Re: KB911280 update problem

Tech-Archive recommends: Fix windows errors by optimizing your registry

You simply have to wait. Microsoft has acknowledged and confirmed the
problem and has reissued an updated MS06-025 Bulletin yesterday which
discusses this. http://support.microsoft.com/kb/911280

Microsoft is working on an amended patch which will address this issue.
Microsoft advises anyone affected by this to not install the patch and to
wait for the new version (likely next month). There are exploits out
involving the vulnerability that this patch fixed so be careful.

I am affected but only for my backup Road Runner dialup access. I only need
dialup when traveling or when Road Runner Cable goes down temporarily. Road
Runner dial access uses an ancient script for authentication similar to what
Compuserve uses. That script is broken by the patch.

I too called Microsoft support and was misdirected twice to the home safety
department with a case number indicating I had a virus. I waited on hold
both times for over an hour and finally gave up. The third time I called I
demanded to speak to the XP Pro department. I got a nice tech after a 35
minute wait (I think Microsoft needs to hire more techs). However, he told
me that he could put me in contact with the Microsoft Development team until
he could write up a bug report. He said he could not write a bug report
unless I could supply him with the script that is broken by this patch so
that he could examine the code. I told him I was a customer of Road Runner
not an employee and that I had no access to the script or authorization to
send it to him. I explained that I had earlier called Road Runner National
Help Desk and informed them of the problem and they were taken by complete
surprise but thanked me and said they would immediately look into it and
inform RR corporate.

I also told this XP Pro tech that Microsoft had repeatedly asked all
affected customers to call it and report the problem. I directed him to the
Microsoft TechNet bulletin (he had never heard of the TechNet site!) and
also to Steven Toulouse's blog of June 17 where he discusses the problem and
requests that all affected Microsoft customers call in and get a case number
and report the problem. Scroll down to "Checking in on This Month's
Release".
http://blogs.technet.com/msrc/default.aspx

This XP Pro tech could not navigate to the blog! I was stunned. He kept
telling me that I could NOT report this. I was SO FRUSTRATED. Steven
Toulouse had turned off comments in his blog or I would have given Microsoft
a piece of my mind. It should not be so extremely difficult to report patch
problems!!

"paulh" <paulh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B7A22BB0-A045-418C-B19D-D517603F6A33@xxxxxxxxxxxxxxxx


"MzM" wrote:

After installing XP Security Update KB911280 (to resolve a "remote code
execution security issue ... in the Routing and Remote Access service ")
and
rebooting, the computer was unable to connect to the Internet. The
connection process would simply halt at the initiation of the logon
script
(cis.scp) for Compuserve, refusing to run the script.

The question: Is there a setting somewhere that will allow the Network
Connection login script to run as it should after installation of this
update?

It is definately KB911280 causing the problem. (I had to roll back after
installation of all updates and then install each separately to determine
the
cause.) KB911280 is not now installed, of course. (Else I wouldn't be
here.
;)

I'm running XP Pro with SP2 and all other security updates and have no
other
problems to report regarding updates outside of this.

Thanks,

MzM


I have the EXACT same problem.
After installing the patch, my modem in xp can not dial the cis.scr
script
for compuserve log on. It is EXACTLy as MZM says, and it is not compuserve
software problem.
I called the
==
all Microsoft for free support, (1-(866) PC-SAFETY if you are in the USA),
and reference case number SOX060615700008.
===
number but support said that they do not allow phone help for this issue
and
directed me to the ms update site to install MORE updates, when it was an
update that caused the problem in the first place?

What is the solution?



.

Relevant Pages

  • SecurityFocus Microsoft Newsletter #83
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability ... Microsoft Internet Explorer History List Script Injection ... Microsoft Windows 2000 Lanman Denial of Service Vulnerability ...
    (Focus-Microsoft)
  • Re: KB911280 update problem
    ... Microsoft is working on an amended patch which will address this issue. ... I am affected but only for my backup Road Runner dialup access. ... That script is broken by the patch. ... I'm running XP Pro with SP2 and all other security updates and have no ...
    (microsoft.public.windowsupdate)
  • Re: KB911280 update problem
    ... Microsoft is working on an amended patch which will address this issue. ... Microsoft advises anyone affected by this to not install the patch and to ... That script is broken by the patch. ... He said he could not write a bug report ...
    (microsoft.public.windowsupdate)
  • SecurityFocus Microsoft Newsletter #84
    ... The most critical piece of vulnerability assessment is remediation. ... MICROSOFT VULNERABILITY SUMMARY ... IcrediBB Script Injection Vulnerability ... WorkforceROI XPede Unprotected Administrative Facilities... ...
    (Focus-Microsoft)
  • Re: SP4 error running replsys.sql
    ... clicked Yes to run the Replsys script but it still bombed out. ... Any other suggestion on how to install SP4? ... try to connect to a single user mode instance. ... I had a case open with Microsoft and they had no clue. ...
    (microsoft.public.sqlserver.setup)