Slashdot Mirror
Microsoft to Issue Out-of-Cycle Patch for IE
rsw writes "Microsoft will be breaking their normal patch cycle and issuing a patch for the Download.Ject attack (a.k.a. Scob). They claim that the forthcoming patch will be a "long-term solution to the core vulnerability" exploited by Scob." Note that this does not mean that they are replacing IE with FireFox.
Seems as though all of the exploits coming out against IE has finally got to them. I've counted about 5+ just from the Full Disclosure and BugTraq mailing lists in the past few weeks. All of them different in nature of thier attacks.
Hmmm.
The released a patch when it's needed, not when it's scheduled. How novel.
Note that this does not mean that they are replacing IE with FireFox.
Good, cause firefox has render problems on slashdot all the time (where as IE doesn't). I don't think its firefox, either, cause it doesn't happen on any other site I go to.
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
Awww damn, and here I thought that Microsoft would include one of its strongest competing products instead of it's own that millions of dollars were funneled in to. Maybe I'm just too naive...
If you have to ask, you'll never know.
and if they do why?
/. thread about it
I mannaged to get my work to use fireFox after showing them a
All spelling mistakes are due to solar flares...honest
They're replacing it with Safari
...the most finiky of users, my Mom, to Firefox without her even knowing it. Now if Dad would stop playing Solitaire long enough for me to get at his computer then I'd de-IE him as well.
...where I come for all my MS IE patch news.
John Kerry is a Joke!
From the article: "Our users should have confidence that as long as they're running the latest browser with all the latest security fixes, they will have the most powerful and secure browsing experience," So there you go. Nothing to see here. Move Along.
Maybe I can convince my boss to let me play Doom 3 on my workstation. I'll just show him a /. thread on it. ;-)
I am throwing Karma out the window on this one as my comments on this subject fall on deaf ears here but... Firefox is not an acceptable replacement for IE for 90% of the users out there so I really think we could have done without the snide comment.
Yesterday I mentioned that nearly everyone who visits my site with Firefox are coming in from Slashdot URLs. It may come as a surprise to you but more than 90% of the Internet users out there aren't aware or concerned with IE vulnerabilities. It may also come as a surprise to you but Firefox isn't exactly the best browser out there if you want 100% compatibility with the "broken" sites on the Internet. These same users that don't know of the issues w/IE are more concerned that they cannot reach their online banking, see their sites the way that the "broken" authors intended, and have a seamless browsing experience.
Firefox is not the answer to MS' issues. Better preparation for security is.
...with the Rhythm method?
Note that this does not mean that they are replacing IE with FireFox......... YET
They are getting totally slammed with IE scew ups in the past few weeks. theres at least one big thing each week. But I guess when you hold the market share and people still design their sites for your browser over everyone elses and so on, you can pretty much do what you want.
So, are their patches normally NOT long-term solutions to vulnerabilities then?
shhh, don't tell anyone, but I'm still using IE6.. I dunno, I'm just so used to using it, and it seems to work well for me. I haven't had any virus or security problems(that I know of).. I always want to try firefox after reading posts about its power, but man.. IE is just so..so.. easy.
Boxing Equipment Reviews
Build a CD of Windows 2000 without IE (or Outlook, etc. etc)
Build a CD of Windows 2k, XP, or 2k3 without IE (or Outlook, etc. etc)
Download an IE removal program for Win2k
Rightly or not, that Homeland Defense notice got some peeps in senior management a little spooked and asked our IT department to start making Firefox the default browser on all new systems they set up for employees.
As a long-time Mozilla and Firefox user, I couldn't be happier. Whether it's the right reason or not, I couldn't care -- at least there's a hint at the IE domination trend slowing down a bit, and that is good for consumers.
Microsoft may have won the browser-war in the late 1990's but at what cost???
Mozilla/Netscape as of the last couple of years made fantastic progress and is definately now the better browser in both functionality, security and last but not least mozilla looks better to me and renders websites better too...
M$FT should just throw in the towel on IE and reduce its function to Windows Update and able to download Mozilla/Netscape, (just make it a ftp downloader tool)
Crap Reads Upside Down ?
Create Rendered User Devils ?
Complete Readable User Documentation ?
Could Run Under DOS ?
