Re: Alert: Microsoft Security Bulletin MS03-047 - Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (828489)

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 10/17/03

Next message: Microsoft Security Response Center: "Re: Patch MS03-045 for Czech W2K has conflicting kernel32.dll [lw]"

Previous message: Ondøej Holas: "Patch MS03-045 for Czech W2K has conflicting kernel32.dll"
Maybe in reply to: Russ: "Alert: Microsoft Security Bulletin MS03-047 - Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (828489)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Fri, 17 Oct 2003 15:04:50 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

I have had enough reports now about this bulletin to suggest that there appears to be either a problem with it, or, inadequate explanation in the bulletin about how it should be applied, or, a lot of stupid people...;-]

One person reported after applying MS03-047, OWA users receive;

The Microsoft Exchange Server is down or the HTTP Service has been disabled
by an administrator. Please try your request again later.

when they try to view any message.

Removing the patch does seem to work and allows the OWA box to start working properly again.

I encourage everyone who reported this problem to contact Microsoft PSS and open a trouble-ticket, and then send me the SRX number so I can follow up. When you call, tell them you are reporting a problem with your system after applying a security patch and you should be able to open the ticket for free.

Cheers,
Russ - NTBugtraq Editor

----
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
12/31/03 and cannot be used in combination with other offers.
----

Next message: Microsoft Security Response Center: "Re: Patch MS03-045 for Czech W2K has conflicting kernel32.dll [lw]"

Previous message: Ondøej Holas: "Patch MS03-045 for Czech W2K has conflicting kernel32.dll"
Maybe in reply to: Russ: "Alert: Microsoft Security Bulletin MS03-047 - Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (828489)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Researchers debunk "China military threat" propaganda
... >> A great read from the Bulletin of the Atomic Scientists: ... >> "Recent reports warn that China is aggressively building up its nuclear ... > Let's be serious about any report by the Bulletin of the Atomic ...
(soc.culture.china)
Re: Researchers debunk "China military threat" propaganda
... >> A great read from the Bulletin of the Atomic Scientists: ... >> "Recent reports warn that China is aggressively building up its nuclear ... > Let's be serious about any report by the Bulletin of the Atomic ...
(soc.culture.china)
Re: Researchers debunk "China military threat" propaganda
... > A great read from the Bulletin of the Atomic Scientists: ... > "Recent reports warn that China is aggressively building up its nuclear ... Let's be serious about any report by the Bulletin of the Atomic ...
(soc.culture.china)
Re: Researchers debunk "China military threat" propaganda
... >> A great read from the Bulletin of the Atomic Scientists: ... >> "Recent reports warn that China is aggressively building up its nuclear ... > Let's be serious about any report by the Bulletin of the Atomic ...
(soc.culture.china)