-----BEGIN PGP SIGNED MESSAGE----- Hi All - We wanted to take a minute and clarify Joe's post a bit. An issue was identified in the patch for MS01-035 last week. We pulled the patch from the download site immediately and are working on a corrected patch which we'll release as soon as possible. When the new patch is available, we'll re-release the bulletin. In the meantime, it's worth reiterating a couple of important points from the bulletin. The piece of software that contains the vulnerability, known as the Visual Interdev RAD (Remote Application Deployment) Support sub-component, is not installed by default. Further, if the administrator does select it for installation, a dialogue box is displayed pointing out that the sub-component is not appropriate for use on production systems and should only be installed on development systems. As the bulletin discusses, Microsoft doesn't recommend applying the patch to production systems. Instead, we recommend that the sub-component, if installed, be removed immediately. The patch should only be applied to development systems, and even then on ones that require Visual Interdev RAD support. Of course, standard best practices call for development to be performed on protected machines; it's never recommended to connect a development machine to the Internet. We apologize for any inconvenience, and are working to complete the updated patch as quickly as possible. Regards, Christopher Budd Security Program Manager Microsoft Security Response Center - -----Original Message----- From: Joe Granto [mailto:Joe.Granto@WCom.Com] Sent: Wednesday, August 01, 2001 6:24 AM To: bugtraq@securityfocus.com Subject: MS01-035 Hot Fix for IIS Below you will find the official word from Microsoft regarding this hotfix. I am unsure if this is common knowledge or not; ignore this email if it is... Basically, installing MS01-035 causes the IIS MMC to close when you click on the server extensions tab under Windows 2000 Advanced Server on SP2 (with all current hotfixes). Uninstalling MS01-035 fixes the problem, but opens up the security hole. This, I claim, is a broken solution. Of course, you could uninstall the hotfix, make your sever extension mods, then reinstall the hotfix, and just live with the MMC dying when you click on the server extensions tab, but this is also a broken solution. Given the publicity that unchecked buffers have been getting with respect to IIS, it seems to me that Microsoft should have a better solution... - -----Original Message----- <snip useless info) Here is a summary of the key points of the case for your records. Action: ====== Clicking on the Server Extensions Tab within IIS Result: ====== MMC is closing Dr Watson. The application MMC generated an application error. C0000005 at address 77e86662 (interlock increment). Cause: ====== MS01-035 Hot Fix Resolution: ========= Uninstall the Hot fix Q300477 FPSE: Potential Buffer Overrun Vulnerability w/Visual Studio RAD http://support.microsoft.com/support/kb/articles/q300/4/77.asp - ------- End of forwarded message ------- - ---------------------------------------------------------------------- - -- Joe Granto, Rookie Systems Engineer Wireless Operations and Platform Architecture MCI or WorldCom, I don't know anymore. Office: (770)284-5061 VNET: 949-5061 Pager: (888)500-6340 or 5006340@worldcom.com FAX: (770)284-6824 "There is no estimated time of resolution." Fear my three minute POP time-out. There is no MCI, only Zuul. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQEVAwUBO2inDY0ZSRQxA/UrAQGNYwf7Bnv9zsZ/r2jGs2sJBQvEuvYhkQkb+HXT PbgC0q2tTXpeKcwQ1U82tzNqMbiEJ0rEdPd/55rbY4KbC8OADjSeEMd5azok/YHx ArXxMpVkIMF1BBtL9RLdX0eYY8NkcyNyo/T6RTSgHWMeurReIgvBHMJH0IAlwlhz xeOVdsgReELvlOFiR7Iqgsb4uTCW5rqFX6oCz0q+YnzOioS6Y2+LdFDxQlbnskr9 p219k3wNI7u0ouJ56XnD9oxNA7OBIeBFEEf//QSgRRu6atFNwZu6Ql5UrWHIXFiV 7zGP8nZDI4rNlS0t/FFcFP8G4E/Y2KGm9L8i/JDoNWMQ0UpSpejS4g== =7y5t -----END PGP SIGNATURE-----
