locked
Windows Update breaks multipart/form-data RRS feed

  • Question

  • User-1477460723 posted

    Running Windows Server 2012 here, Classic ASP application.

    We have an image upload page which has been working for the last... ten years.

    <form method="post" enctype="multipart/form-data" action="...">

    Anyway, Windows Update ran today at about 10:30am NZ time. Afterwards users complained they couldn't upload images anymore. No error generated in logs. 

    Restarted pool, IIS, server - in that order. Nothing fixed it. Uninstalled today's Windows Update, restarted server, everything working again. 

    The updates offered are:

    • KB3104002
    • KB3119147
    • KB3099863
    • KB3108347
    • KB3108381
    • KB3109094
    • KB3109103
    • KB3102429
    • KB3112148

    Is there any way to find out which update broke this application?

    Cheers

    Wednesday, December 9, 2015 1:22 AM

Answers

  • User-463189925 posted

    We have official fixes available now!! https://support.microsoft.com/en-us/kb/3125446

    You will need to click on the 'Hotfix Download Available link', select the appropriate OS then enter email address. You will then get an email with a direct link to the hotfix installer.

    Hotfixes available:

    - Win8.1/Win2012 R2 (IE11)
    - Win8/Win2012 (IE10)
    - Win7/Win2008 R2 (IE11, IE8)
    - Vista/Win2008 with IE8
    - Vista/Win2008 SP2

    Mini FAQ:

    "When will fixes be on Windows Update?" - The hotfixes in the link above need to be manually installed. Automatic patching via Windows Update will be available approx. mid Jan 2016.

    "What if my configuration is different from what's available via Hotfixes?" - The hotfixes are meant to unblock customers running on the most common server platforms. There is a large matrix of potential configurations depending on OS and IE versions. The Jan updates from Windows Update will cover a much wider range of configurations than what the hotfixes target. If you're still blocked, cannot wait until the January updates and the hotfixes doesn't address your configuration then please contact Microsoft support for assistance (see my post above for more details).

    David So [MSFT]

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Wednesday, December 16, 2015 11:27 PM

All replies

  • User-1938296911 posted

    Yes, here too :-(

    The conflicting update is: 

    • KB3104002

    It updates the VBScript.dll and JSCript.dll that are part of Classic ASP.

    I'll try to report this to Microsoft and please do the same if you can.

    Wednesday, December 9, 2015 6:25 AM
  • User-64622029 posted

    Same Here,

    After the updates our application is broken. Also, we cannot remove the update KB3104002. (Other updates of today are successfully removed) So the application is still broken. Will there be a patch soon?

    Any suggestions?

    Wednesday, December 9, 2015 8:01 AM
  • User-2064283741 posted

    You could try copying over the updated files by hand from a machine where they have not changed.

    Wednesday, December 9, 2015 8:41 AM
  • User-1624075668 posted

    Same thing happened to me, all sites on an updated server stopped allowing files to be uploaded.

    Managed to uninstall KB3104002, restarted and they are all working again.

    Hope Microsoft release a fix for this asap.

    Wednesday, December 9, 2015 9:55 AM
  • User-1477460723 posted

    Thank you for confirming this folks. 

    Will reapply the other updates after a backup and hide the faulty one for now.

    Where can I report the fault?

    Wednesday, December 9, 2015 3:15 PM
  • User-463189925 posted

    Hi,

    we are actively investigating and following up with the relevant folks on this. Sorry for the problems folks are having with this KB and classic Asp.

    David So [MSFT]

    Wednesday, December 9, 2015 3:20 PM
  • User-1477460723 posted

    Thanks for looking at this!

    Wednesday, December 9, 2015 8:37 PM
  • User-463189925 posted

    The cause of the problem has been identified and we are currently working on a fix. This will eventually cover all affected platforms, but to help us prioritize, what OS are folks running that are directly affected by this? I saw Server 2012 mentioned above - anyone running anything else blocked by this?

