Bugtraq mailing list archives
Re: Microsoft Security Bulletin MS01-030
From: Paul L Schmehl <pauls () utdallas edu>
Date: Fri, 08 Jun 2001 13:10:41 -0500
At UTD we are running active-active clustering (a-a-c) with two virtual Exchange 2000 servers and a RAID array. We were in the process of installing Exchange 2000 on the second node, and the admins decided to apply this patch to the "active" node as well.
After application of the patch (this morning), stores.exe consumed 100% of CPU and Exchange became non-responsive. Some tasks timed out, while others could be performed but were quite sluggish.
We do not know if this will affect systems that do not use a-a-c. Stores.exe is a file used by a-a-c, and the patch detected that we were running a-a-c. There's nothing in the bulletin to indicate that the patch is not supposed to be applied to an a-a-c setup.
--On Wednesday, June 06, 2001 5:30 PM -0700 Microsoft Product Security <secnotif () MICROSOFT COM> wrote:
The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. ******************************** -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Incorrect Attachment Handling in Exchange 2000 OWA Can Execute Script Date: 06 June 2001 Software: Microsoft Exchange 2000 Server Outlook Web Access Impact: Run code of attacker's choice Bulletin: MS01-030 Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS01-030.asp. - ----------------------------------------------------------------------
Paul L. Schmehl, pauls () utdallas edu http://www.utdallas.edu/~pauls/ Supervisor, Support Services The University of Texas at Dallas AVIEN Founding Member
Current thread:
- Microsoft Security Bulletin MS01-030 Microsoft Product Security (Jun 06)
- Re: Microsoft Security Bulletin MS01-030 Paul L Schmehl (Jun 10)
- <Possible follow-ups>
- RE: Microsoft Security Bulletin MS01-030 Toma Vailikit (Jun 11)
- RE: Microsoft Security Bulletin MS01-030 Paul L Schmehl (Jun 12)
- RE: Microsoft Security Bulletin MS01-030 Calanan, Michael (Jun 13)
- RE: Microsoft Security Bulletin MS01-030 John Hanks (Jun 13)
- RE: Microsoft Security Bulletin MS01-030 Paul L Schmehl (Jun 14)
- Re: Microsoft Security Bulletin MS01-030 Michael Bryan (Jun 14)
- RE: Microsoft Security Bulletin MS01-030 Michael B. Morell (Jun 14)