Slashdot Mirror
Uber-patch for Internet Explorer
malevolence writes: "According to The Register, Microsoft has released an Uber-Patch for Internet Explorer that fixes all known security problems, as well as 3 new ones, including the content-type issue that was reported on slashdot a few days ago."
I thought this was the bug that couldn't be fixed because it was worked so deep into the OS.
...Steve
I downloaded the 2.15 mb patch. I try to run it, and I get a prompt that I need IE5 Service pack 2 installed. That's it, it doesn't supply a link, it doesn't try to download it, nothing. Microsoft rushed this one out.
This does not appear to be a service pack, and the target builds listed for the hotfix are only IE 5.5 SP2 and 6, so you'll need to head here to get yer SP and then install the hotfix (get directly to it from here).
It seems unlikely that the SP2 for 5.5 includes this as of right now, although it will eventually (I know sometimes I'll download an SP and take a few days to actually install it). Check your versions before you plunge your box into browser hell =)
Here's the direct download URLs, so you don't have to wade through MS's crufty site:
c 23/6/W98NT42KMeXP/EN-US/q313675.exe c pac23/5.5_SP2/WIN98Me/EN-US/q313675.exe
for IE6:
http://download.microsoft.com/download/IE60/secpa
for IE5.5:
http://download.microsoft.com/download/ie55sp2/se
These updates have not yet appeared on Windows Update.
A cheer for code you can verify yourself before you trust it to secure your computer for you.
Goat sex free since 2001
It's also important to note that it's not just users of IE as their browser that are affected by this bug. Lots of Windows programs took a shortcut (Eudora being a prime example) and used MSHTML.DLL as the rendering engine for their application. Any application that displays HTML and uses MSHTML.DLL and has IE5.5 or IE6 should install this patch IMMEDIATELY.
Some people take their .sig way too seriously
You better check your info again bud.... It is patched. at least Sun and IBM.
Besides, anyone not using ssh rather than telnet and rlogin is not very worried about security anyway.
Usually interim patches are not uninstallable. Only when an official service pack is released can you uninstall it.
So I guess you've never heard of installation or SMS servers that make an installation of this nature possible at the click of a single button from any workstation in the company? Microsoft had them out years ago. Currently Windows Update and Dynamic Update can be pointed to intranet servers. Active Directory, MSI, or WMI can "push" installations automatically from centralized locations as well, again at the click of a button and without interrupting the user. Maybe you need to start researching solutions for this problem instead of complaining about them to slashdot?
Walk to individual machines. Hah, that's so 80s.
The news article about Magic Lantern, which you apparently failed to read when it was posted to Slashdot, contains the following text:
"When asked if Magic Lantern would require a court order for the FBI to use it, as existing keystroke logger technology does, Bresson said: 'Like all technology projects or tools deployed by the FBI it would be used pursuant to the appropriate legal process.'" (my emphasis)
So unless the FBI has gotten a court order against the 84.8% of web surfers who use Internet Explorer, this is pure FUD.
Sheesh.
Yesterday you bashed MS for not going public about anything, and now you bash them for patching the program. Short of open sourcing everything, is there anything they could do that would appease this croud?
They might not get it right on the first try, but they do fix their bugs, and i think this was fairly timely, especially given the size / scope of IE.
for IE5.5 for IE5.5:s ec pac23/5.5_SP2/WIN98Me/EN-US/q313675.exe
http://download.microsoft.com/download/ie55sp2/
Note, that is for IE 5.5 SP2 if you have SP1, or plain vanilla 5.5, you will first have to upgrade, so you may want to wait till a full release with the patches is available. SP2 is 17MB download.
Anyone know what the equivalent version is if you have the AOL version of IE? (not that I do) but you can imagine AOL will be slowed to a crawl if every single user must get an upgrade first to SP2 or IE6, then get this patch. When - oh - when will AOL finally become browser neutral or go entirely to Netscape/Mozilla?
Work for Change & GET PAID!
The patch that blew up this approach for us was MS01-50. It had two critical patches to apply at the same time, and the system tried to apply both at once, when you needed a reboot for each. Guess who was "volunteered" to re-patch the machines.
*sigh* It's Friday afternoon. Time to go home. No more f*cking patches to do.
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
"IE is the best browser out there. Check ANY review. " Maybe it's just my opnion, but I the opera http://www.opera.com is better. It's faster and in my experience far more stable on NT and in 2000. Most reviews to date ignore or are unaware of opera's existence. Give it a try. I do however agree with your overall point, people to need be a little less biased on slashdot. Just dont step too far pointing it out with dubious statements like the above as it will only result in the people your talking to ignoring you as ignorant. Though I'm not sure they won't simply because they disagree. The line between troll and zealot is kind blurry.
