENU.exe

Bulletin Summary:

This critical security update resolves a privately reported vulnerability in the Secure Channel (Schannel) security package in Windows. The Schannel security package implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using an Internet Web browser or used an application that makes use of SSL/TLS. However, attempts to exploit this vulnerability would most likely result in the Internet Web browser or application exiting. The system would not be able to connect to Web sites or resources using SSL or TLS until a restart of the system.

This is a critical security update for supported editions of Windows XP, important for editions of Windows 2003, and moderate for editions of Windows 2000. This security update addresses the vulnerability by modifying the way that the client parses server-key exchange data sent from the server.

A remote code execution vulnerability exists in the way that Windows Schannel on a client machine validates server-sent digital signatures. An attacker could host a specially crafted Web site that is designed to exploit these vulnerabilities through an Internet Web browser and then convince a user to view the Web site. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attackers Web site.

Superceding Bulletin Id :

MS09-007

Patch Release Date :

Jun 12, 2007

CVE Id :

CVE-2007-2218

Affected Product Information

Product Name	Service Pack Name
Windows XP Professional	Windows XP Service Pack 2

File changes

File Path	Version
%windir%\system32\schannel.dll	5.1.2600.3126

Registry changes

Registry Path	Key Name	Key Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB935840		-2

Patch Mgmt Features

Desktop Mgmt Features

Forums

Disclaimer: This webpage is intended to provide you information about patch announcements for certain specific software products. The information is provided "As Is" without warranty of any kind. The links provided point to pages on the vendors' websites. You can get more information by clicking the links to visit the relevant pages on the vendors' websites. Desktop Central is NOT endorsed by the vendors of the software products.