Microsoft KB Archive/911831

= Description of the security update for FrontPage 2002 Server Extensions: April 11, 2006 =

Article ID: 911831

Article Last Modified on 1/4/2007

-

APPLIES TO


 * Microsoft FrontPage 2002 Server Extensions

-



If you have a Microsoft Windows Server 2003-based computer, a Microsoft Windows Server 2003 Service Pack 1-based computer, a Microsoft Windows Server 2003 for Itanium-based Systems-based computer, or a Microsoft Windows Server 2003 with SP1 for Itanium-based Systems-based computer, view the following Knowledge Base article:

908981 Description of the security update for FrontPage 2002 Server Extensions for Microsoft Windows Server 2003-based computers: April 11, 2006



SUMMARY
Microsoft has released security bulletin MS06-017. The security bulletin contains all the relevant information about the security update for FrontPage 2002 Server Extensions from Microsoft. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites, depending on whether you are a home user or an IT professional:  Home Users

http://www.microsoft.com/athome/security/update/bulletins/200604.mspx

 IT Professionals

http://www.microsoft.com/technet/security/bulletin/ms06-017.mspx





Issues that the security update fixes
Besides the issues that are described in the security bulletin, the security update for FrontPage 2002 Server Extensions fixes the issues that are described in the following Microsoft Knowledge Base articles:

813380 Description of the FrontPage 2002 Server Extensions Security Patch: November 11, 2003

895193 Description of the FrontPage 2002 Server Extensions for Windows Server 2003 hotfix package: April 13, 2005

825809 FrontPage Server Extensions stops responding in Windows Server 2003

Besides the issues that are described in the security bulletin, the security update for FrontPage 2002 Server Extensions addresses the following issues that are not previously documented in a Microsoft Knowledge Base article:
 * By default, Integrated Windows authentication is turned off in Microsoft Internet Information Services (IIS) at the global level and at the per virtual server level. This behavior is changed so that Integrated Windows Authentication is turned on by default on the virtual servers on which FrontPage 2002 Server Extensions is running.


 * By default, Internet Information Services (IIS) disables Integrated Windows authentication on all new virtual servers. To work around this behavior, FrontPage 2002 Server Extensions enables NTLM when a new virtual server is created.


 * Consider the following scenario. You run FrontPage 2002 Server Extensions on a Microsoft Windows Server 2003-based computer. Then, you try to open a virtual directory in Microsoft Visual InterDev 6.0. In this scenario, the virtual directory opens. However, the virtual directory disappears from Microsoft Internet Information Services 6.0 (IIS).

Known issues during installation

 * To reduce the chance that you must restart the computer, stop the IIS services before you install this update.
 * After you install this security update for FrontPage 2002 Server Extensions (KB911831), you will be restricted to using Indexing Services as the default search method.

Additional query words: update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS

