Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Flubs Patch, Putting Users At Risk

Posted by ryuzaki0 on from the i'm-working-here dept.

An anonymous reader writes "Microsoft is rushing to fix a flaw introduced by the company's latest security update to Internet Explorer. From the article: 'The flaw, initially thought to only crash Internet Explorer, actually allows an attacker to run code on computers running Windows 2000 and Windows XP Service Pack 1 that have applied the August cumulative update to Internet Explorer 6 Service Pack 1, security firm eEye Digital Security asserted. The update, released on August 8, fixed eight security holes but also introduced a bug of its own, according to Marc Maiffret, chief hacking officer for the security firm, which notified Microsoft last week that the issue is exploitable.'"

21 of 209 comments (clear)

  1. When are we going to move these off the front page by hcob$ · · Score: 5, Funny

    the MS has a security hole post has now become, trite, cliche, and dare I say it.... (-1, Redundant)

    --
    Cliff Claven
    K.E.G. Party Chairman
    Founding Leader of: Koncerned for Egalitarin Governance
  2. no need to worry. by krell · · Score: 5, Funny

    As long as, over the course of a year, the number of security holes plugged by the patches manages to outnumber the number of security holes introduced by these same patches, we're in real good shape right?

    --
    Where were you when the voynix came?
  3. Clearly, the fix is by Weaselmancer · · Score: 5, Funny

    ...to switch to Vista. That way, this sort of thing will never happen again. You betcha.

    --
    Weaselmancer
    rediculous.
  4. wtf? by User+956 · · Score: 5, Funny

    The update, released on August 8, fixed eight security holes but also introduced a bug of its own, according to Marc Maiffret, chief hacking officer for the security firm, which notified Microsoft last week that the issue is exploitable.

    Chief Hacking Officer? I wasn't aware companies had those these days.

    --
    The theory of relativity doesn't work right in Arkansas.
    1. Re:wtf? by 99BottlesOfBeerInMyF · · Score: 5, Funny

      Chief Hacking Officer? I wasn't aware companies had those these days.

      This is what happens when employees pick their own titles. I used to work with the "grand poobah of software development" at a former company. It was on his business cards. An IBM guy snorted soda through his nose when he read it.

  5. Closed source strikes again by MarkByers · · Score: 4, Funny

    Haha! This sort of thing would never happen if you used Ubuntu!

    --
    I'll probably be modded down for this...
    1. Re:Closed source strikes again by baadger · · Score: 5, Informative

      The difference is the Ubuntu slip up was fixed within hours, the Microsoft slip up ..is still counting...

  6. will it cause problems? by joe+155 · · Score: 4, Interesting

    whilst this is no doubt a bit of a "d'oh" moment for MS I doubt it will be a serious problem for anyone. * For this to have any affect on you you need to have SP1 but have the latest update of security for IE 6, surely if anyone updated regularly and applied security updates they'd be using SP2 anyway...

    *If I'm wrong correct me, not being a windows user it's hard to remember what service pack is current

    --
    *''I can't believe it's not a hyperlink.''
    1. Re:will it cause problems? by baadger · · Score: 4, Insightful

      Not necessarily, my aunt is on dialup and until recently she'd been patching herself up on SP1 because downloading a 290MB service pack just wasn't feasible. The monthly updates themselves can sometimes be big of a download.

      I recently did a full reinstall of her system (at my place on cable) from a MS cd (managing to maintain her OEM activation), SP2, Firefox, Opera and IE7-beta3 and she's been good for ages now.

      The annoying thing is, even on dialup with sparse on-off connectivity and surfing it's remarkeably easy to get infected. Don't underestimate the number of people who *CAN'T* keep upto date.

  7. Some systems affected here by lpangelrob · · Score: 4, Interesting

    Some clients accessing systems at the Chicago Board of Trade were rendered useless by this bug; the flaw essentially resulted in a crash on login. Didn't know until today that it was exploitable, though.

    The solution for us was simple: install Firefox on affected clients. Problem solved, users happy.

