Re: MS02-047 + Terminal Service Web Client
From: Bill Sanderson (bill_NoSpamSanderson@msn.com)
Date: 09/04/02
- Next message: JP: "Cannot Add Workstation to Domain"
- Previous message: Bryan: "Error promote second DC to our Netowork !! Top Urgent !! Help"
- In reply to: Torgeir Bakken: "Re: MS02-047 + Terminal Service Web Client"
- Next in thread: Alex K. Angelopoulos \(MVP\): "Re: MS02-047 + Terminal Service Web Client"
- Reply: Alex K. Angelopoulos \(MVP\): "Re: MS02-047 + Terminal Service Web Client"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Bill Sanderson" <bill_NoSpamSanderson@msn.com> Date: Tue, 3 Sep 2002 22:31:46 -0400
Torgeir Bakken wrote:
> PaulD wrote:
>
>> I am evaluating the IE6 security update MS02-047 and have
>> installed on my and 1 other PC. All my existing TSWeb
>> connections now fail.
>>
>> I have researched this and found and read Q328002 and
>> understand how to set up our web server to deliver the
>> updated OCX control. I am not sure that I will do so
>> however.
>>
>> My problem is this: Our XP client machines are not set up
>> to allow non administrators ( we have an NT4 Domain )to
>> install these controls. I have no desire to log onto or
>> change the local security on over 100 XP machines to
>> allow our users to install the new control however I also
>> would prefer we have the latest updates installed. I also
>> don't want to have to change security at the Domain
>> level. What do I do?
>>
>> BTW there is no reference to this as an implication of
>> installing this latest update anywhere on Microsoft's
>> download page.
>
> Hi
>
> The references are in the Security Bulletins...
>
>
> This is from the bulletin describing the IE6 security patch (Q323759):
>
> From Microsoft Security Bulletin MS02-047
> Title: Cumulative Patch for Internet Explorer (Q323759)
> Date: August 22, 2002
> Software: Internet Explorer
> http://www.microsoft.com/technet/security/bulletin/MS02-047.asp
>
> <qoute>
> and customers who use TSAC and have not already installed
> the patch provided in MS02-046 should do so before
> installing this patch.
> </qoute>
>
>
> This is from the bulletin describing the server side security update:
>
> From Microsoft Security Bulletin MS02-046
> Title: Buffer Overrun in TSAC ActiveX Control Could Allow
> Code Execution(Q327521)
> Date: August 22, 2002
> Software: Microsoft Terminal Services Advanced Client
> (TSAC) ActiveX control
> http://www.microsoft.com/technet/security/bulletin/MS02-046.asp
>
> <qoute>
> The updated control will be delivered to users through the
> normal installation process described above. That is, the
> next time the user visits a web site that offers terminal
> services and has installed the patch, the updated control
> will be delivered to the user’s system. (On the other
> hand, if the web site has not installed the patch, the
> user will be unable to use terminal services. This is the
> correct behavior, since the older version of the control
> does represent a security exposure if used).
> </qoute>
But can this updated control be delivered to the user if only Admin level
users are allowed to install such controls?
This was the point of the original post--in a large installation where
permissions are set to prevent users from installing ActiveX controls, how
can this client-side distribution of the ActiveX control be managed
centrally?
- Next message: JP: "Cannot Add Workstation to Domain"
- Previous message: Bryan: "Error promote second DC to our Netowork !! Top Urgent !! Help"
- In reply to: Torgeir Bakken: "Re: MS02-047 + Terminal Service Web Client"
- Next in thread: Alex K. Angelopoulos \(MVP\): "Re: MS02-047 + Terminal Service Web Client"
- Reply: Alex K. Angelopoulos \(MVP\): "Re: MS02-047 + Terminal Service Web Client"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
