While meant to fix a critical vulnerability in Internet Information Services that could have allowed for remote code executions, Microsoft's security bulletin MS06-034 was released bundled with a couple
of problems.
"One issue was that even though you installed the update you could still be getting it reoffered to you via Windows Update, Microsoft Update, Automatic Update, or WSUS. In some cases we were detecting on a file you may not even have on your system. This has been resolved," claims Craig Gehre on Microsoft Security Response Center Blog.
The bulletin addressing the management of Active Server Pages also caused another issue concerned the systems running Windows Server 2003 SP1. In this case there exists the possibility that the installment of the security update would fail completely but without warning the system administrator. This would occur if the patch was installed while IIS was using the file ASP.dll. "The package may appear to install correctly, but the reality is just the opposite", warned Gehre.
"Both of these issues were addressed last night. Because the second issue might have involved a silent failure, we recommend all Windows 2003 SP1 users rerun detection on these systems to make sure that their systems have updated properly," concluded Gehre.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