    David So [MSFT]

    Thursday, December 10, 2015 12:07 AM
  • User601625562 posted

    This was causing a major issue on our ecommerce site.  We were unable to get orders all day.  Our webhost was able to roll back the update today, but indicated that it could reinstall next Tuesday when Microsoft sends out updates again.  Very hopeful that Microsoft can resolve this.  I believe we are also on Server 2012.

    Thursday, December 10, 2015 12:07 AM
  • User667928648 posted

    Same problem here. I'm using Windows Server 2008 R2 and Windows Server 2012 R2, both platforms are affected.

    Thursday, December 10, 2015 1:34 AM
  • User-1938296911 posted

    Hi:

    Windows Server 2008, 2008 R2 and 2012.

    Thanks.

    Thursday, December 10, 2015 5:24 AM
  • User780537646 posted

    Working on OS Windows Server 2008 R2 and experiencing this problem with all Classic ASP uploads via <form> having enctype="multipart/form-data".

    Very urgent issue as it affects the websites of many of my customers.

    Thursday, December 10, 2015 6:15 AM
  • User483954567 posted

    I have Uninstalled the update KB3104002 and restarted Windows server 2008 R2, then classic ASP file upload started to work again.

    Thursday, December 10, 2015 7:28 AM
  • User932794206 posted

    I'm having the same problem , you could identify the solution?

    thanks

    Thursday, December 10, 2015 7:34 AM
  • User-283779455 posted
    You know if you have this bug because the binary data of the multiform request will be corrupt. Rolling back the update solved the problem for us too. Or you can switch to an ASP.NET page just to handle the file upload request. Lots of happy customers called our support line today.
    Thursday, December 10, 2015 7:37 AM
  • User-1508792096 posted

    I have unistalled the update KB3102429 and the problem was solved for Crystal Reports and SQL Server 2008. 

    Our CMR software is traying to program the bug for their system.

    Please, if any can detail the root cause I will appreciate the collaboration.

    Thursday, December 10, 2015 7:49 AM
  • User932794206 posted


    I requested uninstall the path and I scheduled reboot with my datacenter, will warn you about the result.

    thanks

    Thursday, December 10, 2015 8:13 AM
  • User-1969479614 posted

    Just chiming in to say we're having the same problem here. Rolling back the update on 12/9 fixed it, and this morning 12/10 the problem is back.

    I'll be checking in on this thread to see if/when there is a solution or a patch.

    I'm glad I stumbled on this thread; I would've been chasing my tail all day otherwise.

    Thursday, December 10, 2015 9:02 AM
  • User-1839307293 posted

    Our upload for documents is broken also.

    We are using freeASPUpload.asp.

    The problem ist the VBScript function instrb() searching for binary arrays with the length of 1.

    instrb() workes correctly for me when searching for a binary array with the length bigger than 1.

    Greetings Marcel

    Thursday, December 10, 2015 10:15 AM
  • User1957537558 posted

    I reported this yesterday (probably at the wrong spot but I didn't know where else to report)

    https://connect.microsoft.com/IE/feedback/details/2110858/ms15-124-breaks-vbscripts-instrb-function-when-working-with-a-byte-safearray

    There is a test case and more details on the specifics there.

    We're running on 2008 R2 and 2008 here. There are a lot of older applications out there that still use classic ASP for file uploads, and they all broke all at once. It was kind of a support nightmare yesterday. 

    Thursday, December 10, 2015 1:46 PM
  • User6868142 posted

    Yes here too - 

    Server 2008 R2 - Classic ASP file uploads stopped working on a web site that has been working fine for years.  

    Current file versions: (both dated 11/8/15)

    vbscript.dll 5.8.9600.18123

    jscript.dll 5.8.9600.18123

    ========== ===========

    After removal of KB3104002 - 

    vbscript.dll 5.8.9600.18098

    jscript.dll 5.8.9600.18098

    Uploads began working again. 

    Thursday, December 10, 2015 11:03 PM
  • User780537646 posted

    Uninstalling the update yesterday worked at that moment. But today, it looks like the update is back again, and the upload problems too.

