MS01-035 Hot Fix for IIS

[Joe Granto <Joe.Granto () WCom Com>]

Below you will find the official word from Microsoft regarding this 
hotfix.  I am unsure if this is common knowledge or not;  ignore this 
email if it is...

Basically, installing MS01-035 causes the IIS MMC to close when you click 
on the server extensions tab under Windows 2000 Advanced Server on SP2 
(with all current hotfixes).  Uninstalling MS01-035 fixes the problem, 
but opens up the security hole.  This, I claim, is a broken solution.

Of course, you could uninstall the hotfix, make your sever extension 
mods, then reinstall the hotfix, and just live with the MMC dying when 
you click on the server extensions tab, but this is also a broken 
solution.

Given the publicity that unchecked buffers have been getting with respect 
to IIS, it seems to me that Microsoft should have a better solution...


-----Original Message-----
<snip useless info)

Here is a summary of the key points of the case for your records.

Action:
======
Clicking on the Server Extensions Tab within IIS

Result:
======
MMC is closing

Dr Watson. The application MMC generated an application error. C0000005 
at address 77e86662 (interlock increment). 

Cause:
======
MS01-035 Hot Fix

Resolution:
=========
Uninstall the Hot fix

Q300477 FPSE: Potential Buffer Overrun Vulnerability w/Visual Studio RAD
http://support.microsoft.com/support/kb/articles/q300/4/77.asp

------- End of forwarded message -------

------------------------------------------------------------------------
Joe Granto, Rookie Systems Engineer
Wireless Operations and Platform Architecture
MCI or WorldCom, I don't know anymore.
Office: (770)284-5061      VNET: 949-5061
Pager:  (888)500-6340 or 5006340 () worldcom com
FAX: (770)284-6824

"There is no estimated time of resolution."

Fear my three minute POP time-out.

There is no MCI, only Zuul.