Microsoft fixing another faulty patch
…we all have read about Microsoft releasing a patch that gave some people trouble with RRAS Services.
I have instead being the lucky guy who's got another – similar – problem with it: on a machine with Microsoft Proxy Server 2.0 running into IIS3, the "Web Proxy" service would not start.
The "World Wide Web Publishing Service" starts, but from Internet service manager the "Web Proxy" module appears as Not Running.
I looked at the property of the WWW Service in Internet Service Manager, where the field "User" (for Anonymous Authentication) is indeed EMPTY, instead of containing the usual IUSR_SERVERNAME.
But, funny enough, the value with the correct user name IS in the registry (HKLM/System/CurrentControlSet/Services/W3SVC/Parameters ….). It's still IIS3, then it is in the registry, it does not have a metabase. But is DOES not get read !!
Uninstalling the patch, the service works again, and the user is correctly displayed.
I KNOW that the vulnerability is considered "Moderate" since no native service can expose it remotely.
On the other hand, on the very same machine a third-party SMTP Virus-Scanning product is also installed, which MIGHT make use of the "dangerous" API, and expose the flaw remotely…. very remote possibility, but still I like to have my systems patched…. maybe a maliciously crafted mail could trigger the vulnerability (?worst case scenario?), like in a bug of sendmail of some time ago…..
And this was the bad new.
The GOOD new is that Microsoft supplied me the hotfix they released for the RRAS issue, and it also fixes this problem.
I am one week late, but my system is patched.
The hotfix in question is numbered Q825501 – I wonder how one is supposed to REMEBER all of these numbers… which relation does it have with the original "823803" ?… which again is referred to security bullettin MS03-029…
But OK, the issue was the fix, and the fix works. That's important.