on 11-03-2004 7:36 AM
I figured we should make a thread with information known about this problem.
Since the problem comes in the javascripts, I would belive the problem is on the client-side, not server side.
Does anyone know exactly what the problem is (what has Microsoft changed) ?
Please contribute with information you get from OSS's.
I'll update this first post with all available information
Information:
15.11: Microsoft
have to provide a solution to this problem and that it could take
some time. The problem lies on the
Microsoft side so we must wait for them before a solution can be
provided.
- Development has found that by adding the site to the intranet zones of
the client browser, the problem is solved, some experience of late has
shown that in some cases you have to add the full machine name to the
intranet sites and not just in the form of *.somedomain.com.
Microsoft and SAP are currently working on the problem and a proper and
long term solution is expected shortly. However no exact date has been
specified.
- It is possible that the problems are caused by event handlers pointing directly to a DOM function:
http://support.microsoft.com/kb/887741
- I've noticed that we don't have a problem on a portal running EP 6 SP2 P3 Hf4 , after installing the hotfix on the client side. Maybe the problem is on the server side or maybe because it is an intranet portal only(however, I had no problems when setting it to be in the internet security zone). Awaiting confirmation from SAP
SAP Note 785308
http://service.sap.com/~form/sapnet?_FRAME=CONTAINER&_OBJECT=012006153200001521102004
(direct link I think, albeit very slow)
Microsoft KB834707
http://support.microsoft.com/?id=834707
Microsoft Security Bulletin 04-038
http://www.microsoft.com/technet/security/bulletin/ms04-038.mspx
Last edited 2004-11-15 13:27
Message was edited by: Dagfinn Parnas
More information
> Does anyone know exactly what the problem is (what has Microsoft changed) ?
a) Go to <http://www.ciac.org/ciac/bulletins/p-006.shtml> and search for the "CAN-" links. Each component has a one paragraph description.
b) According to <http://patch-info.de/IE/2004/10/12/20-35-16.html> it contains:
mshtml.dll (6,0,2800,1476 - 29,09,2004)
urlmon.dll (6,0,2800,1474 - 23,09,2004)
shdocvw.dll (6,0,2800,1584 - 27,08,2004)
wininet.dll (6,0,2800,1468 - 23,08,2004)
browseui.dll (6,0,2800,1584 - 22,08,2004)
shlwapi.dll (6,0,2800,1584 - 20,08,2004)
c) Some of the things that could be breaking are DOM references and DHTML, which are advanced features that not every application uses.
From <http://www.microsoft.com/technet/security/bulletin/MS04-038.mspx>:
"Caveats: Microsoft Knowledge Base Article 834707 <http://support.microsoft.com/?id=834707> documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues."
Among other issues, that page says [<b>emphasis</b> added]:
- After you install the MS04-038 security updates for Internet Explorer, some dynamic HTML (DHTML) <b>drag-and-drop operations are blocked</b> by Internet Explorer.
- Security update 834707 includes a change to the way that Internet Explorer handles function pointers. This change in functionality occurs when an event handler points directly to a Document Object Model (DOM) function [...] Change in Internet Explorer function pointer behavior <b>causes code to not be executed</b> when an event handler is set to directly reference a DOM function after installing MS04-038 security updates.
BTW, Note 785308 has been updated with a workaround.
Regards,
Sean
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Great to see this topic. I am curious about one suggested fix for this MS security patch. We are having a problem with BW Web reporting through the portal. The problem that note 785308 mentions is exactly the problem that we are having. It references a note, 789253, that talks about a workaround for this. The cumulative patch does not fix the problem. Also is there any specific information related to the setting mentioned, ENABLE_OPEN_WINDOW, like which templates have to be modified that contain thes parameter.
Thanks in Advance.
Looking further..
Our PC group is trying to apply MS security patch 889293 that comes after MS security patch 834707 and the "fix" MS security patch 873377. This patch 889293 is the one I am testing and having the problems with. Hope this helps.
Message was edited by: Bob Gillham
User | Count |
---|---|
84 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.