SR1.2 includes feature fixes for the following:- Functional links that are created by using categories
appear broken in the Broken Links and Hyperlinks view.
- Users who have Administer permission on the root web cannot
set permissions on the root web if they do not have explicit permissions to all
other subwebs.
SR 1.2 includes security fixes for the following:- ASP source code, including the Global.asa file, could be
viewed under certain circumstances. Exposing the ASP source code, including the
Global.asa, could compromise database security.
- An external attack could cause Server Extensions to leak
memory. Certain invalid requests to Server Extensions could cause the Server
Extensions to leak memory during error handling.
- An external attack could cause the server's CPU to spike.
Posting large amounts of data to the FrontPage Save Results bot could cause the
CPU to spike while Server Extensions processed the data.
- Server Extensions error messages show the full operating
system path to the Web site.
- Sending DOS devices as a parameter to the Shtml.dll file
causes the FrontPage Server Extensions to stop responding. The Web site remains
accessible; however, FrontPage authoring and Browse-Time Components
fail.
NOTE: Special thanks to customers who reported security issues and
assisted us with fixing them.
For additional information about the latest
service pack for Windows 2000, click the article number below to view the
article in the Microsoft Knowledge Base:
260910�
How to Obtain the Latest Windows 2000 Service Pack
NOTE: All of the Windows-based fixes for FrontPage Server Extensions
that are included in SR1.1 have been included in the FrontPage SR1.2.
For additional information about the SR1.1 fixes that are
included in SR1.2, click the article numbers below to view the articles in the
Microsoft Knowledge Base:
265134�
FP2000: FrontPage 2000 Server Extensions Service Release 1.1
261980�
FP2000: FrontPage Can No Longer Open Webs from UNC After SR-1 Is Applied