A remote code execution vulnerability exists in the way that IIS handles input to ASP Web pages. An attacker who successfully exploited this vulnerability could then perform actions on the IIS server with the same rights as the Worker Process Identity (WPI). The WPI is configured with Network Service account privileges by default. IIS servers with ASP pages whose application pools are configured with a WPI that uses an account with administrative privileges could be more seriously impacted than IIS servers whose application pool is configured with the default WPI settings.

 

This patch is used to solve the above mentioned vulnerability. The vulnerability is described in more detail in Microsoft Security Bulletin MS08-006.
This patch may only be used on the systems with firmware release 1.4.7. Installation of the patch on other firmware releases can result in hang-up of the system.

 

 

Click on "Download now »". A browse dialogue appears: select a temporary directory for downloading the files.
 

 

The downloaded file does not need any extracting before use.
 

 

This patch will install and run only on the corresponding released for Océ VarioPrint 6xx0 R1.4.7 (software version 9.4.1.34).

The version will NOT be updated. So the software version remains 9.4.1.34.

 

Before you upgrade the patch, make sure that the system does not contain any spooled jobs.  To minimise any chance of unwanted interaction, it is adviced to clear the system as much as possible of any jobs in any of the queues and mailboxes.

 

·         Open a Settings Editor window of the VP6xx0 and log in as System Administrator. Under the service tab - installation, select upgrade software.
Browse to the downloaded zip file and press upload.
The top of the window will indicate that the installation was successful.

·         Restart the system after the patch has been installed.
Final changes of the patch are done just after the restart.

After the restart, the system is ready to use.