Re: WARNING: IE Security update KB963027 Breaks Companyweb (SBS 2003)

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

IE 7 is more secure than IE 6 to be sure. *but* you shouldn't be browsing the net from your server. ;) And if, for some reason, you find you need to, you should only be viewing pages that some tool such as BPA or the event log links take you to...so a more secure IE is a non-issue on a server.

And IE is released, but the optional update was released to fix a problem found when IE8 was still beta, and I believe the KB article *still* refers to IE8 beta...could be wrong on that one.

-Cliff


"Gary Karasik" <gkarasik@xxxxxxx> wrote in message news:uwl8EgIwJHA.1492@xxxxxxxxxxxxxxxxxxxxxxx
Except

--

GaryK


Except IE7 is supposed to be more secure than IE6, and for that matter IE8 is supposed to be more secure than IE8, so in running IE6 I am running the least secure version of the three. Not a best practice in my book.

By the way, why are we calling IE8 a beta? I am under the impression that it has been officially released.

GaryK

3) IE 7 is, itself, an optional upgrade on a server. There is nothing stopping you from blissfully running IE6 on SBS2k3 indefinitely.

4) Any patches to IE7 that aren't security related, or to the OS that improves compatibility for a non-security product (IE7, IE8 beta) is also optional.

5) Reading the KB articles should be a standard practice.

6) Testing your server after applying a patch should be a standard practice.

7) If you saw this on 20 servers, you failed to follow steps 5 or 6 (or both.)

8) This just isn't that big of a deal. The optional upgrade only impacts IE.....

-Cliff



"Leythos" <spam999free@xxxxxxxxxx> wrote in message news:MPG.2453d2ea9bc00d27989b29@xxxxxxxxxxxxxxxxxxxxxxx
In article <OfuyEREwJHA.5672@xxxxxxxxxxxxxxxxxxxx>, sbradcpa@xxxxxxxxxxx
says...

Leythos wrote:
> I have just confirmed this on more than 20 SBS 2003 servers, IE > security
> update KB963027 breaks the Companyweb.
>
> The primary symptom is that that you are prompted for credentials
> (user/password) that will not be accepted under any conditions.
>
> I have also seen this cause accounts to be locked out because of the
> rejected user/password.
>
> After removing IE 7 Security update KB963027, the entire server > returns
> to normal and works properly.
>
Post 09-014 Companyweb wants a password, install 961143 - THE OFFICIAL
BLOG OF THE SBS "DIVA":
http://msmvps.com/blogs/bradley/archive/2009/04/16/post-09-014-company-web-wants-a-password-install-961143.aspx

Why the HE!! would microsoft issue a critical update that requires an
OPTIONAL update to operate properly.

I'm really starting to get ticked off with MS for breaking a lot of
things with UPDATES that appear to be RUSHED OUT WITHOUT BASIC TESTING.

Thanks for the resolution Susan.

Maybe you could pass it up the chain that common development practices,
decades old, mandate that patches and software NOT BE RELEASED before
proper testing.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)



.

Relevant Pages

  • Re: WARNING: IE Security update KB963027 Breaks Companyweb (SBS 2003)
    ... My clients do not wish to browse from the SBS because none of them ever have any need to log onto it other than create user/machine accounts or some rather clearly defined other actions. ... I don't know what your world is like, but in my world I can't tell my clients not to browse from the server. ... I'm going to put the most secure version of IE on the server I can. ... And IE is released, but the optional update was released to fix a problem found when IE8 was still beta, and I believe the KB article *still* refers to IE8 beta...could be wrong on that one. ...
    (microsoft.public.windows.server.sbs)
  • RE: WebServer?
    ... The operating system, server process, and the environment all ... Apache is probably a bit more secure than IIS. ... that with the proper assessment of risks, ...
    (Focus-Microsoft)
  • Re: WARNING: IE Security update KB963027 Breaks Companyweb (SBS 2003)
    ... I absolutely tell my clients not to browse from the server. ... But if I had a client that continually was deleting users because they were monkeying in AD, and I was continually fixing them, then they may get more expensive or time-consuming than I'd be willing to deal with and I'd drop them. ... I'm going to put the most secure version of IE on the server I can. ... And IE is released, but the optional update was released to fix a problem found when IE8 was still beta, and I believe the KB article *still* refers to IE8 beta...could be wrong on that one. ...
    (microsoft.public.windows.server.sbs)
  • Re: WARNING: IE Security update KB963027 Breaks Companyweb (SBS 2003)
    ... And they do browse from the server from time to time no matter now ... to IE8 beta...could be wrong on that one. ... Reading the KB articles should be a standard practice. ... proper testing. ...
    (microsoft.public.windows.server.sbs)
  • Re: WARNING: IE Security update KB963027 Breaks Companyweb (SBS 2003)
    ... It's their server. ... *still* refers to IE8 beta...could be wrong on that one. ... Reading the KB articles should be a standard practice. ... proper testing. ...
    (microsoft.public.windows.server.sbs)