    Friday, December 11, 2015 4:11 AM
  • User-355540640 posted

    Assumption, but it appears only FreeASPUpload and Pure ASP File Upload are affected by this. We've always recommended our customers to use Persits ASPUpload, which still works great. Maybe because it's a COM and not "pure ASP". Tested on Windows Server 2012 R2 IIS 8.5.

    Friday, December 11, 2015 8:54 AM
  • User-95495689 posted

    Assumption, but it appears only FreeASPUpload and Pure ASP File Upload are affected by this. We've always recommended our customers to use Persits ASPUpload, which still works great. Maybe because it's a COM and not "pure ASP". Tested on Windows Server 2012 R2 IIS 8.5.

    It appears that the update is to the exe that processes vbscript - so it wouldn't surprise me if a com object continued to work fine.

    I hope MS can fix this one promptly. We can control the windows updates on our own servers, but many of our clients run our software on shared hosts or machines elsewhere.

    Friday, December 11, 2015 10:32 AM
  • User-1929294946 posted

    I am using Windows 10 for development.  This issue has broken my development applications with regard to uploads.

    Friday, December 11, 2015 11:39 AM
  • User-522139905 posted

    It's back!  My machine decided to re-install the security update again last night and it broke my ASP page file uploading.

    https://support.microsoft.com/en-us/kb/3104002

    I see that in this article MS admits it causes ASP pages to fail. It doesn't seem to say when that issue will be fixed.  I hope MS is fixing this immediately as all of my clients file upload feature of my ticketing software that I sell is broken until they un-install that security update.  I sent an email to all of my users to go to windows update yesterday and un-install the this security update.  If anybody has information to when MS will send out a new patch with corrects to their VB language errors please post it here.

    It seems like this update has actually broken ASP VB script so you might have other ASP problems too much more than file upload if you happen to use this particular VB script function.

    Here is more about the issue:

    http://stackoverflow.com/questions/34181411/uploading-a-file-in-classic-asp/34188295#34188295

    MS15-124: Security update for Internet Explorer: December 8, 2015

    Summary
    This security update resolves several reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage in Internet Explorer. To learn more about these vulnerabilities, see Microsoft Security Bulletin MS15-124.

    Additionally, this security update includes several non–security-related fixes for Internet Explorer.

    Known issues in this security update

    • After you install this security update, some classic ASP applications may not work correctly. For example, you may be unable to upload image files by using classic ASP applications.
    Friday, December 11, 2015 12:47 PM
  • User-2064283741 posted
    As stated earlier in this thread Microsoft are looking into this.
    Friday, December 11, 2015 1:08 PM
  • User1166997863 posted

    on Windows Server 2012 R2 unistall KB3104002

    on Windows 10 unistall KB3116900

    Saturday, December 12, 2015 7:10 AM
  • User913349159 posted

    A bit of extra detail: Update KB3104002 is the one to remove on Windows 2008r2 also.

    As well as the problem (with instrb and related functions?) which for one thing breaks upload handling functions/components, we found it created "random" corruption of the output of a couple of scripts that did not use these functions. Removing this update seems to have corrected this problem as well as the one already discussed above.

    The corruption was in the form of space delimited sequences of 8-bit values in hexadecimal inserted into the output, always I think at points were a server-side code block started. The added data was not entirely random - near the top of the page the same values were inserted in much the same places (even after the output started to vary due to differences in request parameters and database contents from call-to-call) and once the added text did start to vary it was the same for each version of the output (where the output version is determined by data read and output in response to query string inputs). Just to make it more interesting: there are a significant number of scripts in the app in question that were completely unaffected, and the affected script was not always problematical: after an IIS reset all was well for a while (up to a couple of hours, though sometimes only minutes - I was unable to find a pattern to explain what was tripping the change in behaviour) before the aberrant behaviour returned.

    I have sample clean and corrupted output data if there is somewhere official it would be useful to submit that too. The script in question is likely too large to be useful as an example to replicate the problem, but if it would help MS's diagnostics I could hack it down to try create a minimal affected script.