    --
    -Rob

    Biblical fiscal responsibility

  8. Why This is Different by Aqua_boy17 · · Score: 5, Insightful

    Yes, but this is a hole created by a patch to fix a hole. On the whole, different and somewhat amusing. Or it would be amusing if I didn't have to administer Windows systems. :P

    --
    What if the Hokey Pokey really is what it's all about?
    1. Re:Why This is Different by just_another_sean · · Score: 4, Insightful

      Or it would be amusing if I didn't have to administer Windows systems. :P

      And that is exactly why I like to see it on the front page of /.

      Of course I don't rely on /. alone for security news but as an Admin supporting MS products news like this does matter to me. The more sources of info I can get on problems with software the better. And being the /. junkie I am it is likely I may just get info on new flaws here first! :-)

      --
      Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
  9. Just Please... by moehoward · · Score: 5, Informative


    Please don't automatically reboot my machines again when the patch's patch is installed. I have the custom options in MS Update to allow me to control install/reboot for the updates. Well, it ignored that this week and rebooted 2 of my machines for me.

    Then, I noticed that The Register had a couple of articles this week about the same thing happening to others.

    Just who in the hell does MS think they are?

    Oh, and if the patch's patch's patch needs a reboot as well, don't do that too.

    Oh, and if.... nevermind.

    --
    "If you want to improve, be content to be thought foolish and stupid." - Epictetus
    1. Re:Just Please... by Randseed · · Score: 4, Interesting
      Please don't automatically reboot my machines again when the patch's patch is installed. I have the custom options in MS Update to allow me to control install/reboot for the updates. Well, it ignored that this week and rebooted 2 of my machines for me.

      Then, I noticed that The Register had a couple of articles this week about the same thing happening to others.

      Just who in the hell does MS think they are?

      That's precisely the problem. I, and I assume countless other users, have the automatic update installation turned off because every damned time I go to install an update, I have to reboot the machine, and it annoys the hell out of me, FUBARing applications by stealing focus (or worse, not and not allowing me to abort it) until I do. On the machines that are up for weeks at a time, that means that the updates get installed in batches, not immediately, which is precisely what Microsoft seems to be trying to avoid. the key for Microsoft is going to be coming up with the ability to install updates without forcing a reboot. Then, and only then, will they have a very high level of compliance among systems that truly matter. (i.e., not Bob's dialup machine, but Steve's server he has hanging out on a DSL line 24/7/365).

  10. Do you ever get that feeling... by T_ConX · · Score: 5, Funny

    Do you ever get the feeling that IE6 is like a cartoon characters hole-riddled row-boat?

    The cartoon character (lets just say it's Elmer Fudd) tries to plug a leak with his thumb, only to have another pop open on the other end of the boat. He stretchs over there to plug it with his other hand. A third appears, and he has to use his toe. Eventually, the number of leaks outnumbers the number of limbs (Or at least, the number of limbs one is allowed to show on TV. *wink* *wink*), and the boat finally goes down. A Fox riding in a Motorboat then speeds by...

  11. Get rid of fixed patch date by Joe+The+Dragon · · Score: 4, Insightful

    likey they rushed this patch to get it ready for the patch day and they did not fully test it. M$ will be better off with put the updates out when they are done not on a fixed time table.

  12. snakes! by ssrs396 · · Score: 5, Funny

    My computer is full of snakes!

  13. Re:To all Slashdot trolls by neonprimetime · · Score: 4, Funny

    Microsoft's idea of testing patches

    1.) Perform Windows update
    2.) Wait for system to reboot
    3.) If system turns back on successfully after reboot, release!

  14. *YAWN* by Conspiracy_Of_Doves · · Score: 4, Interesting

    Wake me up when there is a security risk that doesn't need to go through IE.

    --

    Technoli
  15. Re:So, does this mean... by Linker3000 · · Score: 5, Funny

    No, Microsoft will start a new initiative called the Genuine Double Patch Advantage (GDPA)

    --
    AT&ROFLMAO
  16. Switch to battery by nstenz · · Score: 4, Interesting

    If you unplug the power cord and make the laptop go to battery power, it will give up applying the rest of the updates. You'll then have to apply them the next day when you shut down.

    I did that for about a week until I actually had enough time to sit there and watch it finish installing updates and shut down.