[20968] in bugtraq
RE: Microsoft Security Bulletin MS01-030
daemon@ATHENA.MIT.EDU (Toma Vailikit)
Mon Jun 11 15:15:43 2001
MIME-Version: 1.0
Date: Mon, 11 Jun 2001 09:45:16 -0400
Content-Type: text/plain;
charset="us-ascii"
Message-ID: <FBB0BC1ADAD84F4695C301CE3F527B8B72B6@mail.corp.vaitek.com>
content-class: urn:content-classes:message
From: "Toma Vailikit" <toma@vaitek.com>
To: "Paul L Schmehl" <pauls@utdallas.edu>,
"Microsoft Product Security" <secure@MICROSOFT.COM>
Cc: <BUGTRAQ@securityfocus.com>, <focus-ms@securityfocus.com>
Content-Transfer-Encoding: 8bit
-----Original Message-----
From: Paul L Schmehl [mailto:pauls@utdallas.edu]
snip...
We do not know if this will affect systems that do not use a-a-c.
snip...
Yes, it does affect non clustered Exchange servers in the same way. At
least this has been in my case. I don't know if this is a problem for
everyone that has applied this patch.
I noticed that store.exe was on a rampage this morning after I applied
this "patch" yesterday to the server. After a reboot, it took about 5
minutes or so to reproduce the same results with store.exe. So I
rebooted it again and removed the patch so my users would have an
exchange server to connect to.
Of course a server that is inaccessible is much more secure, but I think
we need a patch that doesn't take out the server as a means to remedy a
security hole.
