Slashdot Mirror

← Back to Stories (view on slashdot.org)

Uber-patch for Internet Explorer

Posted by michael on from the repatch-and-sin-no-more dept.

malevolence writes: "According to The Register, Microsoft has released an Uber-Patch for Internet Explorer that fixes all known security problems, as well as 3 new ones, including the content-type issue that was reported on slashdot a few days ago."

7 of 590 comments (clear)

  1. Only 5.5 and 6.0? by Anonymous Coward · · Score: 5, Interesting

    I had two users today get the Nimda.E variant via email. It had an interesting header that was included from an html formated email's iframe . . .




    Content-Type: audio/x-wav; name="sample.exe"
    Content-Transfer-Encoding: base64


    I'll leave out the actual format of the email's html. But what happened was Windows tried to run sample.exe right after previewing. No popup box, no nothing. And this was using Outlook Express 5.0 It was a good thing that the virus software saw the executable as a Nimda. If they had sent a format.exe that would have been it for the two user's data.



    Microsoft said that only 6.0 was affected?



    Or is this something different than what they have supposedly patched?

  2. Even weirder... by oGMo · · Score: 5, Interesting

    What if it was the reverse. The DOJ gives MS leniency, but calls in a favor with the FBI to announce some "Magic Lantern" spyware, and suddenly open projects become very popular....

    ...naw. ;-)

    --

    Don't think of it as a flame---it's more like an argument that does 3d6 fire damage

  3. Re:Question for michael... by FortKnox · · Score: 5, Interesting

    I have to agree about the anti-microsoft atmosphere here. Not only with this statement but all the "It deletes IE!" "It installs Mozilla!" jokes just make you people look like you are desperate to fit in. Its pathetic!

    IE is the best browser out there. Check ANY review. And MS has jumped to fix a bug that everyone found (notice the GAPING HOLE in Solaris/AIX systems that still isn't patched? Why aren't you going off on that?)

    Remember when you had to purchase Netscape, but IE was free?

    Mozilla MAY -become- better, but it isn't, yet. If you give me that "IE doesn't run in Linux" then why are you even posting to this article?

    You guys need to be less Open Source/Anti-Microsoft Zealotous.

    I'd post anonymously to preserve karma, but the authors already know my IP (see sig).

    --
    Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
  4. Re:All in one patch is 1/2 the solution by michaela · · Score: 5, Interesting
    I have found two solutions around this (although I agree about SMS pricing).

    1. Require domain logins, don't even provide local logins to the machine. Then, as part of the logon procedure, use a logon script. Look in the patch archive to find the list of files it updates. In the logon script, check the timestamp on three of them and if they're out of date, run the updater.
    2. Install VNC server on the user stations and set it to run at bootup. Then you can do nearly any administration task short of recovering from a complete blowout without leaving your desk. Do it after hours and you can reboot the machines right away. Or, use parts of #1 with a logout script instead to reboot the machine the next time they log out.
    --
    That is all.
  5. Comment removed by account_deleted · · Score: 5, Interesting

    Comment removed based on user account deletion

  6. all "known" vulnerabilities by Jettra · · Score: 4, Interesting
    In the spirit of legal debate over the meaning of the specific usage of words, what is meant by 'known'?

    Since Microsoft anounced it's policy of attempting to keep the lid on the security holes that exist within it's software, I would assume that 'known' means ones that they are willing to reveal to us.

    So the word 'all' preceeding 'known' has no meaning since Microsoft itself admits to witholding the true extent of the damage its software can do to your system through security holes.

    I consider this another decietful marketing attempt to make consumers feel safe about their products despite their worse than poor track record. They may not be outright lying, but there planting the seeds for others to do it for them. How many sysadmins will now send out an email saying that "IE will be free from all security bugs by installing this patch"? Of course that is a lie.

  7. Won't even install! by GeckoX · · Score: 4, Interesting

    Cute!

    Tried installing the 6.0 UberPatch on 2 separate boxes now, both running W2kPro sp2 with IE 6.0 installed with VS.NET beta2.

    (IE v. 6.00.2462.0000 to be exact)

    The installation quits with an error telling me I must have IE 6.0 to install.

    Also seen as mentioned above similar effect on 5.x versions other than 5.5 with that version install.
    Leaves me not exactly feeling warm and fuzzy about whether the actual patch will really patch the holes it's supposed to or not!

    --
    No Comment.