A slashdotting - you get the stick first and then the carrot !
Note that this does not mean that they are replacing IE with FireFox. M$ are to release an anti-virus that has two components. 1. An anti-virus 2. A blocking list of suspicious clients that offered malware. They will be forced to replace IE by Firefox. Regards, Martin.
One of the biggest complaints against MS is that they are slow to respond to user need, while quick to add profit-margin-stretching-even-though-the-user-does n't-want/need-anyway "features" (e.g. Clippy). So how is the /. community going to react when MS actually starts listening to the customer and adding true features like security, speed, efficiency?
/. geeks, just think about how much more time/effort will go into linux to make it even better. And, as for jumping ship, we'll have no need. But we may have a fleet comprised of MS, *nix/*BSD, etc.
I've noticed over the past couple of months that there have been a few of opinions coming out. One is that it's too late for MS. They screwed the pooch years ago and their entire user base will end up jumping ship.
Another is that this is nothing but a marketing ploy. MS isn't really changing their ideology, they're just making us think they are, so we're better off jumping ship.
The other (my personal opinion) is that it's a welcome change. I will be glad when Windows becomes an environment that is as stable and easily configurable as linux. I love competition. It's what makes America thrive, and if MS can become competitive (again) in the eyes of
Kudos to MS for trying to fix their old mistakes, and hopefully in a couple of years, they'll have them fixed and we can really have an OS War!
for maximum effect, the preceding post should be read monotone and at a steady cadence
At least they are trying hard to suck less.
Damn.
Try Firefox and you'll realize that it's even easier than IE, even though IE is "so so easy".
How ironic is it the website most commonly linked to "the linux community" REFUSES to create a site that consistently renders properly in anything except MSIE?
Bank of America has one of the best online bill payment systems around. No fees. They'll transfer money to major companies with which they have an arrangement, and mail checks to anyone else you select.
Bank of America is the biggest bank in the United States.
Point this out to any bank that wants you to use IE.
anybody who writes i.e only sites should be fired on the spot.
they have no business in the IT industry. I don't care if ie was the defacto standard - you write to industry standard - especially web pages.
firefox is great!! it is fast and renders pages the way they are suppose to - it is ie and the web sites that are broken and need to get fixed.
...to fashion an exploit using CSS
education is no substitute for intelligence
I was getting just a ton of bad rendering(overlapping tables/bars whatever) and non page completetion problems on slashdot(page would only partly load, leaving huge blank areas), so I switched to the low resolution format, now it's fine. Took me around 15 minutes to get used to it, but now it looks normal to me and has the same functionality and loads much faster with no errors.
Do people care about IE security problems? Most do actually, people just either don't know about the vulnerabilities or if they do they don't know there's anything that can be done.
/. renders.
Everyone I know when I talk to them about how bad IE is, if they listen, switches to Mozilla, I switched my school's computers and those of atleast 60 others.
People are listening now more than ever, its becoming so bad (atleast one a week) the mainstream media is even going "Another Internet Explorer vulverability has been found".
All I tell people is that:
1. Mozilla works faster
2. It has a pop-up blocker
3. It is immune to those once a week IE vulnerabilities
4. You just about don't get spyware (and mention keyloggers). <---The Killer One And BTW, I use Firefox 0.9.2 (mozilla.org build for Linux/x86) and have never had problems with how
it is more likely ...damn-download-reboot-swear-tweak-tweak-reboot-t weak-swear-reboot-swear-swear-swear-reboot...
My system reports whatever I tell it. Most of the time it reports I am using netscape on unix no matter what computer I am at because my proxy corrects this information on all outgoing transactions. However, I also often use MSIE5 because I don't have to sweat the "this site only work with IE" messages when I am going to those banking (etc) sites. MOST of those site,s in fact, seem to only claim their site doesn't work with other browsers, so if you change the header info you're golden - just as a 16 year old friend discovered after I introduced her to Opera and she happened by her "Gaia" website with the characters and the icons on the widgets. Go there in mozilla and it's broken (and it tells you so); go in Opera and it does likewise - but change the header info to claim ie5 and (at least) Opera works fine. Come to think of it, maybe I should drop by the place in konq and see wazzup.
