Slashdot Mirror
Uber-patch for Internet Explorer
malevolence writes: "According to The Register, Microsoft has released an Uber-Patch for Internet Explorer that fixes all known security problems, as well as 3 new ones, including the content-type issue that was reported on slashdot a few days ago."
This does not appear to be a service pack, and the target builds listed for the hotfix are only IE 5.5 SP2 and 6, so you'll need to head here to get yer SP and then install the hotfix (get directly to it from here).
It seems unlikely that the SP2 for 5.5 includes this as of right now, although it will eventually (I know sometimes I'll download an SP and take a few days to actually install it). Check your versions before you plunge your box into browser hell =)
Here's the direct download URLs, so you don't have to wade through MS's crufty site:
c 23/6/W98NT42KMeXP/EN-US/q313675.exe c pac23/5.5_SP2/WIN98Me/EN-US/q313675.exe
for IE6:
http://download.microsoft.com/download/IE60/secpa
for IE5.5:
http://download.microsoft.com/download/ie55sp2/se
These updates have not yet appeared on Windows Update.
It's also important to note that it's not just users of IE as their browser that are affected by this bug. Lots of Windows programs took a shortcut (Eudora being a prime example) and used MSHTML.DLL as the rendering engine for their application. Any application that displays HTML and uses MSHTML.DLL and has IE5.5 or IE6 should install this patch IMMEDIATELY.
Some people take their .sig way too seriously
The update only works with IE 5.5 or 6.0. You might be running 5.0.
Interesting note: If you read the bulletin and click on the Technical Details submenu, you'll find the worst part:
As someone who does some sysadmin stuff at work, I didn't know this before. This means that a large majority of users (as far as my limited experience goes) that still use IE 5.0 will still have exploit available that won't be tested nor fixed. Wow...
Yesterday you bashed MS for not going public about anything, and now you bash them for patching the program. Short of open sourcing everything, is there anything they could do that would appease this croud?
They might not get it right on the first try, but they do fix their bugs, and i think this was fairly timely, especially given the size / scope of IE.
for IE5.5 for IE5.5:s ec pac23/5.5_SP2/WIN98Me/EN-US/q313675.exe
http://download.microsoft.com/download/ie55sp2/
Note, that is for IE 5.5 SP2 if you have SP1, or plain vanilla 5.5, you will first have to upgrade, so you may want to wait till a full release with the patches is available. SP2 is 17MB download.
Anyone know what the equivalent version is if you have the AOL version of IE? (not that I do) but you can imagine AOL will be slowed to a crawl if every single user must get an upgrade first to SP2 or IE6, then get this patch. When - oh - when will AOL finally become browser neutral or go entirely to Netscape/Mozilla?
Work for Change & GET PAID!
Sorry to break it to you, but a significant protion of the readership *does* use IE. Rob used to publish statistics on this and stopped for obvious, embarassing reasons.
By doing so, I can't get to Hotmail, can't sign in to Passport, and most importantly, can't access Windows Update.
Hey, anyone astroturfing for Microsoft! Your own security recommendation means people can't access your sites. I am NOT turning on active scripting(i.e. disabling a security measure) so I can get the fix.
You guys need to make your site work without Javascript. Sheesh. How can anyone take you seriously?
No, Thursday's out. How about never - is never good for you?
Flamebait is typically written to elicit strong emotional response and name-calling from the target audience... this falls under the "troll" category which gives a more subtle feeling of disturbance, saying something usually inaccurate or incorrect in a seemingly reasonable manner to generate lots of "discussion". Let's go point-by-point:
Seeing as michael's story was neither misinformation nor an over-the-top rant (read the story), this plays on the popular opinion that slashdot gets a lot of stuff wrong all the time, as well as our obvious anti-Microsoft bias, to pretend that it was in fact an over-the-top misinformed rant.
Did they provide information about when a patch was available? At the time, they did not, so this is hardly misinformation. Whether they release a patch today or three months from now, "no information" is still "no information".
Correct me if I'm wrong, but I believe "M$" is childish name calling. "If it agrees with me, it's opinion, otherwise it's bias": This just about sums it up. There is nothing wrong with bias; there is no way to avoid it, claiming something is unbiased is a great indication that something is trying to be intentionally misleading. I read slashdot because the bias mostly agrees with my own. Perhaps your time would be better spent looking for a more agreeable forum, instead of trolling on this one.
Don't think of it as a flame---it's more like an argument that does 3d6 fire damage
What happened? That bloody search-from-the-address-bar thingy had turned itself on. Oh well, I say, just go to Options -> Advanced -> Do Not Search From The Address Bar. I do this, type in "asdfa sdfsdfsa dfwer" (note the spaces) and POW: search-from-the-address-bar turns itself back on.
Much the same thing happens if you change the option and then restart IE.
WTF?