|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Alert: Microsoft Security Bulletin MS03-047 - Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (828489)
From: Russ (Russ.Cooper
RC.ON.CA)
Date: Fri Oct 17 2003 - 14:04:50 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I have had enough reports now about this bulletin to suggest that there appears to be either a problem with it, or, inadequate explanation in the bulletin about how it should be applied, or, a lot of stupid people...;-]
One person reported after applying MS03-047, OWA users receive;
The Microsoft Exchange Server is down or the HTTP Service has been disabled
by an administrator. Please try your request again later.
when they try to view any message.
Removing the patch does seem to work and allows the OWA box to start working properly again.
I encourage everyone who reported this problem to contact Microsoft PSS and open a trouble-ticket, and then send me the SRX number so I can follow up. When you call, tell them you are reporting a problem with your system after applying a security patch and you should be able to open the ticket for free.
Cheers,
Russ - NTBugtraq Editor
----
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa. Promotion expires
12/31/03 and cannot be used in combination with other offers.
----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]