cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Microsoft security patch KB834707 side effects in NW. SAP Note 785308

Former Member

on ‎11-03-2004 7:36 AM

0 Kudos

I figured we should make a thread with information known about this problem.

Since the problem comes in the javascripts, I would belive the problem is on the client-side, not server side.

Does anyone know exactly what the problem is (what has Microsoft changed) ?

Please contribute with information you get from OSS's.

I'll update this first post with all available information

Information:

15.11: Microsoft

have to provide a solution to this problem and that it could take

some time. The problem lies on the

Microsoft side so we must wait for them before a solution can be

provided.

- Development has found that by adding the site to the intranet zones of

the client browser, the problem is solved, some experience of late has

shown that in some cases you have to add the full machine name to the

intranet sites and not just in the form of *.somedomain.com.

Microsoft and SAP are currently working on the problem and a proper and

long term solution is expected shortly. However no exact date has been

specified.

- It is possible that the problems are caused by event handlers pointing directly to a DOM function:

http://support.microsoft.com/kb/887741

- I've noticed that we don't have a problem on a portal running EP 6 SP2 P3 Hf4 , after installing the hotfix on the client side. Maybe the problem is on the server side or maybe because it is an intranet portal only(however, I had no problems when setting it to be in the internet security zone). Awaiting confirmation from SAP

SAP Note 785308

http://service.sap.com/~form/sapnet?_FRAME=CONTAINER&_OBJECT=012006153200001521102004

(direct link I think, albeit very slow)

Microsoft KB834707

http://support.microsoft.com/?id=834707

Microsoft Security Bulletin 04-038

http://www.microsoft.com/technet/security/bulletin/ms04-038.mspx

Last edited 2004-11-15 13:27

Message was edited by: Dagfinn Parnas

More information

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎11-16-2004 6:42 PM
0 Kudos

> Does anyone know exactly what the problem is (what has Microsoft changed) ?

a) Go to <http://www.ciac.org/ciac/bulletins/p-006.shtml> and search for the "CAN-" links. Each component has a one paragraph description.

b) According to <http://patch-info.de/IE/2004/10/12/20-35-16.html> it contains:

mshtml.dll (6,0,2800,1476 - 29,09,2004)

urlmon.dll (6,0,2800,1474 - 23,09,2004)

shdocvw.dll (6,0,2800,1584 - 27,08,2004)

wininet.dll (6,0,2800,1468 - 23,08,2004)

browseui.dll (6,0,2800,1584 - 22,08,2004)

shlwapi.dll (6,0,2800,1584 - 20,08,2004)

c) Some of the things that could be breaking are DOM references and DHTML, which are advanced features that not every application uses.

From <http://www.microsoft.com/technet/security/bulletin/MS04-038.mspx>:

"Caveats: Microsoft Knowledge Base Article 834707 <http://support.microsoft.com/?id=834707> documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues."

Among other issues, that page says [<b>emphasis</b> added]:

- After you install the MS04-038 security updates for Internet Explorer, some dynamic HTML (DHTML) <b>drag-and-drop operations are blocked</b> by Internet Explorer.

- Security update 834707 includes a change to the way that Internet Explorer handles function pointers. This change in functionality occurs when an event handler points directly to a Document Object Model (DOM) function [...] Change in Internet Explorer function pointer behavior <b>causes code to not be executed</b> when an event handler is set to directly reference a DOM function after installing MS04-038 security updates.

BTW, Note 785308 has been updated with a workaround.

Regards,

Sean

Show replies
Show replies
Former Member
‎11-17-2004 11:53 AM
0 Kudos

Thanks for the extra links.

The workaround is not very impressive, basically it tells you how you can get your portal to use the intranet zone security setting (and this must be done for all client computers)

Former Member
‎12-02-2004 5:13 PM
0 Kudos

Great to see this topic. I am curious about one suggested fix for this MS security patch. We are having a problem with BW Web reporting through the portal. The problem that note 785308 mentions is exactly the problem that we are having. It references a note, 789253, that talks about a workaround for this. The cumulative patch does not fix the problem. Also is there any specific information related to the setting mentioned, ENABLE_OPEN_WINDOW, like which templates have to be modified that contain thes parameter.

Thanks in Advance.

Looking further..

Our PC group is trying to apply MS security patch 889293 that comes after MS security patch 834707 and the "fix" MS security patch 873377. This patch 889293 is the one I am testing and having the problems with. Hope this helps.

Message was edited by: Bob Gillham

Ask a Question