WSS 3.0 Security Fix causes Performance Issue for Hosters
I was notified this morning that a recently released security fix for WSS 3.0 has some severe performance issues for folks using host-header mode with a large number of sites (sound like anyone you know?). Read below for the official announcement:
Important known performance issues about security update MS07-059 when deployed in hosting scenarios with multiple host-named site collections
Microsoft has released, on October 9, a security bulletin, describing an important security update for Microsoft Windows SharePoint Services 3.0, which resolves a publicly reported vulnerability. The vulnerability could result in elevation of privilege within SharePoint sites.
If you do not use host-named site collections in your Windows SharePoint Services 3.0 deployment, you can, and should, already proceed applying this important security update MS07-059. You can also disregard the rest of this message.
On the other hand, if your Windows SharePoint Services 3.0 deployment uses host-named site collections, previously known as “host header” sites, you may experience severe performance issues while applying this security update, particularly if you have many of such host-named site collections. For example, this issue may occur when there are more than 50 host-named site collections in your deployment. In that case, we recommend that you do not apply this security update at this point. The described performance known issue is currently being addressed and Microsoft will shortly issue a complementary hot fix, which will enable the proper installation of security updates contained in the MS07-059 bulletin.
In order to obtain this upcoming hotfix, contact Microsoft Product Support Services. For a complete list of Microsoft Product Support Services telephone numbers, visit the following Microsoft Web site: http://support.microsoft.com/contactus/?ws=support
To read more details about the security bulletin, addressed vulnerability and known issues in deployments with many host-named sites, visit the following links:
· Microsoft Security Bulletin MS07-059 - Important Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017): http://www.microsoft.com/technet/security/bulletin/ms07-059.mspx
· KB article about the vulnerability in Windows SharePoint Services 3.0 that could result in elevation of privilege within the SharePoint site: http://support.microsoft.com/kb/942017
· Description of known issues while applying the MS07-059 security update for Windows SharePoint Services 3.0: http://support.microsoft.com/kb/934525/
We appreciate your consideration.