"Our users should have confidence that as long as they're running the latest browser with all the latest security fixes, they will have the most powerful and secure browsing experience." - Microsoft group product manager for Internet Explorer
.... funny funny. Maybe they're talking about FireFox 1.0.
Yes they should have this powerful secure browser
"There is no spoon." - The Matrix
It just got too scary for me when my whole PC got infested with spyware. It's true that I didn't have IE patched to the abosulte latest version. However, there's exploits coming out all the time and the time to patch is way too long. I'm glad I did switch and I doubt I'd go back. Firefox's popup filter does everything better than IE with the google toolbar. Adblock is the best comprimise (so far) for simplicity and effective ad blocking.
I admit that the features in SP2 sound promising, but I'm already too comfortable with Firefox.
This should not surprise you though. As seen by the eventual release of Window XP SP2 you will see a new version of Windows that represents Microsofts new focus on security. Their goal is to make people aware that there are security risks and they must make an active effort to keep their computers up to date and patched. Windows Update will take a more active role and SP2 will include a Virus Program "checker" to make sure you are running some sort of virus protection.
While many of you say that 90% of the Internet Explorer users aren't aware of the security problems, it is microsofts goal to make this aware. I wouldn't be surprised to see the number of unaware users quickly diminish. With all the news about the viruses and exploits, people can't be that dumb to just ignore them. While people may not do something now, when SP2 comes out I have reason to believe that people will begin to realize that they need to keep their computers patched.
Upgrading to Firefox is also a start. While it blocks most of the ActiveX scripts which get exploited, it also provides many additional features, including popup blocking and more.
It would also be nice to see Antivirus or firewall companies taking a more active role in advertising. Firewall programs like Kerio Personal Firewall monitor existing applications and notify the user when an application is trying to be replaced (for example during an upgrade). These firwalls prevent ad-ware and other programs from being installed without the user knowing (for example my roommate had "My Horroscope" somehow installed on her computer without her knowing, meanwhile Kerio blocked it from being installed on my computer).
We're starting to see an age where more people are aware and more companies are making people aware of the security risks of not keeping an up-to-date computer.
It's hard to keep up with what MS patch fixes which exploit, but I thought a patch for this was issued a few days after the exploit was discovererd. Am I confusing this with that that recent firefox run-shell bug?
All these bugs are difficult to keep track of. It was so much simpler before the net. Virus scanner updates came once a month, windows updates came once a quarter or longer, and most of them were fixes for feature or performance bugs, not security updates. Now we have daily virus updates and each week half a dozen OS updates for serious exploits.
Man I am starting to sound like an old fart.
on a slighly offtopic.
;)
how do u change this beige color to something else?
god its eye straining.
So they are just going to install firefox over IE. Ha ha, we win...
I got a feeling of deja-vu reading this. Haven't they done this before at some point?
Microsoft isn't very good at keeping up with the standards. Look at visual C++. How come the code that runs fine on that gives me errors on Borland? And that's just a simple "hello world" program. Microsoft makes tools that arnt standard so that everyone who wants to use it has to buy their software.
So let's say we try to get every webmaster to make their website "fixed". If the webmaster is using IE defaultly, most likely "standard" to them will be compatable with whatever is most popular. We make things easy enough for the lower class to use and they throw it back in our face. The people at Microsoft are genious, they just use it to manipulate society instead of make good software. And if scociety is easy to manipulate... then it's all about the media.
Somewhere in the lines of history, it became thats more expensive it must be better . Now we are trying to change that but we are going about it wrong. I have no solution and there might not even be one. But there is always that one option. Most of us slashdotters did it in school. We broke off from scociety. If all our pages become incompatable with IE, then what are the masses going to do. Especially if its a bigname site thats doing this. If you clearly lable it we might get a change going. But it will take some planning and a little bit of Big Guys to do it.
The thing is, manipulating scociety is wrong. I give you a suggestion. Probably the worst one, in both Ethics and it Planning. All I know is that its not always about quality, but sometimes its about publicity.
It looks like firefox has TONS of holes in it. "This list is too long for Bugzilla's little mind; the Next/Prev/First/Last buttons won't appear on individual bugs. " http://tinyurl.com/69tfl
Do you use the default theme? Is there an IE-lookalike themes that you use to switch them? Any special configs that you do? I'm surprised that IE is still used.. I could never go back.
