Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Security Patch Fixes URL Security Flaw

Posted by ryuzaki0 on from the no-more-typing-URLs dept.

loteck writes "Microsoft has just released Security Update 832894. According to their official information, it affects all NT kernel versions of Windows and most versions of Internet Explorer. Here's a rundown of the important fixes, notably 'A vulnerability that involves the incorrect parsing of URLs that contain special characters' in Internet Explorer, as previously discussed on Slashdot."

31 of 545 comments (clear)

  1. Does this mean by AuMatar · · Score: 5, Funny

    I can stop typing in all my links by hand?

    Oh wait- I use Mozilla. I didn't need to do that anyway.

    --
    I still have more fans than freaks. WTF is wrong with you people?
  2. the needed patch by vargul · · Score: 4, Funny

    hm... they should patch IE up to be mozilla for example... that could be called a patch...

    --
    Aure entuluva!
    1. Re:the needed patch by roystgnr · · Score: 4, Funny

      Yes, Mozilla is better than IE in alot of cases... but don't forget, the average user still uses the internet for email, online banking, and news sites.

      So do I.

      And guess where you are more than likely to run into an "I.E. reccomended" site? Online banking.

      Not at my little bank.

      Reality is, Mozilla is a far way from replacing I.E.

      Well, if your bank sucks, I suppose so. I'd be curious about which bank it is, though; the only place I still see "You should have Internet Explorer!" pages is zone.msn.com.

    2. Re:the needed patch by pantycrickets · · Score: 3, Funny

      u obviously got the point. that is why i wrote: patch it up to be mozilla

      u r the kind of peeps i wud take advice from.

  3. At least better than the KB article :) by sisukapalli1 · · Score: 2, Funny

    I am sure M$FT will spin it as if this is an innovative feature.

    S

    1. Re:At least better than the KB article :) by Anonymous Coward · · Score: 2, Funny

      You know, lots of people roll their eyes when they see someone refer to Microsoft as 'M$' or Windows as 'WinBlowz' or something like that. Some people might even go as far as to flame you for it. Personally, I'm all in favour of it! Nothing makes me happier when I see someone make fun of Microsoft in that way! You know why? Because the quicker I see 'M$' or 'WinDOS' in a comment, the quicker I can disregard everything you've wrote, scroll past your post and add you to my 'retarded peon' list, never to take anything you say seriously ever again, even if its something completely unrelated. So, in the future, please try and work your tired shots at microsoft in toward the beginning of your posts. Thanks!

  4. Patches being sent by email by Anonymous Coward · · Score: 3, Funny

    Now check your in-boxes and make the InterWeb a Safer Place TM.

    1. Re:Patches being sent by email by gotr00t · · Score: 2, Funny
      Oh, right, that "January 2004, Cumulative Patch" that was written with very poor grammar, that I get 50 copies a day sent to my mailbox.

      It also says "Thank you for using Microsoft products," something that I have never heard M$ say, ever, and also despite the fact that I don't regularly use "Microsoft products."

  5. HA HA NICE TRY by Anonymous Coward · · Score: 5, Funny

    Nice try Microsoft. I'm not clicking links while running IE, as per your instructions!

  6. Wow Security update # 832894 by Anonymous Coward · · Score: 5, Funny

    I wonder what happened to the other 832893 security updates?

  7. direct link? by Anonymous Coward · · Score: 1, Funny

    is there a direct link to this patch? tnx

  8. Re:NOW MAYBE U FUCKING ANTI-MS HOMOSEXUALS WILL ST by noelo · · Score: 2, Funny

    Please Mr. Gates, calm down, relax, breath deeply.

  9. Switched a while ago... by FrancisR · · Score: 2, Funny

    I switched away from IE a while ago because the browser windows would mysteriously disappear while using Microsoft's own Virtual Desktop Manager. Firebird works fine with it. It's ironic that Firebird integrates more well with one of MS's products than MS's own product does.

  10. Incorrect parsing by southpolesammy · · Score: 2, Funny

    notably 'A vulnerability that involves the incorrect parsing of URLs that contain special characters' in Internet Explorer

    So now all those goatse URL's finally parse back to the trolls at /.

    --
    Rule #1 -- Politics always trumps technology.
  11. Here are the patches: by HungWeiLo · · Score: 5, Funny

    So you don't have to match up the knowledge base numbers in WindowsUpdate:

    Here
    Here
    Here
    Here

    --
    There are a huge number of yeast infections in this county. Probably because we're downriver from the bread factory.
    1. Re:Here are the patches: by QEDog · · Score: 4, Funny

      Can I click those, or should I type the address instead?

