Slashdot Mirror

← Back to Stories (view on slashdot.org)

MSIE Uber-patch Of The Month

Posted by ryuzaki0 on from the windstorm-'97 dept.

mkraft writes "Microsoft released another security patch for Internet Explorer to fix 6 'new' vulnerabilities. Info on the patch can be obtained via download or Windows Update. Not sure what 6 things the patch fixed, but I'm assuming they fixed 6 of the 14 known exploits listed at http://jscript.dk/unpatched/" Maybe not even all six -- the maintainer of the above URL claims in a post to Bugtraq that Microsoft got some facts wrong and "patched a symptom" of one of the vulnerabilities, "not its root cause," and that IE5 and IE5.5 remain unpatched with the same "Critical" vulnerability. Also, please compare to previous MSIE Uber-Patches Of The Month: December 2001, 3+? holes in IE; March 2002, 2+? holes in IE; April 2002, 2+? holes in Mac IE.

11 of 357 comments (clear)

  1. Like clockwork. by saintlupus · · Score: 5, Funny

    Microsoft released another security patch for Internet Explorer

    Is it Thursday already?

    --saint

  2. So basically... by Indras · · Score: 5, Funny

    Saying you're trying to fix all the holes in IE is like saying you mean to turn a sieve into a bowl.

    Seriously, it seems they are finally turning around and trying to make their products more reliable. They've come a long way since Win95 (or WinME... ::shudder::).

    --
    The speed of time is one second per second.
  3. other browsers are teh bomb! by grazzy · · Score: 5, Funny

    luckily several other competing browsers have much less patches that have to be applied.

    netscape - doesnt have any holes - it crashes before anyone have time to exploit them.
    mozilla - its not called holes, its a feature until further notice.
    opera - pages download quick, dont they? then stfu.

  4. Breaks some Javascript by DaDigz · · Score: 5, Informative
    Just posted to the NTBugTraq list is a message noting that it breaks some Javascript.

    The example code that fails with the patch is here.

    --
    Those who will sacrifice Freedom and Security will get Windows...
  5. I wish things were always so easy... by pubjames · · Score: 5, Insightful

    Warning! Positive comments about Microsoft ahead...

    I have Windows XP on my desktop and RedHat on my public server.

    I have grown to appreciate the way Windows XP patches itself. Frankly it is a bit of a pain in the butt having to apply patches to my RedHat server each month and I would be much happier if it could just do it itself, automatically, like XP does.

    I hate Microsoft. They're bastards. But the auto-patching that Windows XP does is great. We need it for Linux, both desktop and server.

    1. Re:I wish things were always so easy... by SirThomas · · Score: 5, Informative

      Um, RedHat comes with an auto-updater 'up2date'.

      You just need to register your machine and it can automatically update your machine for you.

      Some may complain that it is a 'for pay' service but you do get one system for FREE.

      Check rhn.redhat.com for more details.

    2. Re:I wish things were always so easy... by Mike+Schiraldi · · Score: 5, Funny

      That's not Windows Update; i own your box and have been busy setting it up the way i like it.

      --

      --
      Mod up a post Rob doesn't like and you'll never mod again

  6. Microsoft is getting smart by mikosullivan · · Score: 5, Insightful
    The increased pace of security patches from MS may indicate that they're finally serious about security. If so, the OSS movement needs to be wary. Windows lack-of-security has always been a major harping point for the OSS movement. Yes, I'm glad for the windows-users of the world that their OS is getting better, but those of us who preach OSS to our colleagues and friends need to be aware that a major talking point may be going away. If MS really has decided that Security Counts, they've got pretty deep pockets to do something about it. Sun and IBM have both proven that the closed-source system can in fact produce pretty secure operating systems.

    Microsoft is a formidable opponent. They're very rich and very good at using those riches to get what they want. We need to avoid being smug.

    --
    Miko O'Sullivan
  7. Re:C'mon, guys... by gclef · · Score: 5, Informative

    Yes, but the patch doesn't actually *do* what it claims. Therein lies the problem. There has been a steady stream of messages to various security lists today about how this patch does not actually fix many of the issues that it claims to fix, and breaks other stuff in the process. see http://jscript.dk/unpatched/ for the present list of unpatched IE problems, and some commentary on this patch.

  8. They deserve to be flamed by Vicegrip · · Score: 5, Insightful

    Nobody else claims their browser is a key component of the operating system-- that it cannot be removed because its functionality is so interwoven into the operation of the system.

    Of course people are going to flame Microsoft for designing such a product with so many critical security holes which compromise their computer, making it part of the OS and then arrogantly refusing to give people the ability to remove it. At least I can un-install every other browser if I decide it doesn't suit me.

    You complain about people flaming Microsoft. I submit to you that if that corporation wasn't so arrogant, pushing its views and way of doing things onto everyone else then stifling the innovation of others, that people would be a lot more forgiving of mistakes.

    I have no sympathy. Not for this corporation. Microsoft made this bed, it can sleep it in now.

    --
    Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.
  9. MS (in)security and /. MS bashing by theolein · · Score: 5, Insightful

    I notice that everytime MS gets a negative posting here, which is often and to be expected, since this is a place where you don't have to fear any recriminations when posting negative MS articles (Rob Malda does not have to report to an editor in chief and explain why he's undermining the MS advertising on the site), A lot of people post a lot of anti-slashot commentaries about anti-MS bias etc.

    This is one of the few *very* public sites that I can go to and read public criticisms of MS, step by step. If I wanted to read what a fantastic job MS is doing with it's security and how it really is such a *fab* company, then I could either go to MS' site and read the marketing departments latest press releases or go to ZDNet and read commentaries by the zombies in their editorial department.

    I *want* to read extremely critical news here on /. Criticism keeps MS on it's toes and stops them from doing what they like with users' (including your) rights. It gives me a good critical counterclaim for every piece of anti-linux FUD that comes from MS.

    /. May often be wrong but they don't try to tell me how wonderful is and how I can just back and let MS handle all my problems.