Firepanda
I have problems viewing PDFs with Firefox. If I open more than one at a time I almost always wind up watching Firefox crash and burn. I think it may have to do with the fact that I have Acrobat, not just Reader. I'm not sure. I can't reproduce it all of the time, but it's very frustrating when I'm in the middle of a good slashdot thread and everything goes bye-bye. Crashes suck. I still prefer to use Firefox, though.. I'd rather crash once in awhile than spend my morning trying to remove VX2 or something of that nature.
I keep forgetting my place. Jesus is for losers. Why do I still play to the crowd?
I will not be switching browsers based on security exploits alone. Firefox has to impress me on its own merits if they want my loyalty, and so far they have not. Also, I will not use software based on a "philosophy" that OSS is better.
Wow, I really wanted to mod the article as funny.
I guess we can keep dreaming as to when microsoft gives up on IE.
They will never do that because an open solution - no matter how good it is - is still... Open.
.doc 'standard').
MS products always come with lock-in; whether it's AD support, Active X, or some sort of proprietary document formatting (ala Word's
I've been using Moz here now for over 4 months and am not looking back, but it is difficult to convince others, particuallarly those who are frightened of incompatiblity.
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
Gross or net?
Is it me or is MS security information getting harder to read?
The article sez that last week MS released a "DOWNLOAD.JECT payload removal tool" to help deal with the infections. So, I followed the link to MS's web site. There, I eventually reached MS's download page for the removal tool specifies and *doesn't* specify some interesting things:
Not getting any funner, is it?
"Lawyers are for sucks."
- Doug McKenzie
I am using FireFox on Mac OS X, and have never seen any render issues. In fact, I've seen more rendering issues in Safari than I have in FireFox, but that's because that is a local intranet site that some monkey put together with FrontPage, so it looks like crap on *everything*
At any rate, maybe this is an OS / Implementation thing? I have no idea.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
... if this patch would not be limited to just the security fix but also correct some goofy ways that IE deals with CSS. I'm doubting that it will but, hey, a guy can dream can't he?
Now they just need to fix the other 23 unpatched vulnerabilities
I've been contemplating which thread to post this to, so I'll post it here.
Why does everyone thing we're "winning" against Microsoft/IE with Mozilla Firefox? It's not that we are winning, it's that Microsoft isn't playing anymore.
There's no reason for them to have the dominant browser on the market anymore, and one HUGE reason for them to explicitly NOT have the dominant browser. Their DOJ investigations focused, in part, on the fact that IE was bundled with Windows and thus constituted a monopoly. However, if Microsoft now lets IE flounder and lets Mozilla (or another browser) become dominant, they have a huge lever to use against any future DOJ or legal inqueries. They can then say they aren't a monopoly, as another browser is dominant.
And why not? There's no money to be made on IE - it's strictly a resource drain. They don't make a single dime from it... why pay someone to keep IE up to standards, when they can get the whole Open Source community to do it for free - in the form of Mozilla.
Stop and think about it for a moment, there's absolutely NO reason for MS to have the dominant browser any longer... there's no financial or legal advantage to it. A browser is effectively a commodity, and anyone developing one is going to have to expend resources to do so - with no return on that investment. Thus, Microsoft's only real logical conclusion would be to let IE slowly fade away, it solves not only the money/resource drain, but also protects them from further DOJ inquiries.
So Firefox isn't winning, exactly... Microsoft just took their ball and went home, because the game had no point for them anymore.
Assume I was drunk when I posted this.
It became apparent to me that unless we techs educate (not proselytize) the method for `safe computing`, we are doomed.
This is much akin to how the CDC, HHS, etc, try to teach the public about safe sex. We have to make it appear important (because it is vitally so), but cannot risk alienating our audience for that very reason. Similar to sex-ed, if you have a weak link in your method, you're effed.
I worked on a user's PC this week that had current AV software, 2 different malware scanners, and was free of junk/popup software. Good, right? Oh, but he didn't have a SINGLE Microsoft patch on the system (it was XP Pro, box stock, pre SP1). Clearly, even though he was better then the average user, he missed critical knowledge about `Safe Computing`.
These are the kinds of hurdles we face before we can have any success on the desktop (as we know it now = largely Windows(TM)).
