[漏洞公布]微软安全补丁MS05-051的问题及修复方法 微软安全补丁MS05-051的问题及修复方法 完整的微软英文地址: _http://support.microsoft.com/kb/909444 由于上述地址中,目前还没有中文版本,所以特翻译如下:(因本人也受到影响,故不希望大家也被累及) 如果你调整了%windir%目录的ACL权限,那么就会出问题。 问题症状 ?Windows Installer服务无法启动 ?Windows Firewall服务无法启动 ?Network Connections目录被清空 ?Windows Update站点可能错误建议你改变IE的“Userdata persistence ” ?IIS中ASP页面返回“HTTP 500 – Internal Server Error”错误信息 ?Microsoft COM EventSystem服务无法启动 ?COM 应用无法启动 ?MMC中Microsoft Compinent Services的computer节点无法展开 ?用户无法正常登陆 问题复制 删除clb文件中system账号及Everyone账号 1.在Explorer中,进入windows目录下的Registration子目录 2.选择其中的一个clb文件,右键,properites,选择Security页面 3.选择System账号,再点击下面的Advanced按钮 4.从中删除Everyone和SYSTEM账号 5.对目录下的所有clb文件,重复3~4. 受影响的操作系统 ? Microsoft Windows Server 2003, Datacenter Edition (32-bit x86) ? Microsoft Windows Server 2003, Enterprise Edition (32-bit x86) ? Microsoft Windows Server 2003, Standard Edition (32-bit x86) ? Microsoft Windows Server 2003 Service Pack 1 ? Microsoft Windows XP Professional SP1 ? Microsoft Windows XP Professional SP2 ? Microsoft Windows 2000 Advanced Server ? Microsoft Windows 2000 Advanced Server SP4 ? Microsoft Windows 2000 Datacenter Server SP4 ? Microsoft Windows 2000 Professional SP4 ? Microsoft Windows 2000 Service Pack 4 修复 恢复COM catalog的默认设置。 步骤如下 1.%windir%/registration 目录下,Everyone有READ的权限 2.%windir%/registration 目录下,SYSTEM有FULL CONTROL的权限 3.%windir%/registration 目录下,ADMINISTRATORS有FULL CONTROL的权限 4.%windir%/registration 目录下,所有的clb文件的安全特性中(右键,properties,security,advanced),确保“Inherit from parent the permission entries that apply to child objects. Include these with entries explicitly defined here ”前面打上了钩。 5.确保Everyone账号有下面的权限: 5a)Traverse permissions (“List Folder Contents”) (所有上一级目录包括 %systemdrive%, %windir%, and %windir%\registration 5b)The Bypass Traverse Checking 权限 [ Copy ] [ Run ] [ Save As ] echo y| cacls %windir%\registration /G everyone:R system:F administrators:F echo y| cacls %windir%\registration\*.clb /G everyone:R system:F administrators:F (y和|之间没有空格) 其它 出现问题时,Event Viewer里面可能有下面的事件: ? Network Service权限不够,出现EventSystem事件: Event Type: Error Event Source: EventSystem Event Category: (50) Event ID: 4609 Date: Time: User: N/A Computer: Server Description: The COM Event System detected a bad return code during its internal processing. HRESULT was 80070005 from line xx of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error. ? Network Service权限不够,出现COM 事件: Event Type: Information Event Source: COM Event Category: (117) Event ID: 778 Date: Time: User: N/A Computer: Server Description: Application image dump failed. Server Application ID: Server Application Instance ID: Server Application Name: COM Explorer Error Code = 0x80004005 : Unspecified error COM Services Internals Information: File: d:\qxp_slp\com\com1x\src\shared\util\svcerr.cpp, Line: 1259 Comsvcs.dll file version: ENU 2001.12.4414.308 shp For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ?Network Service权限不够,出现COM 事件: Event Type: Error Event Source: COM Event Category: Unknown Event ID: 4689 Date: Time: User: N/A Computer: Server Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM application, the components they make use of, or other factors. Error in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80070005: InitEventCollector failed For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ? IIS中运行ASP网页,出现下面错误: Server Application Error. The server has encountered an error while loading an application during the processing of your request. Please refer to the event log for more detail information. Please contact the server administrator for assistance. HTTP 500 - Internal server error Internet Explorer 类似的事件也会出现在Event Viewer中: Event Type: Error Event Source: DCOM Event Category: None Event ID: 10010 Date: Time: User: NT AUTHORITY\SYSTEM Computer: Server Description: The server did not register with DCOM within the required timeout. ? 如果在Component Services中,手动安装COM 应用程序,出现事件: Event Type: Error Event Source: DCOM Event Category: None Event ID: 10010 Date: Time: User: NT AUTHORITY\SYSTEM Computer: Server Description: The server did not register with DCOM within the required timeout. Event Type: Warning Event Source: W3SVC Event Category: None Event ID: 36 Date: Time: User: N/A Computer: Server Description: The server failed to load application '/LM/W3SVC/1/ROOT'. The error was 'Server execution failed '. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ? 手动安装Windows Installer Service,出现下面的错误 |
|小黑屋|最新主题|手机版|微赢网络技术论坛 ( 苏ICP备08020429号 )
GMT+8, 2024-10-1 01:20 , Processed in 0.223651 second(s), 12 queries , Gzip On, MemCache On.
Powered by Discuz! X3.5
© 2001-2023 Discuz! Team.