    Sunday, December 13, 2015 4:41 PM
  • User-125334191 posted

    OK Scott, we are having almost close match same problems, I am looking for help to fix.  My wife and I have matching computers, both have Windows 10, both have Internet Explorer 11.  Both of them auto downloaded and installed updates, patches, fixes, etc. (as if we can stop it) from Nov. and Dec. 2015.  No problems before... but now, we click on IE and nothing, we click on Edge and nothing, we go to Control Panel and click on Internet Options, and nothing.  We can click on Google Chrome (what I am using right now) and AOL.  The IE desktop icon used to say "Internet Explorer", mine now has nothing under it, wifes has "%nternet Explore%" under hers.  I have been searching and searching for a fix, repair, ... anything to fix and to understand what is happening.  So far your posting is the first one I have come accross, after I came accross "Security Bulletin MS15-124" and started searching using it.  MS, Forum users, anyone... Please HELP!

    Sunday, December 13, 2015 9:33 PM
  • User1506523533 posted

    Same issues here. on my VPS i managed to removed KB3104002, which then re-installed itself. uninstalled it again, and change the update settings... hopefully it will ask next time.

    But i have many sites on shared hosts, and the issue exists there as well - they will only agree to uninstall it for up to 45 days and then they say they must re-apply the KB, because of security holes.

    I hope MS can come up with a fix by then...

    Monday, December 14, 2015 3:30 AM
  • User-537399849 posted

    Yes same problem with 2 server, eny solution?

    Monday, December 14, 2015 9:34 AM
  • User-1321435135 posted

    We are having this problem in classic ASP too.  InstrB function not working.

    Monday, December 14, 2015 4:10 PM
  • User1408967620 posted

    We are also having the same problem and would like to be alerted when there is a fix please.

    Windows Server 2012 R2

    Thanks

    Dave

    Monday, December 14, 2015 4:13 PM
  • User1941181285 posted

    I was able to fix this on my Windows servers by installing PHP and using the script shown here: http://www.w3schools.com/php/php_file_upload.asp

    You will need to adjust the the file size limit see: http://stackoverflow.com/questions/2184513/php-change-the-maximum-upload-file-size

    Doesn't take long to install PHP - use Windows Platform Installer if possible.

    Monday, December 14, 2015 4:55 PM
  • User-1477460723 posted

    Installing PHP is not an option for everyone - it adds complexity to environments including patching, maintenance, more processes on the platform, memory requirements, completely new platform to manage, etc. This costs time and money and should only be considered as last resort and part of a well thought out strategy.

    Monday, December 14, 2015 5:02 PM
  • User-463189925 posted

    An update on the fixes: we're working as fast as we can on getting the fixes out. There is quite a matrix of platforms depending on OS and IE version, so we're prioritizing fixes for the common Server platforms (ie those impacted in production) first. We hope to have these available as early as mid this week.

    If anyone cannot wait for the official fixes and requires more urgent assistance (e.g. blocked in production) then please contact Microsoft Support for assistance (http://support.microsoft.com/oas , enter ‘Microsoft Internet Information Services X.X’ based on the IIS version, set Problem Type='Active Server' and for Category='Script engines and languages')

    Apologies to everyone who is affected and thank you for your patience.

    Monday, December 14, 2015 7:07 PM
  • User-403903694 posted

    I just had a similar issue with a client's server. It was failing on the function midB which worked prior to installing updates. I found another thread that targeted KB3104002 as the culprit. I removed only that update and our system started working normally again (after a reboot)

    Tuesday, December 15, 2015 11:28 AM
  • User485188895 posted

    I had same problem. I got this off the web. So far it seems to work for me.

    I hope this helps someone else

    ...
    if LenB(lnBoundaryBytes)>1 then
       lnBoundaryEnd = InStrB(lnEndPosition, lnBytes, lnBoundaryBytes)
    Else
       lnBoundaryEnd = findCharInStrB(lnEndPosition, lnBytes, lnBoundaryBytes)
    END IF
    
    
    ……
    Private Function findCharInStrB(startPos, inputArray, searchChar)
      Dim loc
      For loc = startPos to Len(inputArray)
        if MidB(inputArray, loc, 1) = searchChar then Exit For
      Next
      findCharInStrB = loc
    End Function
    

    Wednesday, December 16, 2015 4:26 PM
  • User-1957784177 posted

    This is definitely a problem. I am glad I stumbled upon this site. I thought I was going crazy when our upload scripts started to fail. The specific error I was getting was "Invalid procedure call or argument: 'MidB'

    I uninstalled KB3104002 and am good... for now!

