Re: Alert: Microsoft Security Bulletin - MS03-040

From: Tegels, Kent (Kent.Tegels_at_HDRINC.COM)
Date: 10/04/03

  • Next message: 3APA3A: "Bad news on RPC DCOM vulnerability" 
    Date:         Sat, 4 Oct 2003 06:58:59 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Greetings,
     
    On issue 1, in the six-years or so that I've worked with IEAK, it's never included hotfixes. IEAK isn't designed to do that, rather its a tool that "make[s] it easy for you to deploy and manage custom browser software packages." Microsoft builds IEAK packages with each "significant" version release and that seems to be about it. To me, this is probably the most annoying thing about how Microsoft has positioned IEAK over the years. They've not been explicit that it doesn't include with hotfixes, and that its not designed to do that type of synchronization. But that IEAK does it seems both to be the most implied but unsupported feature -- and the most sorely needed real one. Do remember that IEAK will let you add your own packages to a distribution, so there is a way you can add-in at least the then-current hot fixes into your build. I've not had the need to that myself, so I can't speak to the ease of doing so, however.
     
    Don't get me wrong, I do think IEAK is good tool and its been very good to me. At the same time, I'd agree that it could be better.
     
    On issue 2, if you are getting HTTP server return codes of 4xx or higher that's one thing, but if these are mostly scripting errors, that's another. IE and, well "not-IE" have different behaviors when it comes to scripts and timing. Chances are what your seeing are pages where some of the scripting could have been done (and tested) better from a cross-browser stand point. But then, when 80%+ of the traffic to your site uses one browser, being sporadically lax about supporting that last ~20% is probably a fact of life. Again, its definitely not a good thing, but even the Mozilla site isn't exactly usable when viewed with Lynx <grin>.
     
    Thanks!
    kt

    ________________________________

    From: Windows NTBugtraq Mailing List on behalf of Vexx
    Sent: Sat 10/4/2003 12:10 AM
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    Subject: Re: Alert: Microsoft Security Bulletin - MS03-040

    Two issues, one just annoying.

    1) It does not appear that IEAK 6 has been updated to reflect any
    patches (???). I ran the synchronizer and it claimed all my reference
    files were A-OK (check). Therefore, I appear to be looking at having to
    deploy + patch.... I thought part of the point of IEAK 6 was to permit
    easy synchronization and roll out.

    2) I am more and more frequently finding that Microsoft sites return
    "ACCESS DENIED" if I use any browser other than IE. Use Mozilla or
    Opera - ACCESS DENIED; use IE - "in like Flint". If this is an artifact
    of MS web programming, it is very childish.... bork bork bork.

    -----
    Want to reply to the person who sent this message?

    This list is configured such that just hitting reply is going to result in
    the message coming to the list, not to the individual who sent the message.
    This was done to help reduce the number of Out of Office messages posters
    received. So if you want to send a reply just to the poster, you''ll have to
    copy their email address out of the message and place it in your TO: field.
    -----

    -----
    Want to reply to the person who sent this message?

    This list is configured such that just hitting reply is going to result in
    the message coming to the list, not to the individual who sent the message.
    This was done to help reduce the number of Out of Office messages posters
    received. So if you want to send a reply just to the poster, you''ll have to
    copy their email address out of the message and place it in your TO: field.
    -----

  • Next message: 3APA3A: "Bad news on RPC DCOM vulnerability"