Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Security Patch Fixes URL Security Flaw

Posted by ryuzaki0 on from the no-more-typing-URLs dept.

loteck writes "Microsoft has just released Security Update 832894. According to their official information, it affects all NT kernel versions of Windows and most versions of Internet Explorer. Here's a rundown of the important fixes, notably 'A vulnerability that involves the incorrect parsing of URLs that contain special characters' in Internet Explorer, as previously discussed on Slashdot."

4 of 545 comments (clear)

  1. Better late by frumin · · Score: 0, Troll

    Better late than never ^_^

    --
    I punched a baby once.
  2. A new patch??? by jonfromspace · · Score: 0, Troll

    Do you have to pay for the patch???

    --
    I am become Troll, destroyer of threads
  3. From Microsoft Security Bulletin by loconet · · Score: 2, Troll

    "This Internet Explorer cumulative update also includes a change to the functionality of a Basic Authentication feature in Internet Explorer. The update removes support for handling user names and passwords in HTTP and HTTP with Secure Sockets Layer (SSL) or HTTPS URLs in Microsoft Internet Explorer. The following URL syntax is no longer supported in Internet Explorer or Windows Explorer after you install this software update:

    http(s)://username:password@server/resource.ext"

    ...and even though they continue to break standards, people continue to use their software. Are users that ignorant and lazy? .. Why do I even ask that question.

    --
    [alk]
  4. Re:At least better than the KB article :) by westlake · · Score: 0, Troll
    Microsoft IS a for-profit corporation, and that's why the M$ in my writing.

    all the same, it's generally safe to assume that anyone who "enlivens" his posts with repeated references to M$, MicroSloth, and all it's variants, no longer has anything fresh or interesting to say.