Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Flubs Patch, Putting Users At Risk

Posted by ryuzaki0 on from the i'm-working-here dept.

An anonymous reader writes "Microsoft is rushing to fix a flaw introduced by the company's latest security update to Internet Explorer. From the article: 'The flaw, initially thought to only crash Internet Explorer, actually allows an attacker to run code on computers running Windows 2000 and Windows XP Service Pack 1 that have applied the August cumulative update to Internet Explorer 6 Service Pack 1, security firm eEye Digital Security asserted. The update, released on August 8, fixed eight security holes but also introduced a bug of its own, according to Marc Maiffret, chief hacking officer for the security firm, which notified Microsoft last week that the issue is exploitable.'"

4 of 209 comments (clear)

  1. Re:Closed source strikes again by baadger · · Score: 5, Informative

    The difference is the Ubuntu slip up was fixed within hours, the Microsoft slip up ..is still counting...

  2. Just Please... by moehoward · · Score: 5, Informative


    Please don't automatically reboot my machines again when the patch's patch is installed. I have the custom options in MS Update to allow me to control install/reboot for the updates. Well, it ignored that this week and rebooted 2 of my machines for me.

    Then, I noticed that The Register had a couple of articles this week about the same thing happening to others.

    Just who in the hell does MS think they are?

    Oh, and if the patch's patch's patch needs a reboot as well, don't do that too.

    Oh, and if.... nevermind.

    --
    "If you want to improve, be content to be thought foolish and stupid." - Epictetus
  3. Re:will it cause problems? by Jamil+Karim · · Score: 3, Informative

    Due to some programs not functioning correctly with SP2, our department was explicitly told NOT to update to SP2. However, we've been applying all of the other patches that have come out. So, the scenario is more likely than you'd think. Microsoft even has a list of programs that don't work as intended under SP2.

  4. Disable HTTP 1.1 by planckscale · · Score: 3, Informative
    I had a Win2K box on our network who's Internet Explorer kept crashing when she visited websites with lots of stuff going on (Java and Flash). I read around and found a work-around from Microsoft. The workaround involved going into IE Options and unchecking "HTTP 1.1" MS Article ID: 923762:

    Internet Explorer 6 Service Pack 1 unexpectedly exits after you install the 918899 update

    Additionally they go on to say in this article: A new version of security update 918899 is currently in development and will be released to all Microsoft Internet Explorer 6 Service Pack 1 customers by August 22, 2006.

    This patch was NOT released today - they LIED! :-) Since that change, the crashes stopped at least but now that this is out I have much move incentive to upgrade our last few W2K machines up to WinXPSP2.

    --
    Namaste