Slashdot Mirror

← Back to Stories (view on slashdot.org)

Uber-patch for Internet Explorer

Posted by michael on from the repatch-and-sin-no-more dept.

malevolence writes: "According to The Register, Microsoft has released an Uber-Patch for Internet Explorer that fixes all known security problems, as well as 3 new ones, including the content-type issue that was reported on slashdot a few days ago."

5 of 590 comments (clear)

  1. Only 5.5 and 6.0? by Anonymous Coward · · Score: 5, Interesting

    I had two users today get the Nimda.E variant via email. It had an interesting header that was included from an html formated email's iframe . . .




    Content-Type: audio/x-wav; name="sample.exe"
    Content-Transfer-Encoding: base64


    I'll leave out the actual format of the email's html. But what happened was Windows tried to run sample.exe right after previewing. No popup box, no nothing. And this was using Outlook Express 5.0 It was a good thing that the virus software saw the executable as a Nimda. If they had sent a format.exe that would have been it for the two user's data.



    Microsoft said that only 6.0 was affected?



    Or is this something different than what they have supposedly patched?

  2. Even weirder... by oGMo · · Score: 5, Interesting

    What if it was the reverse. The DOJ gives MS leniency, but calls in a favor with the FBI to announce some "Magic Lantern" spyware, and suddenly open projects become very popular....

    ...naw. ;-)

    --

    Don't think of it as a flame---it's more like an argument that does 3d6 fire damage

  3. Re:Question for michael... by FortKnox · · Score: 5, Interesting

    I have to agree about the anti-microsoft atmosphere here. Not only with this statement but all the "It deletes IE!" "It installs Mozilla!" jokes just make you people look like you are desperate to fit in. Its pathetic!

    IE is the best browser out there. Check ANY review. And MS has jumped to fix a bug that everyone found (notice the GAPING HOLE in Solaris/AIX systems that still isn't patched? Why aren't you going off on that?)

    Remember when you had to purchase Netscape, but IE was free?

    Mozilla MAY -become- better, but it isn't, yet. If you give me that "IE doesn't run in Linux" then why are you even posting to this article?

    You guys need to be less Open Source/Anti-Microsoft Zealotous.

    I'd post anonymously to preserve karma, but the authors already know my IP (see sig).

    --
    Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
  4. Re:All in one patch is 1/2 the solution by michaela · · Score: 5, Interesting
    I have found two solutions around this (although I agree about SMS pricing).

    1. Require domain logins, don't even provide local logins to the machine. Then, as part of the logon procedure, use a logon script. Look in the patch archive to find the list of files it updates. In the logon script, check the timestamp on three of them and if they're out of date, run the updater.
    2. Install VNC server on the user stations and set it to run at bootup. Then you can do nearly any administration task short of recovering from a complete blowout without leaving your desk. Do it after hours and you can reboot the machines right away. Or, use parts of #1 with a logout script instead to reboot the machine the next time they log out.
    --
    That is all.
  5. Comment removed by account_deleted · · Score: 5, Interesting

    Comment removed based on user account deletion