Last post Dec 08, 2009 05:51 PM by kaspencer
Dec 07, 2009 10:40 AM|kaspencer|LINK
I have Windows Server 2003 R2 on which I have a number of database driven web-based business applications using ASP.NET2 and VB.NET and C#, connecting to both SQLServer and MS Access.
When I install Security Update KB974417 on my 2003 Server, it prevents my ASP.NET2 web applications from running. What seems to happen is that the VB.NET code in the .ASPX.VB application files is prevented from running.
No error is reported from the server, nor from the client, the page simply remains impervious to the usual user actions, such as clicking on a control button.
If I uninstall the update, the applications run normally.
How thoroughly did Microsoft test this update? (I ask that because a few months ago I installed the Office 2k7 SP2 only to find that Publisher was b***ered, until an update-to-the-update was released. Even more recently, when I installed KB973687 it caused
my Samsung Network Scanner software to lose all contact wioth the scanner- that is until I removed the update in frustration!)
Do I really need KB974417 anyway? The documentation is a bit vague about the risk, and mentions nothing at all about any modifications to code or security that might be necessary to enable applications to run.
I am asking whether others have noted that their ASP.NET2 applications fail after the installation of .Net framework 2.0 SP2 and then patch KB974417. The .NET Framwework SP2 is not the problem: in my case, patch KB974417 most definitely causes my ASP.NET2
applications to fail, possibly owing to a failure to execute the code in the aspx.vb files.
I haven't tried to establish exactly why, because uninstalling the patch KB974417 resolves the issue. Nor have I tried running any of my C# ASP.NET2 applications with KB974417 installed, so I don't know whether they are also affected.
I am suggesting that Microsoft should look again at that patch, and issue advice on what needs to be done to make existing ASP.NET2 web applications work with it, or the patch should be amended accordingly.
As a somewhat long-in-the-tooth IT Consultant and software developer who was born years before Billy Gates, and as one who has made income out of failures of the update and patching processes, I have a rather jaundiced view of pre-release software testing!
ASP .net 2.0 C#
ASP .net 2.0
.Net 2.0 Web Hosting
ASP.NET2 kb974417 .Net Framework 2 SP2
Dec 07, 2009 03:02 PMfirstname.lastname@example.org|LINK
I have Windows Server 2003 R2
Are you browsing from the server? If not, you're not affected. FWIW, we have no issues with this patch.
Dec 07, 2009 06:35 PM|kaspencer|LINK
Thanks Jeff ...
Whether I browsed to the web application from a separate client, or simply called up the application directly from a browser on the server (including using a "hairpin" trip out and back), made no difference. The application just stuck on the entry page,
not responding to any mouse-clicks.
I didn't have time to investigate whilst users (who pay for the services) were waiting, so I removed the patch and all was fine. I tested that three times, all with the same result.
I guessed that it was due to the patch preventing the code from being executed but who knows, it could have been preventing database access, but there were none of the usual screens full of error traces that you normally get when a data driven ASP.NET2 application
Dec 08, 2009 09:03 AMemail@example.com|LINK
What I meant was that if you're not browsing the internet from the server the patch won't affect you. That patch stops execution of rogue site code on the client, it's not a server-side patch. What I would be concerned with is whether a client that has
the patch can browse your site properly if the server doesn't have the patch.
Dec 08, 2009 05:51 PM|kaspencer|LINK
Thanks Jeff ...
I understand what you were getting at now.
I think that in the next week or so (if I can get an hour to spare!) I will re-install the patch, and try the applications again and see exactly what behaviour is exhibited and then make another post on it.