Security fix for MCMS 2001 and 2002 has been released

security fix for MCMS 2001 and 2002 has been released this week.

It is mandatory to install this fix on all production machines to fix a known security hole which exists in all edition of MCMS.

Be aware that the MCMS 2002 version of this fix can only be installed on SP2. As older service pack levels are no longer supported the fix has only been released for the supported service pack levels.

In order to ensure that your MCMS 2002 machine is no longer vulnerable you have to ensure that MCMS 2002 SP2 is installed and after this the security fix MS07-018.

11 Comments


  1. Since applying the patch, we are getting loads of the following error:

    80020009: Exception occurred.

    The site is still running, so not sure what the problem might be.

    Reply

  2. I installed this update on a Win2K3R2 server with MCMS 2002 SP2 (and SPS2003/WSS2) and all resources in the MCMS resource gallery are no longer being served-up! I thought I would delete the MCMS cache, but now the SCA is also not working (I get a "Directory Listing Denied" error). MCMS will render postings, but will not render any of the resources.

    The event app. log is full of the following errors:

    Event Type: Warning

    Event Source: MCMS

    Event Category: None

    Event ID: 2602

    Date: 4/13/2007

    Time: 1:19:04 PM

    User: N/A

    Computer: XXXXX

    Description:

    The description for Event ID ( 2602 ) in Source ( MCMS ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: The requested lookup key was not found in any active activation context. (14007).

    Still looking into this, but if you have any ideas it would be very helpful.

    /MH

    Reply

  3. Hi all,

    a few number of customers have reported problems after installing the security fix.

    In case you experience problem please open a support case with Microsoft support to get your specific issue analyzed.

    Thanks,

    Stefan

    Reply

  4. So much for "Regression testing"!

    Now I have to spend hours/days on the phone with MS PPS in hope of possibly resolving this.

    /MH

    Reply

  5. Hi,

    I hope you followed our general guidelines: install fixes first in your test environment and evaluate them there before rolling out in production.

    Cheers,

    Stefan

    Reply

  6. But of course 😛

    I have noticed that the posts are building (blogs/newsgroups) that note problems with this fix. Are you still advising that we install it, or should we wait until there is a resolution to some of these issues?

    /MH

    Reply

  7. Hi,

    I advice to test it.

    Only a small percentage of customers had problems with the fix.

    As with all service packs and security fixes which are installed by a huge number of customers there will be more feedback about problems that with other hotfixes which are installed only by a small number of customers.

    I only have to say one thing: if your MCMS installation is on a different drive than Drive C you have to adjust the registry after installing the hotfix.

    One issues that I have been able to confirm on my own machine is that this security fix changes the directory settings in the registry underneath the HKLM/NCompass tree to C:..

    This will cause problems (e.g.) with Site Manager but also with other fixs which are installed later.

    Cheers,

    Stefan

    Reply

  8. Okay, that hit the head on the nail!

    My MCMS install was on an "E:" and indeed that registry paths where changes to "C:". After correcting those keys the MCMS started serving up resources again.

    Thanks for the tip. Stefan saves that day again! If I am every in Germany again I owe you a beer or two or three…

    /MH

    Reply

  9. What if you are still running mcms2002 sp1 ?

    Reply

  10. Hi,

    support for SP1 has ended July 11th, 2006.

    So you are running an unsupported environment.

    Microsoft does not release fixes for unsupported service pack levels.

    Since January this year support for SP1a also ended.

    So the only supported service pack level is SP2.

    With other words: you have to upgrade to SP2.

    Cheers,

    Stefan

    Reply

Leave a Reply to Stefan Goßner Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.