Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Re-Re-Releases IE Patch

Posted by ryuzaki0 on from the this-time-for-sure dept.

uniquebydegrees writes, "InfoWorld reports that on Tuesday Microsoft quietly released the second update for MS06-042. This is the cumulative patch for IE that actually introduced a new security hole into systems that applied the update. Microsoft re-released the patch back in August, but it now turns out that the updated patch had yet another vulnerability similar to the first, once again discovered by folks at eEye Digital Security. As with the previous hole, it concerned the handling of long URLs from web sites using HTTP 1.1 with compression."

2 of 77 comments (clear)

  1. Since . . . by OverlordQ · · Score: 4, Informative

    Well, you complain about Microsoft not fixing the patch in 3 attempts when you CANT EVEN TELL THE DIFFERENCE BETWEEN A PATCH AND A VULNERABILITY.

    MS06-042 is the Security Bulletin.
    KB918899 is the KB id w/ Patch.

    --
    Your hair look like poop, Bob! - Wanker.
  2. Great, but when will they stop the crashes? by Software · · Score: 2, Informative
    It's nice to know that they're re-fixing the security hole, but how about fixing the browser crashes? From http://support.microsoft.com/kb/923996/ :
    When you visit a Web page that uses a custom pop-up object, Microsoft Internet Explorer 6 closes unexpectedly and generates an error in the Mshtml.dll file. This problem occurs after you install security update 918899 on a Windows XP Service Pack 2 (SP2)-based or a Windows Server 2003 Service Pack 1 (SP1)-based computer. A hotfix is available if you are severely affected by this problem. Otherwise, we recommend that you wait for the next cumulative security update for Internet Explorer.