> Maybe we are just paranoid, but since Allaire/Macromedia just released > vesion 5 which is not vulnerable, is this just a ploy to get people to > upgrade? This and the fact that there is a 3-8% performance degredation > when you install the patch makes me want to know more about this. Also, > if you are using NT4 and IIS, the patch breaks your server if you don't > install MSVCRT 6.0 runtime files beforehand, so be careful. > > Anyone have any further info? > > JF Prieur I'd just like to mention that if you have your IIS server locked down such that the IUSR_machine account has no access (explicit deny) to %systemroot%\system32\ you'll run into an authentication problem. You'll have to grant read access to the file MSVCP60.dll for the IUSR_machine account and may have to grant a similar permission to ISCF.dll in your cfusion\bin directory. For those of you who still allow the use of the Everyone group on your machines or do not use explicit deny ACLs for the IUSR_machine account, this will not be an issue. I'd also like to state that I wasn't impressed with the often urged "upgrade to v5.0" to fix the problem and how "nice" it was of them to supply fixes for three previous releases. Like they're doing us a huge favour. I would certainly like to know more details. Mark Giovannetti
This archive was generated by hypermail 2b30 : Sun Jul 15 2001 - 20:38:10 PDT