# Tuesday, 28 August 2007
« First OpenJDK Snapshot | Main | New Snapshot »
MS07-045 bug

We interrupt our regularly scheduled programming for some Microsoft idiocy. If you have a classic ASP website that instantiates .NET classes via COM interop that suddenly stopped working after installing MS07-045 and you're now getting the dreaded 0x8000FFFF Catastrophic failure aka E_UNEXPECTED, you can fix that by allowing Everyone Read access to HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones or by running MS07-045-patch (.NET 2.0 required) to make the registry permission changes for you (you need admin rights to make the changes or run the executable).

Tuesday, 28 August 2007 11:38:35 (W. Europe Daylight Time, UTC+02:00)  #    Comments [2]
Tuesday, 28 August 2007 20:32:14 (W. Europe Daylight Time, UTC+02:00)
Do you call your own bugs "idiocy" too?

Dmitri
Dmitri Trembovetski
Friday, 07 September 2007 16:40:56 (W. Europe Daylight Time, UTC+02:00)
Thanks massively guys. This seems to fix the problem for me too. Some clarification for others:

1) I think the SId specified is for the Network Service. If, like me, you are using different identity for your application pool, you will use the SID for that account. One sneky way to work out the correct SID is to look at the permissions on the root registry keys for one that has your user name specified explicitly.

2) I found I have to set the everyone:R permission on Zones, ZoneMap and Lockdown_Zones keys to make this work. Clearly as case of breaking out RegMon.exe and lookng for the "Access Denied"s. I think you need to recycle the pool immediately before running the test though.


Dmitri, I suspect they would call their own clangers like that "lunacy". Maybe this is a rubbish old legacy configuration, but if you run like this, and there are lots of reasons you can end up doing this, it is frustrating when a patch blows all your server out. I have about 100 server on client site running this configuration, so it isn't very funny. Add to that, MS has been very tardy in coming up with any constructive comments. Well, I haven't seen it yet....
Mark Treveil
Name
E-mail
Home page

I apologize for the lameness of this, but the comment spam was driving me nuts. In order to be able to post a comment, you need to answer a simple question. Hopefully this question is easy enough not to annoy serious commenters, but hard enough to keep the spammers away.

Anti-Spam Question: What method on java.lang.System returns an object's original hashcode (i.e. the one that would be returned by java.lang.Object.hashCode() if it wasn't overridden)? (case is significant)

Answer:  
Comment (HTML not allowed)  

Live Comment Preview