Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Flubs Patch, Putting Users At Risk

Posted by ryuzaki0 on from the i'm-working-here dept.

An anonymous reader writes "Microsoft is rushing to fix a flaw introduced by the company's latest security update to Internet Explorer. From the article: 'The flaw, initially thought to only crash Internet Explorer, actually allows an attacker to run code on computers running Windows 2000 and Windows XP Service Pack 1 that have applied the August cumulative update to Internet Explorer 6 Service Pack 1, security firm eEye Digital Security asserted. The update, released on August 8, fixed eight security holes but also introduced a bug of its own, according to Marc Maiffret, chief hacking officer for the security firm, which notified Microsoft last week that the issue is exploitable.'"

4 of 209 comments (clear)

  1. Why This is Different by Aqua_boy17 · · Score: 5, Insightful

    Yes, but this is a hole created by a patch to fix a hole. On the whole, different and somewhat amusing. Or it would be amusing if I didn't have to administer Windows systems. :P

    --
    What if the Hokey Pokey really is what it's all about?
    1. Re:Why This is Different by just_another_sean · · Score: 4, Insightful

      Or it would be amusing if I didn't have to administer Windows systems. :P

      And that is exactly why I like to see it on the front page of /.

      Of course I don't rely on /. alone for security news but as an Admin supporting MS products news like this does matter to me. The more sources of info I can get on problems with software the better. And being the /. junkie I am it is likely I may just get info on new flaws here first! :-)

      --
      Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
  2. Re:will it cause problems? by baadger · · Score: 4, Insightful

    Not necessarily, my aunt is on dialup and until recently she'd been patching herself up on SP1 because downloading a 290MB service pack just wasn't feasible. The monthly updates themselves can sometimes be big of a download.

    I recently did a full reinstall of her system (at my place on cable) from a MS cd (managing to maintain her OEM activation), SP2, Firefox, Opera and IE7-beta3 and she's been good for ages now.

    The annoying thing is, even on dialup with sparse on-off connectivity and surfing it's remarkeably easy to get infected. Don't underestimate the number of people who *CAN'T* keep upto date.

  3. Get rid of fixed patch date by Joe+The+Dragon · · Score: 4, Insightful

    likey they rushed this patch to get it ready for the patch day and they did not fully test it. M$ will be better off with put the updates out when they are done not on a fixed time table.