RE: MS01-035 Hot Fix for IIS

["Microsoft Security Response Center" <secure () microsoft com>]

-----BEGIN PGP SIGNED MESSAGE-----

Hi All -

We wanted to take a minute and clarify Joe's post a bit.  An issue
was identified in the patch for MS01-035 last week.  We pulled the
patch from the download site immediately and are working on a
corrected patch which we'll release as soon as possible.  When the
new patch is available, we'll re-release the bulletin.

In the meantime, it's worth reiterating a couple of important points
from the bulletin.  The piece of software that contains the
vulnerability, known as the Visual Interdev RAD (Remote Application
Deployment) Support sub-component, is not installed by default. 
Further, if the administrator does select it for installation, a
dialogue box is displayed pointing out that the sub-component is not
appropriate for use on production systems and should only be
installed on development systems.

As the bulletin discusses, Microsoft doesn't recommend applying the
patch to production systems.  Instead, we recommend that the
sub-component, if installed, be removed immediately.  The patch
should only be applied to development systems, and even then on ones
that require Visual Interdev RAD support.  Of course, standard best
practices call for development to be performed on protected machines;
it's never recommended to connect a development machine to the
Internet. 

We apologize for any inconvenience, and are working to complete the
updated patch as quickly as possible.

Regards,

Christopher Budd
Security Program Manager
Microsoft Security Response Center

- -----Original Message-----
From: Joe Granto [mailto:Joe.Granto () WCom Com] 
Sent: Wednesday, August 01, 2001 6:24 AM
To: bugtraq () securityfocus com
Subject: MS01-035 Hot Fix for IIS


Below you will find the official word from Microsoft regarding this 
hotfix.  I am unsure if this is common knowledge or not;  ignore this
email if it is...

Basically, installing MS01-035 causes the IIS MMC to close when you
click 
on the server extensions tab under Windows 2000 Advanced Server on
SP2 
(with all current hotfixes).  Uninstalling MS01-035 fixes the
problem, 
but opens up the security hole.  This, I claim, is a broken solution.

Of course, you could uninstall the hotfix, make your sever extension 
mods, then reinstall the hotfix, and just live with the MMC dying
when 
you click on the server extensions tab, but this is also a broken 
solution.

Given the publicity that unchecked buffers have been getting with
respect 
to IIS, it seems to me that Microsoft should have a better
solution...


- -----Original Message-----
<snip useless info)

Here is a summary of the key points of the case for your records.

Action:
======
Clicking on the Server Extensions Tab within IIS

Result:
======
MMC is closing

Dr Watson. The application MMC generated an application error.
C0000005 
at address 77e86662 (interlock increment). 

Cause:
======
MS01-035 Hot Fix

Resolution:
=========
Uninstall the Hot fix

Q300477 FPSE: Potential Buffer Overrun Vulnerability w/Visual Studio
RAD http://support.microsoft.com/support/kb/articles/q300/4/77.asp

- ------- End of forwarded message -------

- ----------------------------------------------------------------------
- --
Joe Granto, Rookie Systems Engineer
Wireless Operations and Platform Architecture
MCI or WorldCom, I don't know anymore.
Office: (770)284-5061      VNET: 949-5061
Pager:  (888)500-6340 or 5006340 () worldcom com
FAX: (770)284-6824

"There is no estimated time of resolution."

Fear my three minute POP time-out.

There is no MCI, only Zuul.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQEVAwUBO2inDY0ZSRQxA/UrAQGNYwf7Bnv9zsZ/r2jGs2sJBQvEuvYhkQkb+HXT
PbgC0q2tTXpeKcwQ1U82tzNqMbiEJ0rEdPd/55rbY4KbC8OADjSeEMd5azok/YHx
ArXxMpVkIMF1BBtL9RLdX0eYY8NkcyNyo/T6RTSgHWMeurReIgvBHMJH0IAlwlhz
xeOVdsgReELvlOFiR7Iqgsb4uTCW5rqFX6oCz0q+YnzOioS6Y2+LdFDxQlbnskr9
p219k3wNI7u0ouJ56XnD9oxNA7OBIeBFEEf//QSgRRu6atFNwZu6Ql5UrWHIXFiV
7zGP8nZDI4rNlS0t/FFcFP8G4E/Y2KGm9L8i/JDoNWMQ0UpSpejS4g==
=7y5t
-----END PGP SIGNATURE-----