    Wednesday, December 16, 2015 10:52 PM
  • User-463189925 posted

    We have official fixes available now!! https://support.microsoft.com/en-us/kb/3125446

    You will need to click on the 'Hotfix Download Available link', select the appropriate OS then enter email address. You will then get an email with a direct link to the hotfix installer.

    Hotfixes available:

    - Win8.1/Win2012 R2 (IE11)
    - Win8/Win2012 (IE10)
    - Win7/Win2008 R2 (IE11, IE8)
    - Vista/Win2008 with IE8
    - Vista/Win2008 SP2

    Mini FAQ:

    "When will fixes be on Windows Update?" - The hotfixes in the link above need to be manually installed. Automatic patching via Windows Update will be available approx. mid Jan 2016.

    "What if my configuration is different from what's available via Hotfixes?" - The hotfixes are meant to unblock customers running on the most common server platforms. There is a large matrix of potential configurations depending on OS and IE versions. The Jan updates from Windows Update will cover a much wider range of configurations than what the hotfixes target. If you're still blocked, cannot wait until the January updates and the hotfixes doesn't address your configuration then please contact Microsoft support for assistance (see my post above for more details).

    David So [MSFT]

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Wednesday, December 16, 2015 11:27 PM
  • User-537399849 posted

    Thank you i test to install it.

    Thursday, December 17, 2015 3:14 AM
  • User-1938296911 posted

    Great! Thanks!

    Thursday, December 17, 2015 5:13 AM
  • User-537399849 posted

    Thanks worked perfectly, having nice Christmas :)

    Thursday, December 17, 2015 8:36 AM
  • User-1957784177 posted

    Thank you.

    Do we still install KB3104002 and then run this patch? KB3104002 is listed in Windows update as an important update.

    Thursday, December 17, 2015 12:18 PM
  • User-1477460723 posted

    Nice to see the topic I started had more than 10,000 views now. I guess people still use Classic ASP. I know we do.

    Anyway, thanks Microsoft for the fix - still waiting for a Windows Server 2012 version though.

    Once the fix is available what's the process?

    Install the fix and then the updated, install the fix and forget the update, install the update then the fix?

    Thursday, December 17, 2015 3:46 PM
  • User-463189925 posted

    Still working on getting 2012 hotfix out but hopefully very soon....

    The hotfix targets vbscript.dll whereas the update (KB3104002 - the one that initiated this whole post) has much more content than that. So the hotfix is not a replacement for the update.

    According to https://support.microsoft.com/en-us/kb/3125446 having KB3104002 is a prerequisite, which means you're supposed to install the hotfix on top of KB3104002 on your machine. This will result in all the IE security fixes from KB3104002 as well as the patched vbscript.dll.

    Not sure if it's an officially supported sequence though I was able to have the following work: machine without KB3104002 (e.g. was manually uninstalled at some point due to breaking impact)-> install hotfix 3125446 -> run windows update (brings back KB3104002) -> install update KB3104002.  I successfully tried this with the 2012R2 hotfix and it likely works due to the fact that the file version of vbscript.dll in the hotfix has higher number than that in the KB3104002. However if you run into any problems then go with the official way (update KB3104002  then hotfix KB3125446)

    HTH.

    Thursday, December 17, 2015 9:01 PM
  • User-594841236 posted

    Thanks davidso!

    Friday, December 18, 2015 3:32 AM
  • User-1938296911 posted

    By the way: after having installed the private hotfix, since it's not an officially  supported one, you'll get a "For testing purposes only" message in your desktop.

    This is a normal situation:

    http://blogs.msdn.com/b/ntdebugging/archive/2011/08/05/for-testing-purposes-only-and-other-desktop-watermarks.aspx

    However: Is this going to dissappear when the official path is released?