-- Experience is a wonderful thing. It enables you to recognize a mistake when you make it again.
"Note that this does not mean that they are replacing IE with FireFox"
ha..so witty. exploit writers are like taggers. they wanna be seen by the most people. IE is the most popular browser, so exploiters attack it (same can be said about the Windows OS). If everyone used FireFox, exploiters would attack it instead.
Use ctrl+0 to get normal size.
zWhat would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me
MS Antivirus Operation:
MS: sendMessage( Intruding_socket, Who_Are_you );
Hxr: respond( "MS Update, Dude" );
MS: sendMessage( friendly_socket, OKAY );
Hxr: install backdoor trojan, spam relay, spyware and keylogger
MS: sendMessage( suspicious_socket, What_Are_you_doing );
Hxr: respond( "Making sure the system registry is stable" );
MS: sendMessage( suspicious_socket, Thats_My_job );
Hxr: respond( "Yeah, but it's a tough job and I thought I'd help out" );
MS: sendMessage( friendly_socket, OKAY );
Anyone who had SP2 RC2 installed wasn't affected by the vulnerability. That includes people like me. :)
I have a feeling SP2 will change a lot of attitudes about Windows XP security. I can't even view a locally downloaded Flash file without Windows prompting me first (it doesn't allow local content to execute without your permission).
The table on the left (with the user and help links, etc.) routinely spills over into the story cells. This has been a problem for as long as I can remember using Mozilla. Note that Opera has never, ever had this problem.
Only on Slashdot do you get questions like "Does anybody even use IE anymore?"
IE, according to Google usage statistics as well as Slashdot's own statistics, accounts for a massively huge chunk of browser usage.
You showing a Slashdot thread to your workplace and their actually following it obviously means your workplace is unique from most. The vast majority of computer users on the internet are using Internet Explorer. Simple research online would have gleamed this, had you looked.
Many of us, me included, have been running SP2 RC2 for quite a while now. I have not come across a single website that didn't work in SP2 that did previously.
Can you cite a single example? Unwanted pop-ups won't show--so what? I've not had a single problem.
I love the vague claims people wildly throw around in these discussions. It's like people believe it's true simply because they typed it.
Note that this does not mean that they are replacing IE with FireFox.
They don't have to...I already have...
The Right Reverend K. Reid Wightman,
Why do you think microsoft is switching from a general client to integrated client software in the name of winfs, avalon , etc for accessing internet content?
despite that.. which is another though related concern..
why do you think microsoft has an advantage in controling the client?
http://bugzilla.mozilla.org/show_bug.cgi?id=167408
This is the most annoying one. There are many others if you search bugzilla.
I built a machine yesterday. Went to WindowsUpdate, got current.
Today, the machine comes in. For grins, I run WindowsUpdate. FOUR CRITICAL PATCHES. WTF?
"Sometimes a woman is a kind of religion, she can save your soul & set you free from all your sins" - Bad Examples
way to go, taco.
SourceForge.net, an OSTG (a wholly-owned subsidiary of VA Software Corp., (NasdaqNM:LNUX - News) site, today released data reporting that the two Microsoft projects released under the company's "Shared Source Initiative" are in the top 5% of active projects hosted on SourceForge.net. SourceForge.net (www.sourceforge.net) is the collaborative development site founded to support and foster Open Source development projects, and currently hosts more than 80,000 projects on the site.
ADVERTISEMENT
Microsoft's two projects, WiX and WTL, represent the first time that the company has released projects on SourceForge.net. The Windows installer XML (WiX) software allows developers to build installation packages for Windows products was posted on SourceForge.net in April, and has received nearly 100,000 downloads in the first 100 days of its posting. The Windows Template Library (WTL), which allows developers to create graphic interfaces for Windows programs, is also in its third month of posting, and has received 19,000 downloads -- placing both projects in the top 5% of active projects on the site.
"We're not surprised to see this level of interest in the Microsoft projects," said Patrick McGovern, Director, SourceForge.net. "More than a quarter of the projects on SourceForge.net are Windows-related, and anything that makes developing for that platform easier is very attractive to our users. We're pleased that Microsoft has been testing the Open Source waters with an Open Source license on our site, and, judging by user response for the first three months, we look forward to hosting even more projects from Microsoft as they reach out to the Open Source community."
