Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Releases Critical IE Patch

Posted by ryuzaki0 on from the but-i-thought-all-patches-were-critical dept.

Laura Brown writes "Microsoft has released its security software patches for April. The most anticipated is the MS06-013 patch, which fixes several IE bugs, including the "create TextRange ()" vulnerability. Hackers had been exploiting this problem by installing unauthorized software on PCs. "

2 of 172 comments (clear)

  1. The Exploit by eldavojohn · · Score: 5, Informative

    The Exploit If you want to know more about the exploit that this release is supposed to fix, here is a shellcoded from of it (dated 03.22.2006).

    And here's Microsoft's acknowledgement of the exploit (dated 03.23.2006).

    And here's an "expert" saying that releasing the above exploit is irresponsible (dated 03.24.2006).

    It is now 04.12.2006 and a patch is out to correct it.

    *checks his watch*

    Not bad, but your response time could use some imporvement.

    --
    My work here is dung.
  2. ActiveX, Java and Flash controls may be impacted by Dynamoo · · Score: 5, Informative
    Bundled in with this patch is a change to the behaviour of embedded controls in IE6 on Windows XP, due to the Eolas patent issue. This means that things like Flash navigation or Java widgets might not work without being clicked first to activate. TechWeb have a good article with a summary of the changes, along with some links elswhere.

    This won't affect IE6 on Windows 2000, and it's worth noting that things like Flash will work just fine in Firefox, Mozilla or Opera on Windows too.

    --
    Never email donotemail@WeAreSpammers.com