• State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 1 reply
  • Subscribers 61 subscribers
  • Views 4083 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ARS issues encountered after installing KB3163291

dyannic
over 7 years ago

We installed MS update Friday of last week for KB3163291 on DC's servicing ActiveRoles for dirsync.

By Monday, we began to get tickets related to operations timing out.  ActiveRoles web interfaces remain accessible, and  our users were able to query for objects, however attempting to obtain additional details about the user (memberOf) or to change or reset an AD attribute for an object - resulted in extremely slow response.  Results were occasionally returned, but for the most part - the web interface timed out and the user was left to retry.   and retry they did....

If one click to initiate an action doesn't work - (some) users think clicking 10 more times will somehow  push it through.  So, we died of a thousand paper cuts.

We discovered the coincidence  of cause and effect with this .Net patch ..and wonder if others encountered this issue with ARS 6.9 and their patched dirsync partner DC(s).  We removed the patch from the DC's and ARS returned to normal after a system restart.   Today begins our diagnosis of what might be in this patch that could so negatively impact ARS.  Is it the patch, is it the order of install, or that ARS has to be at the same patch level ... etc

If you've already encountered this issue  - and found a working solution ( other than removing the patch ) please share.

 

 

Executive Summary

This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker uploads a specially crafted XML file to a web-based application.

This security update is rated Important for Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, and Microsoft .NET Framework 4.6.1 on affected releases of Microsoft Windows. For more information, see the Affected Software and Vulnerability Severity Ratings section.

The update addresses the vulnerability by modifying the way that the XML External Entity (XXE) parser parses XML input. For more information about the vulnerability, see the Vulnerability Information section.

For more information about this update, see Microsoft Knowledge Base Article 3170048.

 

Vulnerability title

CVE number

Publicly disclosed

Exploited

.NET Information Disclosure Vulnerability

CVE-2016-3255

No

No