Symptom After you apply security update 980232 (MS10-020), you may encounter one of the following issues when you use a remote server that is based on the Server Message Block (SMB) version 1 protocol. For example, you use a Windows NT Server 4.0 or other third-party servers, or a network storage device as the remote server. Issue 1 You receive a “Document not saved” error message when you try to use a Microsoft Office application to save a document to the remote server. Issue 2 You cannot use the built-in backup utility to save backup files to the remote server. For example, you cannot save backup files to the remote server when you use NTBackup in Windows XP or in Windows Server 2003. Issue 3 The Security tab is missing when you examine the property of a folder on the remote server. Therefore, you cannot view or change the permission settings of folders on the remote server. These issues may also occur if you do not use a SMB 1.0-based device, but use a Wide Area Network (WAN) optimizer instead. For example, you use Cisco wide area application services (WAAS) software. Note The Server Message Block is more frequently known as the Common Internet File System (CIFS). Cause This issue occurs because security update 980232 (MS10-020) introduces a new validation for the security descriptors that are returned from the remote server. The validation calls the RtlValidRelativeSecurityDescriptor routine together with the security descriptor buffer and the length of the security descriptor buffer. For the length of the security descriptor buffer, the validation uses a field in the server response and assumes the field is set to the length of the security descriptor buffer correctly when the remote server responds with "STATUS_SUCCESS." However, the remote server returns 0 for the field. This behavior causes the validation to fail. Resolution Download and install the hot fix described in the following Microsoft Knowledge Base article: 983458 You cannot save documents to a folder or change the permission settings of folders on a SMB 1.0-based remote server from a Windows-based computer that has security update 980232 (MS10-020) installed http://support.microsoft.com/default.aspx?scid=kb;EN-US;983458 After you apply the hotfix, the DataCount field of the server response is used as the length of the security descriptor buffer when the validation runs. This makes sure that the new validation succeeds when the SMB 1.0-based remote server returns "STATUS_SUCCESS." Applies to Windows 2000 Windows Server 2003 Windows Server 2003 R2 Vista Windows Server 2008 Windows 7 Windows Server 2008 R2