Sorry to break it to you, but a significant protion of the readership *does* use IE. Rob used to publish statistics on this and stopped for obvious, embarassing reasons.
That was a simlar, but not identical bug that was patched months ago. Get off your ass and get up to the current patchlevels. It's easier than bitching to Slashdot.
By doing so, I can't get to Hotmail, can't sign in to Passport, and most importantly, can't access Windows Update.
Hey, anyone astroturfing for Microsoft! Your own security recommendation means people can't access your sites. I am NOT turning on active scripting(i.e. disabling a security measure) so I can get the fix.
You guys need to make your site work without Javascript. Sheesh. How can anyone take you seriously?
No, Thursday's out. How about never - is never good for you?
For years I used Netscape and loved it, up through about 4.0 (4.5-7 are bad, bad, bad). I even used 4.7 for a long time, before finally deciding that I just couldn't live with the shitty rendering, slow reaction time, and general bugginess. So I tried IE, just to see how bad it was.
And it was amazingly fast, clean, and surprisingly not crashy, considering it was Microsoft's. Slowly, I started to accept that IE was the best browser out there. And I used IE, and netscape actually disappeared from my computer.
Sure, I tried Mozilla, and Netscape 6.0 and 6.1. Quite honestly, they're crap. They're slow, not particularly stable, and ugly. But mostly they're just slow, fucking slow. It's not just loading the program, it's also in large part that I open a page and Mozilla takes about three times as long to render as IE.
But when I read that security page the other day, I found a new program to try. So I tried it: Opera. I last used Opera on a mac a couple of years ago, when it was small, shitty, buggy, and lacking features, like security. So I wasn't really expecting anything.
Opera is fucking brilliant. It's fast--it's actually faster both to load and to render pages than IE. It gets rid of a lot of the useless shit that IE throws up--like dialogs to go from secure to insecure. It has security, it has a full feature set (at least, all the stuff I use, like plugins and java and working pages). It lets me use the keyboard more than IE.
And the best part: it lets me block out pop-up windows. You have no idea how amazing a feeling it is to go to a site that throws pop-ups at me like mad and watch them, well, not load. No idea until you try it. It even pretends to be IE for pages that require IE.
I have had one page fail to load correctly--a credit card account page. But considering it loads wrong half the time in IE, it's not too bad. Still, I'm keeping IE around (and patched it) in case I find something glaringly wrong with Opera, but until that time, I'm happy with this.
Oh, did I mention it sits in _half_ the memory footprint of IE, and about a third of Mozilla?
Check it out. Opera. It's not Open Source, but then again, if we're talking about IE, we're talking about windows, so...
Jeff
Flamebait is typically written to elicit strong emotional response and name-calling from the target audience... this falls under the "troll" category which gives a more subtle feeling of disturbance, saying something usually inaccurate or incorrect in a seemingly reasonable manner to generate lots of "discussion". Let's go point-by-point:
Seeing as michael's story was neither misinformation nor an over-the-top rant (read the story), this plays on the popular opinion that slashdot gets a lot of stuff wrong all the time, as well as our obvious anti-Microsoft bias, to pretend that it was in fact an over-the-top misinformed rant.
Did they provide information about when a patch was available? At the time, they did not, so this is hardly misinformation. Whether they release a patch today or three months from now, "no information" is still "no information".
Correct me if I'm wrong, but I believe "M$" is childish name calling. "If it agrees with me, it's opinion, otherwise it's bias": This just about sums it up. There is nothing wrong with bias; there is no way to avoid it, claiming something is unbiased is a great indication that something is trying to be intentionally misleading. I read slashdot because the bias mostly agrees with my own. Perhaps your time would be better spent looking for a more agreeable forum, instead of trolling on this one.
Don't think of it as a flame---it's more like an argument that does 3d6 fire damage
What happened? That bloody search-from-the-address-bar thingy had turned itself on. Oh well, I say, just go to Options -> Advanced -> Do Not Search From The Address Bar. I do this, type in "asdfa sdfsdfsa dfwer" (note the spaces) and POW: search-from-the-address-bar turns itself back on.
Much the same thing happens if you change the option and then restart IE.
WTF?
Mozilla isn't where yet, exactly? I find Mozilla to be more capable than IE often times. My current project at work has an extensive CGI front end so I'm having to deal with all the cross-browser issues. Writing standard-compliant HTML/CSS works beautiful in Mozilla, have not had one problem yet.
What was the last version of Mozilla you used?
Dacels Jewelers can't be trusted.
Check out http://www.guninski.com/browsers.html.
2462 is not the final release build of IE 6. I think that's IE 6 beta 2, or maybe the "public preview" that went out before XP shipped.
The shipping version of IE 6 is 6.0.2600.0. If you go to Windows Update you should be able to install it, and then after you do that install the patch.