Re: WARNING: IE Security update KB963027 Breaks Companyweb (SBS 20
- From: picturepete <picturepete@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 22 Apr 2009 02:43:01 -0700
It actually breaks IE6 as well, I had just built SBS2003 2 days ago and have
pent the last day trying to sort the problem out, needless to say MS were as
usefull as a chocolate teapot!!
Pete
"Cliff Galiher" wrote:
Agreed. But what I was trying to convey (obviously ineffectively) is that.
because this *was* a security patch, MS has to support it all the way back
to SBS2k3 RTM, not just the current SP as per their product support
lifecycle.
It is reasonable to assume that MS did test against an RTM machine (which
would have IE6), and SP1 machine, an SP2 machine, and a machine fully
updated with all patches. And in all of those cases, this problem would not
have surfaced.
It is *not* reasonable for MS to test against every possible combination of
patch that could be applied to a system. If you recall your high-school
algebra on combinations and permutations, each additional patch causes the
total combination possibilities to grow exponentially. When you consider
how many patches have been released for Win2k3, it would *literally* be
millions of combinations to test against. Things like this *will* slip
through the cracks and it is not a sign of poor quality control.
It requires a person to install *on the server* IE7 and then pass on related
updates, which I would argue is probably a significant edge-case. It has
even been debated in this newsgroup in the past whether IE7 should be
installed on the server. Or silverlight. Or any other client enhancement.
So should the optional patch have been bumped? Of course. Am I going to
get pissy with MS for releasing a half-baked patch? C'mon...I'm surprised
these types of conflicts don't arise *more* often. That's all I was trying
to point out.
-Cliff
"SuperGumby [SBS MVP]" <not@xxxxxxxxxxx> wrote in message
news:#V1jN1GwJHA.5392@xxxxxxxxxxxxxxxxxxxxxxx
Critical patches should not have a dependence on 'optional' patches. The
criticality of the final patch raises the (previously) optional patch's
status to 'required', or the critical patch should include the code from
the optional.
--
SBS remote support services. (Fees apply)
mickm at mickmalloy dot dyndns dot org
"Cliff Galiher" <cgaliher@xxxxxxxxx> wrote in message
news:emA$inGwJHA.5516@xxxxxxxxxxxxxxxxxxxxxxx
A couple of random thoughts here, in no particular order:
1) The hotfix changes some core DLL's to fix security flaw in IE. There
was *no way* to release this without breaking companyweb because the
underlying NTLM authentication *needed* to be fixed. No amount of
"testing" would change that.
2) Security is always a critical fix.
3) IE 7 is, itself, an optional upgrade on a server. There is nothing
stopping you from blissfully running IE6 on SBS2k3 indefinitely.
4) Any patches to IE7 that aren't security related, or to the OS that
improves compatibility for a non-security product (IE7, IE8 beta) is also
optional.
5) Reading the KB articles should be a standard practice.
6) Testing your server after applying a patch should be a standard
practice.
7) If you saw this on 20 servers, you failed to follow steps 5 or 6 (or
both.)
8) This just isn't that big of a deal. The optional upgrade only impacts
IE.....
-Cliff
"Leythos" <spam999free@xxxxxxxxxx> wrote in message
news:MPG.2453d2ea9bc00d27989b29@xxxxxxxxxxxxxxxxxxxxxxx
In article <OfuyEREwJHA.5672@xxxxxxxxxxxxxxxxxxxx>, sbradcpa@xxxxxxxxxxx
says...
Leythos wrote:
I have just confirmed this on more than 20 SBS 2003 servers, IEPost 09-014 Companyweb wants a password, install 961143 - THE OFFICIAL
security
update KB963027 breaks the Companyweb.
The primary symptom is that that you are prompted for credentials
(user/password) that will not be accepted under any conditions.
I have also seen this cause accounts to be locked out because of the
rejected user/password.
After removing IE 7 Security update KB963027, the entire server
returns
to normal and works properly.
BLOG OF THE SBS "DIVA":
http://msmvps.com/blogs/bradley/archive/2009/04/16/post-09-014-company-web-wants-a-password-install-961143.aspx
Why the HE!! would microsoft issue a critical update that requires an
OPTIONAL update to operate properly.
I'm really starting to get ticked off with MS for breaking a lot of
things with UPDATES that appear to be RUSHED OUT WITHOUT BASIC TESTING.
Thanks for the resolution Susan.
Maybe you could pass it up the chain that common development practices,
decades old, mandate that patches and software NOT BE RELEASED before
proper testing.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)
- Follow-Ups:
- References:
- WARNING: IE Security update KB963027 Breaks Companyweb (SBS 2003)
- From: Leythos
- Re: WARNING: IE Security update KB963027 Breaks Companyweb (SBS 2003)
- From: Susan Bradley
- Re: WARNING: IE Security update KB963027 Breaks Companyweb (SBS 2003)
- From: Leythos
- Re: WARNING: IE Security update KB963027 Breaks Companyweb (SBS 2003)
- From: Cliff Galiher
- Re: WARNING: IE Security update KB963027 Breaks Companyweb (SBS 2003)
- From: SuperGumby [SBS MVP]
- Re: WARNING: IE Security update KB963027 Breaks Companyweb (SBS 2003)
- From: Cliff Galiher
- WARNING: IE Security update KB963027 Breaks Companyweb (SBS 2003)
- Prev by Date: Re: Reliable Firewall - Web Content Filter
- Next by Date: Re: SBS2003 R2 / XP and Office 2007
- Previous by thread: Re: WARNING: IE Security update KB963027 Breaks Companyweb (SBS 2003)
- Next by thread: Re: WARNING: IE Security update KB963027 Breaks Companyweb (SBS 20
- Index(es):
Relevant Pages
|
