[20940] in bugtraq
Re: Microsoft Security Bulletin MS01-030
daemon@ATHENA.MIT.EDU (Paul L Schmehl)
Sun Jun 10 17:05:04 2001
Date: Fri, 08 Jun 2001 13:10:41 -0500
From: Paul L Schmehl <pauls@utdallas.edu>
To: Microsoft Product Security <secure@MICROSOFT.COM>
Cc: BUGTRAQ@securityfocus.com, focus-ms@securityfocus.com
Message-ID: <4163363174.992005841@baldeagle.campus.ad.utdallas.edu>
In-Reply-To: <C10F7F33B880B248BCC47DB446738847445EA5@red-msg-07.redmond.corp.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
At UTD we are running active-active clustering (a-a-c) with two virtual
Exchange 2000 servers and a RAID array. We were in the process of
installing Exchange 2000 on the second node, and the admins decided to
apply this patch to the "active" node as well.
After application of the patch (this morning), stores.exe consumed 100% of
CPU and Exchange became non-responsive. Some tasks timed out, while others
could be performed but were quite sluggish.
We do not know if this will affect systems that do not use a-a-c.
Stores.exe is a file used by a-a-c, and the patch detected that we were
running a-a-c. There's nothing in the bulletin to indicate that the patch
is not supposed to be applied to an a-a-c setup.
--On Wednesday, June 06, 2001 5:30 PM -0700 Microsoft Product Security
<secnotif@MICROSOFT.COM> wrote:
> The following is a Security Bulletin from the Microsoft Product Security
> Notification Service.
>
> Please do not reply to this message, as it was sent from an unattended
> mailbox.
> ********************************
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> - ----------------------------------------------------------------------
> Title: Incorrect Attachment Handling in Exchange 2000 OWA
> Can Execute Script
> Date: 06 June 2001
> Software: Microsoft Exchange 2000 Server Outlook Web Access
> Impact: Run code of attacker's choice
> Bulletin: MS01-030
>
> Microsoft encourages customers to review the Security Bulletin at:
> http://www.microsoft.com/technet/security/bulletin/MS01-030.asp.
> - ----------------------------------------------------------------------
Paul L. Schmehl, pauls@utdallas.edu
http://www.utdallas.edu/~pauls/
Supervisor, Support Services
The University of Texas at Dallas
AVIEN Founding Member