      --
      "There is no teacher but the enemy."-Mazer Rackham
  12. Be sure to type in that link manually. by Anonymous Coward · · Score: 5, Funny

    I saw it on tv last night. I think it was

    http://microsoft.com/download/patch/win32/2004/f eb/en/?&mid=2304520392lHKJH09728037420987&dll=LKJ2 3L4SD09UVC9432J5JS-9UDFLKJN345U9SLKJ4L5U0SJCS4

  13. Ironic given an email my mom got by MemRaven · · Score: 5, Funny
    My mom got this email this morning which purported to be from someone at Microsoft referring to this exact patch as something she could download. The only problem (aside from the fact that even my mom wouldn't have been dumb enough to type sensitive information into a form like that, AND she uses Mozilla anyway) is that the link in the email USED the flaw that it was telling her to fix.

    In other words, some email/CC#/whatever harvester decided to pull a funny and use the correction for this flaw as a way to exploit the flaw. Now that I see that the described patch is legitimate, I'm actually laughing internally at the delicious irony.

    By the time my mom got the email, the target web site had already been taken down by the sysadmin of the host.

    None of this is to condone the action of the scum who blasted the email, but come on, that took some balls.

  14. Re:NOW MAYBE U FUCKING ANTI-MS HOMOSEXUALS WILL ST by Anonymous Coward · · Score: 1, Funny

    That's not Bill, that's Steve, and he's displaying normal behavior, move along.

  15. special characters? by andman42 · · Score: 5, Funny

    'A vulnerability that involves the incorrect parsing of URLs that contain special characters' in Internet Explorer

    Yeah, the special characters www.google.com now correctly parse to search.msn.com

  16. Once... by Anonymous Coward · · Score: 1, Funny

    Once this thing finally hits 1.0 its gonna be a REAL solid piece of software. I'm glad to see they're still maintaining it regularly!

  17. Re:3mb ??? by ackthpt · · Score: 2, Funny
    Seems that Microsoft is still offering BIG patches this fix is 2.8mb ! damm, just for a link problem I don't know if they included a new clippy bmp in that ?!?! :)

    10K bug fix

    2.799M new bugs

    (I typed this already, but after downloading the patch my computer froze up and I'm having to retype it.)

    I can't take credit for this, as I saw it on slashdot once: "64,000 bugs in the code, 64,000 bugs, whack one back with a service pack, 64,008 bugs in the code."

    --

    A feeling of having made the same mistake before: Deja Foobar
  18. Re:perhaps IE was named after by nukem1999 · · Score: 2, Funny

    No no, back of the throat, "Aaagghh"

  19. Re:Slow But Good News by Platinum+Dragon · · Score: 2, Funny

    [...] the easiest to install for Windows users [...]

    I don't know if "easiest to install" is the best way to describe how most people get IE on their computers.

    "Found it slapped on with spit and duct tape" may be more accurate.

    --

    Someday, you're going to die. Get over it.
  20. Re:why not just use k-meleon? by speedbacon · · Score: 2, Funny

    did you just use "none of the heavy GUI" and MFC in the same sentance?

  21. click here by danZenie · · Score: 5, Funny

    i threw away my mouse when they suggested no clicking on URLs. now they fsck it and i have now mouse, what am i gonna do? hmmm, i should post this as an "ask slashdot".

    --
    You need people like me so you can point your fuckin fingers and say, "That's the bad guy." So what that make you? Good?
  22. Can you feel the death screams? by Anonymous Coward · · Score: 2, Funny

    Removing support for user.password@www.address.net?

    I just felt the death screams of 40,000,000 porn sites across the planet.

  23. security coverage? by Anonymous Coward · · Score: 5, Funny

    This patch doesn't cover much, it's more like a Security pastie.

  24. From the microsoft security website... by UnRDJ · · Score: 2, Funny
    From here:
    February 2, 2004
    This security update for Microsoft(R) Windows(R) addresses newly discovered issues in Microsoft Internet Explorer, a component of Windows. If you have any of the listed software installed on your computer, you should visit the Windows Update Web site to install related updates. [emphasis mine]
    Hahahaha...
  25. Re:From Microsoft Security Bulletin by lsdino · · Score: 4, Funny

    1. They are convinced the monitor is actually the computer. I don't know what they think that big tower does, but since they have it piled high with boxes, blankets, and it holds up their space heater, they've more than likely forgotten that its there.

    Oh, come on, everyone knows the big tower is the hard drive! :)

  26. They call that a fix??? by Anonymous Coward · · Score: 1, Funny

    When going to *any* URL with an "@" in it, IE will come up with an error page titled "Invalid Syntax Error" with the content:
    The page cannot be displayed
    The page you are looking for might have been removed or had its name changed.

    So if Microsoft ran a garage, I guess they'd "fix" that funny noise your engine was making by removing the car's battery.