Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.
To install this security update, you must have one of the following installed:
Windows SharePoint Services 3.0 Service Pack 2 (SP2)
Windows SharePoint Services 3.0 Service Pack 1 (SP1)
For more information about how to obtain the latest service pack, click the following article number to view the article in the Microsoft Knowledge Base:
How to obtain the latest service pack for Windows SharePoint Services 3.0
Known issues with this security update
Known issue 1
Symptom
If the SharePoint Products and Technologies Configuration Wizard does not complete successfully, this may leave SharePoint in an inconsistent state. You may be unable to browse the Central Administration or SharePoint site, and you see one of the following error messages:
Error message 1
Server Error: http://go.microsoft.com/fwlink?LinkID=96177
Error message 2
HTTP 404 Not Found
Error message 3
Cannot connect to the configuration database
Resolution
For more information about how to resolve this issue, click the following article number to view the article in the Microsoft Knowledge Base:
How to troubleshoot common errors that occur when you run the SharePoint Products and Technologies Configuration Wizard on a computer that is running Windows SharePoint Services 3.0 or SharePoint Server 2007
Known issue 2
Symptom
Users are prompted for authentication when they try to browse a SharePoint site. Windows Server 2003 SP1 and Windows Server 2008 include a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.
Workaround
There are two methods to work around this issue. Use one of the following methods, as appropriate for your situation.
Important
This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
How to back up and restore the registry in Windows
Method 1: Specify host names (the preferred method for NTLM authentication)
To specify the host names that are mapped to the loopback address and can connect to websites on your computer, follow these steps:
Set the DisableStrictNameChecking registry entry to 1.
For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
Right-click MSV1_0, point to New, and then click Multi-String Value.
Type BackConnectionHostNames, and then press ENTER.
Right-click BackConnectionHostNames, and then click Modify.
In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
Exit Registry Editor, and then restart the IISAdmin service.
Method 2: Disable the loopback check (the less-recommended method)
Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.
The second method is to disable the loopback check by setting the DisableLoopbackCheck registry entry.
To set the DisableLoopbackCheck registry key, follow these steps:
Set the DisableStrictNameChecking registry entry to 1.
For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
Right-click Lsa, point to New, and then click DWORD Value.
Type DisableLoopbackCheck, and then press ENTER.
Right-click DisableLoopbackCheck, and then click Modify.
In the Value data box, type 1, and then click OK.
Exit Registry Editor, and then restart your computer.
Known issue 3
After you install this security update on a Windows Small Business Server that is running Windows SharePoint Services 3.0, in some scenarios, the SharePoint Companyweb and Central Administration pages may not be available. For more information about this issue, and for information about how to resolve the issue, visit the following Microsoft TechNet webpage:
This security update may appear multiple times in the Installed Updates list after you install it. This is because this update is applied to multiple Office applications. Therefore, it can appear multiple times in the Installed Updates list.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
How to troubleshoot common errors that occur when you run the SharePoint Products and Technologies Configuration Wizard on a computer that is running Windows SharePoint Services 3.0 or SharePoint Server 2007
The English (United States) version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Back to the top