    Thanks.

    Friday, December 18, 2015 7:06 AM
  • User-1477460723 posted

    Hi David... Any update on the fix for Server 2008/2012, please?

    Sunday, December 20, 2015 8:09 PM
  • User-161518487 posted

    Same problem here, i am using Windows Server 2012. Most uploads on my server stopped to work causing big problem in important features that use upload.

    I tryed the link sent by David, but i did n´t received the fix in my email.

    Monday, December 21, 2015 6:00 AM
  • User-125984861 posted

    trouble installing hotfix 488991_intl_x64_zip.exe,

     Server: Windows Server 2012 Standard (64bit)(KB3104002 already installed).  

    I am getting a message shown below while trying to install hotfix 488991_intl_x64_zip.exe.

    "The update is not applicable to your computer. "

    please help ..

    Monday, December 21, 2015 11:53 AM
  • User-2064283741 posted

    Please at least read the thread. 2012 solutions are still being worked on.
    Monday, December 21, 2015 12:50 PM
  • User-463189925 posted

    Hi all,

    additional fixes for Server 2008 and 2012 are now available! The KB text at https://support.microsoft.com/en-us/kb/3125446 hasn't been updated yet, but if you click on 'hotfix download available' link then you'll see 2 new options:

    -Windows 8/Windows Server 2012 RTM
    -Internet Explorer 8 for Vista and Server 2008 (in addition to 'Windows Vista/Windows Server 2008 SP2')

    Monday, December 21, 2015 1:01 PM
  • User-463189925 posted

    Re: matthewspv
    48891_intl_x64.zip is for 2012R2 only. You'll need to install the one for 2012 (489064) that just got released.

    Monday, December 21, 2015 1:04 PM
  • User-463189925 posted


    Re JM Alarcon:

    The 'for testing purpose' message will go away after you uninstall the private hotfix (KB9999999). You will need to uninstall the private hotfix and then install the official one. 

    Monday, December 21, 2015 1:07 PM
  • User-125984861 posted

    Thank you.

    could you please provide me link to download, I do not  see this in this link

    https://support.microsoft.com/en-us/hotfix/kbhotfix?kbnum=3125446&kbln=en-us

    Monday, December 21, 2015 7:40 PM
  • User-463189925 posted

    re mathewspv: you have to select the hotfix you want (e.g. 'Windows 8/Windows Server 2012 RTM' for 2012) then enter your email address. You will then get an email with the direct link to the download. For hotfixes we do it this way just in case we later find problems with the hotfix and need to contact our customers. 

    Monday, December 21, 2015 8:05 PM
  • User-161518487 posted

    re mathewspv: you have to select the hotfix you want (e.g. 'Windows 8/Windows Server 2012 RTM' for 2012) then enter your email address. You will then get an email with the direct link to the download. For hotfixes we do it this way just in case we later find problems with the hotfix and need to contact our customers. 


    I filled the form with my email (tryed with a alternative mail too) and i did n´t received the email from microsoft with the link in both of them.

    So my team had to rewrite the upload scripts using persists upload. (We delayed our current project)
    Now upload feature works again.

    If i was wait for the fix would be on big trouble considering the importancy of the upload feature.

    Tuesday, December 22, 2015 6:19 AM
  • User177628364 posted

    Good day,

    I have this problem with Windows 10 upgrade (kb3116900), and now (kb3121200).
    that solution?


    thanks.

    Tuesday, December 22, 2015 8:04 AM
  • User-929939098 posted

    My websites are hosted by Godaddy on their Windows Server and I have been having this problem for the past two weeks.

    I have informed them of the problem but they are in denial that the problem exist.

    I have even sent them the link with hotfix but haven't received any notification from them that they are looking into the problem.

    Is is possible for someone from Microsoft to contact them, informing them that this is in fact a real problem and that the patch needs to be applied.

    This is a tall order but what else can I do.

    Tuesday, December 22, 2015 10:47 AM
  • User-125984861 posted

    Thank you. that worked.

