Slashdot Mirror

← Back to Stories (view on slashdot.org)

MSIE Uber-patch Of The Month

Posted by ryuzaki0 on from the windstorm-'97 dept.

mkraft writes "Microsoft released another security patch for Internet Explorer to fix 6 'new' vulnerabilities. Info on the patch can be obtained via download or Windows Update. Not sure what 6 things the patch fixed, but I'm assuming they fixed 6 of the 14 known exploits listed at http://jscript.dk/unpatched/" Maybe not even all six -- the maintainer of the above URL claims in a post to Bugtraq that Microsoft got some facts wrong and "patched a symptom" of one of the vulnerabilities, "not its root cause," and that IE5 and IE5.5 remain unpatched with the same "Critical" vulnerability. Also, please compare to previous MSIE Uber-Patches Of The Month: December 2001, 3+? holes in IE; March 2002, 2+? holes in IE; April 2002, 2+? holes in Mac IE.

3 of 357 comments (clear)

  1. Breaks some Javascript by DaDigz · · Score: 5, Informative
    Just posted to the NTBugTraq list is a message noting that it breaks some Javascript.

    The example code that fails with the patch is here.

    --
    Those who will sacrifice Freedom and Security will get Windows...
  2. Re:I wish things were always so easy... by SirThomas · · Score: 5, Informative

    Um, RedHat comes with an auto-updater 'up2date'.

    You just need to register your machine and it can automatically update your machine for you.

    Some may complain that it is a 'for pay' service but you do get one system for FREE.

    Check rhn.redhat.com for more details.

  3. Re:C'mon, guys... by gclef · · Score: 5, Informative

    Yes, but the patch doesn't actually *do* what it claims. Therein lies the problem. There has been a steady stream of messages to various security lists today about how this patch does not actually fix many of the issues that it claims to fix, and breaks other stuff in the process. see http://jscript.dk/unpatched/ for the present list of unpatched IE problems, and some commentary on this patch.