The severity of the issue and the fact that the security vulnerability was already exploited actively made the out of band release a necessity.

This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

windows security update

The patch is available via Windows Update, or via Microsoft Download. Windows users are encouraged to download and install the patch as soon as possible to protect their operating system from attacks exploiting the issue.

Additional information about the issue, deployment of the patch and vulnerability information are available at the Microsoft Security Bulletin.

• STOP 0×0000007A
• STOP 0×00000077
• STOP 0×000000F4

The cause for those error messages are SATA hard drives that require more than 10 seconds. The timeout of the SATA driver in Windows 7 and Windows Server 2008 R2 is set to ten seconds and the error message is produced as a result of this timeout.

Only large SATA hard drives are affected according to Microsoft. Large hard drives seem to be those with a capacity of 1 Terabyte or larger.

Consider the following scenario:

* You have a computer that is running Windows 7 or Windows Server 2008 R2.
* The computer has a Serial Advanced Technology Attachment (SATA) hard disk.
* The size of the SATA hard disk is large. For example, the size of the SATA hard disk is 1 terabyte (TB).
* You put the computer into the Sleep state or into the Hibernate state.
* You try to resume the computer.

In this scenario, you receive one of the following Stop error messages:

*
STOP 0x0000007A
*
STOP 0×00000077
*
STOP 0x000000F4

Windows 7 and Windows Server 2008 R2 users who are experiencing these difficulties are asked to install the patch that Microsoft has released on their support website.

Other users do not need to install this patch which will be integrated into Windows 7 Service Pack 1 which Microsoft aims to release in 2010.

While this works as intended in the 32-bit edition of Windows Vista it does not in the 64-bit edition as it is still possible for users to access Internet Explorer from the Windows start menu. The hotfix corrects the issue so that the function is working as intended on 64-bit editions of Windows Vista as well.

The second problem affects the 64-bit editions of Windows Vista, Windows Server 2003 and Windows Server 2008. Microsoft describes the problem the following way:

The Image Delivery server that runs the 64-bit version of Windows Server 2008 or of Windows Server 2003 stops delivering images when you deploy an operating system by using an image-based installation method

The hotfix can also be downloaded directly by visiting the Microsoft Knowledge Base article.

The security bulletin resolves three vulnerabilities in Microsoft Server Message Block (SMB) Protocol which could allow remote code execution on affected systems. An attacker could run programs, create new user accounts and view, change or delete data on the computer system. It is interesting to note that Windows 7 is affected as well even though it is not mentioned in the security bulletin.

The security vulnerability would be rated as moderate for the upcoming operating system which is why Microsoft will not provide a patch at the current time (They chose to only patch critical security vulnerabilities immediately). A patch will be released with the next public release of Windows 7.

Patches can be applied as usual through the various official update channels.

Use the following links to open the Security Bulletins directly: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution [link], Vulnerability in Microsoft Publisher Could Allow Remote Code Execution [link], Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution [link] and Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service [link].

It is as always advised to update the system as soon as possible. The first two patches have to be applied to users of Microsoft Office, the third by almost everyone and the fourth by users who use Microsoft Malware protection applications.

The uxtheme.dll patcher that I had installed on my previous system was not working anymore because Microsoft seemed to have replaced the uxtheme.dll file with a newer version which had the result that the patch failed. A quick research on the Internet brought me to Rafael’s website that offered a patched uxtheme.dll that was compatible with the English Windows XP Service Pack 3 final.

I then used the small application Replacer to replace the existing uxtheme.dll in c:\windows\system32 with the patched one. Replacer displays a command window upon execution and all that needs to be done is to drag and drop the original file and then the new file into the window. Everything else will be done by replacer.

I was able to change the theme after the next reboot.