    Tuesday, December 22, 2015 10:53 AM
  • User-463189925 posted

    re micheldohms, JAMCL: sent you both a private msg

    re alex jovel: hotfixes are only targeting server platforms at this time. Desktop platforms (such as Win10) will be fixed in a few weeks time as part of Jan round of Windows Updates.

    Tuesday, December 22, 2015 12:48 PM
  • User-859244499 posted

    L.S.,

    We have Windows 2008 R2 32bit with IE9. None of the (new) updates seem to work. Has this configuration been addressed too?

    Message is: 'The update does not apply to your system'.

    Wednesday, December 23, 2015 10:23 AM
  • User-463189925 posted

    Re Doomie1982:

    As I mentioned in an earlier post, the hotfixes are meant to unblock customers on the most common platforms and not meant to address all possible combinations of OS and vbscript/IE versions. The Jan round of updates will cover wider range of combinations than what the hotfixes will cover. For Win2008 R2 x86 there are fixes available for IE11 and IE8. So you can either downgrade (on the server) to IE8 and install the 'Windows 7/Windows Server2008 R2 SP1' hotfix, or you can upgrade to IE11 (on the server) to IE11 and install the 'Internet Explorer 11 for Windows 7/Windows Server 2008 R2 SP1' hotfix.

    Wednesday, December 23, 2015 1:49 PM
  • User-110638624 posted

    I want to give a shout out to Matt3k who was on top of this on other sites.  I got hit with this on Sunday the 20th (I was behind with windows updates), and it came as quite a shock.

    The removal of the KB as well as patching with the hotfix did not resolve the issue, however, code provided to sidestep instrb worked like a charm.

    Said code (from him) is:

    Function InstrBNew(startPos, inputArray, searchChar)
    
      if LenB(searchChar) = 1 Then
        Dim loc
        For loc = startPos to Lenb(inputArray)
          if MidB(inputArray, loc, 1) = searchChar then Exit For
        Next
        InstrBNew = loc
      Else
        InstrBNew = InstrB(startPos, inputArray, searchChar)
      End If
    End Function

    I added that to my upload.asp file and called the function in place of instrb, worked like a charm.

    Happy users = happy life!

    Thursday, December 24, 2015 10:34 AM
  • User1591992988 posted

    Ok, so backed out too, didn't work. Tried code changes from InstrB to InstrBNew and didn't work, other bugs.  Then read through this ...

    http://stackoverflow.com/questions/34181411/uploading-a-file-in-classic-asp/34188295#34188295

    ... and decided to just change CByteString(Chr(13)) to Chrb(13) where it was used, and PRESTO, all working again.

    Thursday, December 31, 2015 5:01 PM
  • User1074644838 posted

    Having the same trouble with Windows 10 Pro 64bit, production environment.  Had tracked down the problem to instrb( then found this forum.  Anyone have any idea which KB# update needs to be uninstalled in Windows 10 to resolve this?  Or, preferably, when the hotfix will be available for Win 10 64?

    Friday, January 1, 2016 11:25 PM
  • User-1220402093 posted

    Hello David

    We are having the same issue on Windows 7 Enterprise SP1 64bits / Internet Explorer 10.

    Will you provide a hotfix for that Platform?

     

    regards

    Monday, January 4, 2016 11:05 AM
  • User-463189925 posted

    Re Win10: this will be addressed by a Jan set of updates (hopefully in just over a weeks time).

    Re Win7 IE10: There is a hotfix available for Win7 IE11, so you can upgrade from IE10 to IE11 then apply that hotfix. If that's not an option then you could wait for the same set of Jan updates that I mentioned above. 

    Monday, January 4, 2016 5:25 PM
  • User-1477460723 posted

    Hi folks... I haven't applied the fix on our Windows Server 2012 boxes because I still have a question - shall I apply the original patch then the fix, or just the fix?

    Thanks!

    Monday, January 4, 2016 5:27 PM
  • User-226663657 posted

    My webhost server told me to install MS Hotfix to fix security update 3104002 to my own computer, is that true or they need to install the hotfix to the host server themselves?  thanks!

