Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Releases Critical IE Patch

Posted by ryuzaki0 on from the but-i-thought-all-patches-were-critical dept.

Laura Brown writes "Microsoft has released its security software patches for April. The most anticipated is the MS06-013 patch, which fixes several IE bugs, including the "create TextRange ()" vulnerability. Hackers had been exploiting this problem by installing unauthorized software on PCs. "

7 of 172 comments (clear)

  1. The Exploit by eldavojohn · · Score: 5, Informative

    The Exploit If you want to know more about the exploit that this release is supposed to fix, here is a shellcoded from of it (dated 03.22.2006).

    And here's Microsoft's acknowledgement of the exploit (dated 03.23.2006).

    And here's an "expert" saying that releasing the above exploit is irresponsible (dated 03.24.2006).

    It is now 04.12.2006 and a patch is out to correct it.

    *checks his watch*

    Not bad, but your response time could use some imporvement.

    --
    My work here is dung.
    1. Re:The Exploit by Billosaur · · Score: 5, Insightful

      Not bad, but your response time could use some imporvement.

      From TFA: Microsoft Corp. has released its security software patches for April...

      Microsoft has adopted the policy of "no patch before its time." These patches must be left on the vine, to ripen in the sun, until they are full of succulent flavor that brings out the best in an OS... sorry... anyway, it didn't matter how important the exploit was or that it was compromising machines left and right and letting the botnetters have a field day, Microsoft was in no rush. And you have to admit, that 3 weeks is not bad compared to some exploits which seem to be out there for months before anything is done. Now if Oracle could get their patch time down to three weeks...

      --
      GetOuttaMySpace - The Anti-Social Network
  2. ActiveX, Java and Flash controls may be impacted by Dynamoo · · Score: 5, Informative
    Bundled in with this patch is a change to the behaviour of embedded controls in IE6 on Windows XP, due to the Eolas patent issue. This means that things like Flash navigation or Java widgets might not work without being clicked first to activate. TechWeb have a good article with a summary of the changes, along with some links elswhere.

    This won't affect IE6 on Windows 2000, and it's worth noting that things like Flash will work just fine in Firefox, Mozilla or Opera on Windows too.

    --
    Never email donotemail@WeAreSpammers.com
  3. Dammed if they do, dammed if they do not.. by Tominva1045 · · Score: 5, Insightful



    If they don't update their products people will comment on how much they suck.

    If they do update them people will claim instability due to the number of patches.

    It's a matter of perception. Some people see ongoing updates as true support. Others simply hate anything Microsoft.

    You decide.

    --
    Cogito Ergo Sum
  4. Re:Schedule Over Security? by Tim+C · · Score: 5, Interesting

    Unfortunately Microsoft does listen to its customers, and its biggest (and loudest) customers are corporate IT departments. Those customers have specifically demanded that patches be released on a regular schedule, to ease their own testing and rollout procedures.

    No, MS doesn't always release patches as quickly as they could, but in this particular case it certainly looks as though they got it out at the earliest opportunity, where this is defined as "as quickly as the largest proportion of their customer base allows them to".

    I'm surprised to discover that a business to which I have paid loads of money values a schedule over my security.

    Blame MS for bowing to pressure from their customers; blame the corporations for bringing that pressure to bear in the first place.

    --
    It's official. Most of you are morons.
  5. Re:How much longer is this going to be NEWS? by castoridae · · Score: 5, Insightful

    Why do we have to have a story every time a bug is fixed in IE or Firefox...?

    Because Slashdorks like ourselves keep reading them and posting comments. You can bet if people stopped reading & commenting, the editors would stop posting these stories.

  6. Re:Schedule Over Security? by boskone · · Score: 5, Insightful

    yes...

    many exploits are made by examining the patch, so in most cases, it's better if everyone gets the patch at the same time (crackers and legitimate users) rather than the crackers getting it ahead of business users.