Guest

Cisco Unified MeetingPlace

FA00250 - Microsoft IE6 Cumulative Patch SP1 Q813489 Breaks MPWeb


May 26, 2004


Products Affected

Product

Comments

MeetingPlace Web

4.3.0.63, 4.2.7.x, and possibly most or all other earlier versions

Problem Description

Note: This Field Notice is a legacy Latitude Field Notice that has been converted to the Cisco format so the information would remain available to their customers.

Microsoft released Security Bulletin MS03-015 dated April 23, 2003, which provides security fix Q813489. Impact of vulnerability: Four new vulnerabilities, the most serious of which could enable an attacker to execute arbitrary code on a user's system if the user either browsed to a hostile web site or opened a specially crafted HTML email message.

Affected Software:

  • Microsoft Internet Explorer 5.01

  • Microsoft Internet Explorer 5.5

  • Microsoft Internet Explorer 6.0

Before Q813489 was applied, it did not matter what your browser's "Initialize and script ActiveX controls not marked as safe" was set to; it could be any setting such as Enable, Disable, Prompt or our Browser Test and it would still work. After applying Q813489, the default setting of that parameter, Disable, will cause the Browser Test to return the following message in the test result page:

Your browser has the "Script ActiveX Controls safe for scripting" and/or "Run ActiveX Control" setting(s) disabled

Problem Symptoms

Cannot get into Meeting Console. User gets stuck at "Checking your browser settings �c." Depending on user's browser internal configurations, user may also get a pop-up message box saying "Your browser has the "Script Active X Controls safe for scripting" disabled. You will not be able to participate in MeetingPlace Application Sharing sessions." When user clicks OK, the Meeting Console load window disappears and user cannot get into Meeting Console.

Workaround/Solution

Note:?If you have a MeetingPlace Web DMZ implementation or your MeetingPlace Web has been customized, please contact your Latitude Technical Consultant before applying this hot fix.

  1. If you are on MeetingPlace Web 4.3.0.63 apply MeetingPlace Web 4.3.0.63.3 hot fix.

  2. If you are on MeetingPlace Web 4.2.7.106 apply MeetingPlace Web 4.2.7.106.16 hot fix.

These fixes will also be incorporated into future releases.

Installation Instructions for 4.2.7.106.16

  1. This hotfix distribution package is only compatible with MeetingPlace Web 4.2.7.106. If you have a different version of MeetingPlace Web such as 4.2.7.101, 4.3.0.63 or later , do not use this package.

  2. Make sure that this hotfix distribution package does not install files that have already been customized on your MeetingPlace Web server. If your MeetingPlace Web server has some customizations, please confirm with Latitude Communications whether this hotfix distribution package can be applied 'as is' on your server or needs to have some of your customizations re-applied.

  3. Stop all MeetingPlace Web services

  4. Stop World Wide Web Publishing service and IIS Admin service

  5. If you are using the ZIP version of this package, mpweb427_106_x.zip, double-click on it to launch the Winzip interface. Choose the 'Extract' option. Select the root folder of your MeetingPlace Web installation. Typically: C:\Latitude\MPWEB. Make sure options 'All files' and 'Use folder names' are selected. Click on 'Extract'. Confirm the file or files replacement if necessary.

    If you are using the EXE version of this package, mpweb427_106_x.exe, execute the distribution package to launch the Winzip Self-Extrator program. Set the field 'unzip to folder' to the root folder of your MeetingPlace Web installation. Typically: C:\Latitude\MPWEB. Choose 'Unzip' to extract the whole content of the hotfix distribution package. All updated files will be extracted to their corresponding subfolders. If necessary, confirm the file or files replacement.

  6. Start World Wide Web Publishing service and IIS Admin service

  7. Start all MeetingPlace Web services

Installation Instructions for 4.3.0.63.3

If you are planning to apply this hot fix for a new installation of 4.3.0.63 or an upgrade to 4.3.0.63 read these instructions carefully.

At the end of a 4.3.0.63 installation or upgrade, the installer will prompt you to "restart now", "restart later", or "Finish". Before answering this question and proceeding, apply this hot fix by following the below instructions.

If you are applying this hot fix to an existing 4.3.0.63 system then ignore the previous two sentences and just follow the instructions below.

  1. Make sure that this hotfix distribution package does not install files that have already been customized on your MeetingPlace Web server. If your MeetingPlace Web server has some customizations, please confirm with Latitude Communications whether this hotfix distribution package can be applied 'as is' on your server or needs to have some of your customizations re-applied.

  2. Stop the MeetingPlace Web Conferencing service. This will stop all other MeetingPlace Web services and the World Wide Web Publishing service.

  3. If you are using the ZIP version of this package, mpweb430_63_x.zip, double-click on it to launch the Winzip interface. Choose the 'Extract' option. Select the root folder of your MeetingPlace Web installation. Typically: C:\Latitude\MPWEB. Make sure options 'All files' and 'Use folder names' are selected. Click on 'Extract'. Confirm the file or files replacement if necessary.

    If you are using the EXE version of this package, mpweb430_63_x.exe, execute the distribution package to launch the Winzip Self-Extrator program. Set the field 'unzip to folder' to the root folder of your MeetingPlace Web installation. Typically: C:\Latitude\MPWEB. Choose 'Unzip' to extract the whole content of the hotfix distribution package. All updated files will be extracted to their corresponding subfolders. If necessary, confirm the file or files replacement.

  4. Start the MeetingPlace Web Conferencing service. This will start all other MeetingPlace Web services and the World Wide Web Publishing service.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.