    Monday, January 4, 2016 6:13 PM
  • User-463189925 posted

    re: guerchmann - I think I answered this above https://forums.iis.net/post/2114334.aspx

    Assuming by original patch you mean KB3104002 then both should work and get you to the desired state (updated vbscript.dll). If you're referring to the private hotfix (KB9999999) then that does need to be removed first.

    Monday, January 4, 2016 6:31 PM
  • User-463189925 posted

    Re Patrick H: the hotfix needs to be installed on the machine that is running IIS. So if you're using a webhost company to host IIS then installing the hotfix on your own (client) machine would have no impact whatsoever.

    Monday, January 4, 2016 6:34 PM
  • User-226663657 posted

    Hello davidso, I do the same problem with JAMCL dealing with Godaddy.  Would you help?  thanks!

    Monday, January 4, 2016 6:42 PM
  • User-1477460723 posted

    Thanks, missed that. Will work during the week.

    Cheers

    Monday, January 4, 2016 6:58 PM
  • User-1249135954 posted

    Tnx for this tread

    Tuesday, January 5, 2016 6:13 AM
  • User-1477460723 posted

    I have now installed the original KB3104002, restarted servers and installed hotfix. Tested and all working again.

    Thanks!

    Wednesday, January 6, 2016 2:47 AM
  • User-522139905 posted

    Do we have a date for when the new January updates will resolve this issue and we don't have to either continually uninstall or apply the patch?  I have several clients of my help desk product who I would like to inform them of an update that should resolve this issue.

    Wednesday, January 6, 2016 5:52 PM
  • User-968308898 posted

    We have a server running Windows Server 2008 SP2 suffering from this issue.

    I have downloaded the hotfix for Windows Server 2008 SP2 x86 but when running I am told 'The update does not apply to your system'.

    We're running IIS 7.0 and IE 9, but the IE on the server is not used at all for anything.

    Any reason this hotfix doesnt not work on our server? Does IE 9 need to be downgraded to IE 8? I saw a similar post above from someone trying to fix their 2008 R2, but the original post regarding the hot fixes specified IE 8 for 2008 R2 but no IE was specified for 2008 SP2

    Thursday, January 7, 2016 4:37 AM
  • User-2064283741 posted
    I imagine the updates will be here next week.
    https://en.m.wikipedia.org/wiki/Patch_Tuesday
    Thursday, January 7, 2016 5:32 AM
  • User-457134387 posted

    Any confirmation from Microsoft a "regular" update will be available 1/12/16 to resolve this?

    Thursday, January 7, 2016 10:41 AM
  • User-463189925 posted

    re: 4fxdev The hotfix for 2008 SP2 x86 is for IE7. In your case you may want to downgrade to IE8, install security updates for IE8 and then the hotfix for Win2008 with IE8. Or wait for the January updates.

    re: scott/rovastar/bortvern - yes patch tuesday 1/12/16 is the current plan.

    Thursday, January 7, 2016 7:55 PM
  • User-1072118230 posted

    Is this the new fix?

    https://technet.microsoft.com/library/security/MS16-001

    It doesn't say so explicitly, but 3104002 is mentioned in the Updates Replaced column

    Wednesday, January 13, 2016 4:44 AM
  • User-463189925 posted

    Yes it is!

    Wednesday, January 13, 2016 2:07 PM
  • User-522139905 posted

    Can you confirm that the windows update last night has fixed the original ASP download problem created by KB3104002 and folks do not need to apply any hot fixes or un-installed KB3104002 any more?  I want to send a note out to my clients that this issue should have been addressed by the updates distributed on 1/12/2016.  Thanks

    Wednesday, January 13, 2016 6:01 PM
  • User-463189925 posted

    Correct. Last nights Critical Security Update (https://technet.microsoft.com/library/security/MS16-001) fixes the 'original ASP issue caused by KB3104002' and also includes additional security updates.

    So the simplest answer is just move to the latest updates.

    If you have the hotfix (kb3125446) installed already you don't need to worry about uninstalling it as you can install MS16-001 on top (as it has a newer version of vbscript.dll than the hotfix).

    Wednesday, January 13, 2016 7:59 PM