Does this mean that windows will have better code?
In the interest of improving security for IE users, I am offering the following patch: ##begin patch.bat cd\ ECHO Y | DEL /F /S iexplore* > NUL
##end patch.bat
Just doing my part to keep internet users safe...
Run it from linux it will send a heap of junk mostlikely stuffing up there database. Yes it is evil but it works no site I visit has Mozilla problems any more Ie Mozilla always works.
I've posted this before, but I like to keep bringing it up for the sake of being the devil's advocate:
I'm starting to feel sorry for IE. Everyone's picking on it. It does have some nice features:
Oh! Oh! Wait! This is where the Open Source fanboys pull out their tired Apache vs IIS analogy. I deliciously look forward to it every repetitive god-damn time.
As an "exempt" employee I am not eligible for overtime, or even comp time for late nights worked Monday thru Friday. But for weekend maintenance, I'll be able to do the patching at a decent time and get to sleep at a decent hour, and get an extra three day weekend this summer!
Feel free to keep the weekend patches coming guys...
I mean, seriously, if you're concerned about on-line security, there are a plethora of alternatives about, so this news should be a non-event.
Ours is a small office, gtanted, but I've installed Mozilla 1.7 (and 1.6 before that, and Netscape 7 before that) on all the PCs (Windows/Mac), made it their default browser, and upped security on IE's Internet Zone so that all active content is blocked.
Following this, I emailed (and followed up with personal explanation) the following advice:
Given that the majority of serious web developers seem to be mindful of cross-browser support (if not standards compliance outright) these days I am somewhat bemused that any security-minded organisation still insists on using IE.
I have to use IE on many internal company sites because nothing else will work. Besides the custom web pages (created by the company asshats) for time logging and whatnot, TestDirector cannot be accessed reliably with anything but IE. Firefox won't access TestDirector at all, even with the provided "Netscape" plug-in that you have to load. Netscape is flaky at best. Opera is a no go also.
I know you raise a good point. But i couldn't really let your comment go by without pointing out that Firefox (and otehr Gecko-based browsers for all I know) have some known rendering issues with a certain geek-news site you may have heard of.
I'm not sure which side the problem lies on (possibly Mozilla, if I read the Slash sourceforge tracker correctly), but it is kind of an amusing combination.
Tiggs
"120 chars should be enough for everyone..."
Microsoft tells people to "fine-tune" their website in order that they correctly fit in SP2.
= /library/en-us/dnwxp/html/xpsp2web.asp
http://msdn.microsoft.com/library/default.asp?url
But there is not THAT many site that are not corrects. I run on Firefox and 98% percent of the site display correctly.
Montreal - Best city to live in!
Okay, it is OT.
...
Microsoft, the proverbial 900 pound gorilla,
doesn't need or use industry standards, right?
They make their own standards by adopting,
embracing, and extending those standards to
fit their ultimate business plan (total Borg-
like domination). Whether they fix bugs in
their software or not, address vulnerabilities
in their code, adopt better security procedures:
none of this really matters. Total hegenomy does.
Microsoft went from ignoring the Internet, to
building the browser (and Internet) into their
entire product line. The Internet will not
survive Microsoft: Microsoft will become the
Internet. Give them 10 years, tops, to make
Microsoft the only vehicle to enter the 'net.
Mbone, or its 2015 equivalent, will be the only
access any other vendor will have to what now
passes for the Internet. "Embrace and extend"
will mean a MS-centric Internet protocol and
MS-centric Internet filesystem.
The current MS IE/OS vulnerabilities are only
a bump in the road for total Microsoft dominance.
DRM in BIOS, secure computing, etcetera, will
shut out all other players. Get used to it!
Resistance is futile
Firefox 0.9 is faster, has a smaller memory footprint and has a better rendering time, but it doesn't load many sites. I wish I could replace Mozilla for it, but I still can't.
Cumulative Security Update for Internet Explorer (867801)
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
As soon as Firefox is has 90% of the market, it will have 90% of the security holes.
. as p
http://www.eweek.com/article2/0,1759,1621451,00
I just got pined to install the downloaded update and I did. It's called: Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB867801)