Slashdot Mirror
MSIE Uber-patch Of The Month
mkraft writes "Microsoft released another security patch for Internet Explorer to fix 6 'new' vulnerabilities. Info on the patch can be obtained via download or Windows Update. Not sure what 6 things the patch fixed, but I'm assuming they fixed 6 of the 14 known exploits listed at http://jscript.dk/unpatched/"
Maybe not even all six -- the maintainer of the above URL
claims in a post to Bugtraq
that Microsoft got some facts wrong and "patched a symptom" of one of the vulnerabilities, "not its root cause," and that IE5 and IE5.5 remain unpatched with the same "Critical" vulnerability.
Also, please compare to previous MSIE Uber-Patches Of The Month:
December 2001, 3+? holes in IE;
March 2002, 2+? holes in IE;
April 2002, 2+? holes in Mac IE.
Although, there is a NTBugtraq post just now that say the patches break Javascript on MS browsers so maybe you don't want to install it just yet. It states:
The installation of the 15-May-2002 Cumulative Patch for IE (V6 in this case) breaks the following Javascript code. This code works in IE versions *not* patched with Q321232 but fails to execute on IE6 which has been patched. I don't have IE 5 or below so I don't know if they broke those versions as well.
Russ Cooper had an article on NTBugtraq recently pointing out how bad MS quality control is. They have separate patch sites for different products with tools that break each others patches. We don't need to break Microsoft up. It is doing so on its own.
You know the only way MS will become a part of computing hsitory in the future is
By making programming mistakes to fix 5 years later..
Okay for some facts:
There is stil no company policy to avoid writing code that produces buffer overflows..the toolkits to help avoid this have been out in every major computing language for over 2 years..
Poor unit testing
..and the list goes on and on..
Don't Tread on OpenSource