'Re: MS01-016 and MS01-014 both replace httpext.dll'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntbugtraq
Subject:    Re: MS01-016 and MS01-014 both replace httpext.dll
From:       Andreas Klein <andrekl () MICROSOFT ! COM>
Date:       2001-04-23 6:46:57
[Download RAW message or body]

Just as a general notice: fixes will ALWAYS have ALL of the previous
fixes. You can determine what the latest fix is by looking at the
version information of the files. These should be also listed in the
Knowledge Base articles referenced in the bulletins.

If you find a fix that causes a "re-show" of a previously resolved Issue
(regression) please let us know asap.

ciao,
  Andreas Klein, Microsoft
  Critical Problem Resolution


-----Original Message-----
From: Tod Beardsley [mailto:Tod_Beardsley@DELL.COM] 
Sent: Dienstag, 27. März 2001 00:35
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: MS01-016 and MS01-014 both replace httpext.dll


It looks like the hotfix released for MS01-016 (Malformed WebDAV Request
Can Cause IIS to Exhaust CPU Resources) replaces the same dll as
MS01-014 (Malformed URL can Cause Service Failure in IIS 5.0 and
Exchange 2000). However, no mention is made on MS's site if the later
release fixes the problems discussed in the earlier bulletin.

So, either it does, and MS failed to mention it, or it doesn't, and
applying this fix will nullify the prior fix.

I haven't had a chance to determine which of these states are true, but
I'll be looking into it tonight or tomorrow. Just wanted to give a heads
up.

Tod Beardsley             Public Key Fingerprint
Tod_Beardsley@dell.com     03FA 3798  4EE9 5227
(512) 725-2337             C979 4593  2679 2DAC
 Dell Online - Site Ops - System Administrator
  "Happiness is Mandatory!" - Friend Computer

------------------------------------------------------------------------
----
Delivery co-sponsored by BindView Corporation
========================================================================
====
Are your security practices adequate enough to protect you from hackers
and crackers?  How do you provide remote access to your users, enable
e-mail messaging, Internet sites and e-commerce activity, and at the
same time maintain security?  Can you implement and administer the
effective security measures you need without doing battle with the
people who need access to your network?

Download FREE the latest Hurwitz Group Report, Management Controls:
Security Impact of IT Administration at
<http://www.bindview.com/hurwitz3>
------------------------------------------------------------------------
----

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic