• Properties:

• System Process: No
• Background Process: No
• Application Process:No
• Common Path:
  C:\ Windows\ system\ kb891711.exe
• Uses Network:No
• Uses Internet:Yes

Description:

The process kb891711.exe is a Windows Security Update process first released by Microsoft Corporation on March 2005. This process handles the Microsoft Security Update 891711, which is installed as a startup task on Windows.

Microsoft released the EXE kb891711.exe as a useful security patch that is embedded with the capability of addressing Cursor and Icon Format Handling vulnerability issues. In January 2005, Microsoft discovered the existence of a wide variety of vulnerability issues when it comes to the handling of animated cursors and icon formats by MS Windows XP SP2 along with MS Windows 98 through the remote execution of code. Attackers constructs a malicious cursor or icon file to exploit this remote code execution vulnerability. If the attacker succeeds, it could allow a disastrous remote code execution if a user ever visits a Web site with malicious content or receives and opens a malicious e-mail message.

The kb891711.exe process was thus constructed and distributed as an update to Windows 98 and Windows XP. The kb891711.exe file removes the vulnerability by modifying the method of execution of the cursors, animated cursors and icons. What the kb891711.exe file does is to run a format validation for the cursors, animated cursors and icons before rendering them.

Microsoft regularly comes up with Security Updates based on regular assessments of its products. A vulnerability assessment is released according to the types of systems that may be attacked due to the vulnerability. It also assesses normal deployment patterns and the effect to the system or application if ever the vulnerability is exploited. In coming up with security update 891711 implemented by the process kb891711.exe, while no information has been received by Microsoft about the vulnerability, Microsoft intended to address the vulnerability for which proof of concept code has been published publicly.

Installing patches to Windows as startup tasks, just like the kb891711.exe file, is not a normal practice of Microsoft. The company thus informs its customers that the implementation of kb891711.exe process is a temporary albeit necessary fix that Microsoft will eventually convert to a transparent patch in future Windows updates.

Security update 891711 or the kb891711.exe has been assigned with the Common Vulnerability and Exposure number CAN-2004-1049 and can be freely downloaded from the Microsoft Update website.

Recommendations:

This is a safe process. There is no necessity to remove this process from your system or change it in any way.