On MovieTome: New HARRY POTTER pics are here!
BNET Business Network:
BNET
TechRepublic
ZDNet
97 TalkBacks

By Joris Evers
Posted on ZDNet News: Sep 13, 2006 4:54:00 PM

Microsoft has issued a third version of a troubled Internet Explorer patch, aiming to fix a bug in an earlier update that could be exploited to hijack Windows PCs.

The original MS06-042 patch, released on Aug. 8, introduced not one, but two new security holes. Microsoft addressed one flaw in an updated version of the patch released Aug. 24 and dealt with the second flaw in the third version released Tuesday, Tony Chor, a group program manager on the IE team at Microsoft, wrote on a corporate blog.

MS06-042, a cumulative security update for the widely used Web browser, was one of a dozen security updates delivered last month and was meant to repair eight flaws. Microsoft tagged the update "critical," its most severe rating.

The patch now fixes 10 flaws, including two introduced by earlier versions of the update. The first bug affected IE 6.0 with Service Pack 1 and could be exploited by remote attackers to commandeer a Windows PC. The second flaw is similar, but affects IE 5.01 on Windows 2000, IE 6.0 Service Pack 1 (in a different location), and IE in the original release of Windows Server 2003.

"This update cycle has not been an example of our best work, but...we have used this experience to improve our processes and increase transparency to ensure all of our releases are of the quality we expect and our customers deserve," Chor wrote.

This is one of the first times a Microsoft security patch has introduced a new vulnerability, leaving customers in a "darned if you do and darned if you don't position," said Mark Shavlik, chief executive of patch management company Shavlik Technologies.

"A user who has either the first or second version of MS06-042 installed may get hacked if they visit an evil Web site with Internet Explorer," Shavlik said in an e-mailed statement.

The third version of the IE patch was released alongside three new Microsoft security updates in the company's regular monthly update cycle. The company also issued a new version of Windows patch MS06-040 to fix a problem some people experienced with the original update on 64-bit and 32-bit versions of Windows Server 2003 with Service Pack 1 and Windows XP Professional x64 Edition. The company last month made available a "hotfix" to temporarily fix the glitch.

The updates are available through all of Microsoft's regular release channels, including Windows Update, Automatic Update and Download Center, and via patch deployment tools such as Windows Server Update Services. Microsoft recommends that all those affected install the new software immediately.

  • Talkback
  • Most Recent of 97 Talkback(s)
are you sure it is from MS?
or something that popped up on a spyware box :)... (Read the rest)
Posted by: gogobear06 Posted on: 09/25/06 You are currently: Logged In | Log out
Gee, now had they built there stuff Linux User 147560   | 09/13/06
Actually this has nothing to do with .... ShadeTree   | 09/13/06
Gee If you knew how to spell the correct word! BBaker7958   | 09/13/06
Well if ZDNet had a preview I would have caught that Linux User 147560   | 09/13/06
Picking nits apapaleo@...   | 09/13/06
Mistake Linux User 1   | 09/13/06
Spelling Police = Please leave you add nothing to the discussion slim-01   | 09/13/06
spelling nmharleyrider@...   | 09/13/06
...try mispelling a few things incorretly... swoopee   | 09/13/06
tee hee RocketEater   | 09/13/06
It can also mean slim-01   | 09/13/06
Actually it wasn't a spelling error at all. ShadeTree   | 09/13/06
'When I use a word,' swoopee   | 09/13/06
The almighty has spoken Linux User 1   | 09/13/06
Grammar scomanjim   | 09/13/06
Mistake user 147560 Linux User 1   | 09/13/06
George Ou will have a field day with this one! tic swayback   | 09/13/06
He won't, he's "not at liberty to say"(NT) Monkey_MCSE   | 09/13/06
Nah, just popped over to the blogs barsteward   | 09/13/06
Not less than a week Yagotta B. Kidding   | 09/13/06
Tic, Georgie already gave his verdict V-Train   | 09/13/06
The patch that Shelendrea   | 09/13/06
Sounds like Dr. Seuss Chad_z   | 09/13/06
ROTLMFAO Shelendrea   | 09/13/06
Very good Chad slim-01   | 09/13/06
It's ok Shelendrea. More free adverising for Linux. slim-01   | 09/13/06
Welcome to ALL OS/App patching today Linux User 1   | 09/13/06
Third time a charm for IE patch? Loverock Davidson   | 09/13/06
Yeah, but... Zeppo9191   | 09/13/06
Patch the patch!! Networktelecomguy   | 09/13/06
Of course... jasonp@...   | 09/13/06
hahaha - they did that the first and second time barsteward   | 09/13/06
Boy Reiley 411   | 09/13/06
Why don't they try Shelendrea   | 09/13/06
Even you can't possibly support MS on this. slim-01   | 09/13/06
3-rtd time and still counting ! not of this world   | 09/13/06
These guys are the village idiots. They do not appear to be a company DonnieBoy   | 09/13/06
Want to see the village idiot? Confused by religion   | 09/13/06
Sorry, did not have anything to do with this patch, I do NOT work for MS DonnieBoy   | 09/13/06
Get a job Linux User 1   | 09/13/06
There are jobs outside of MS, quite good ones actuall. DonnieBoy   | 09/13/06
True. There is a life after Microsoft. slim-01   | 09/13/06
Donnieboy is on the skids Linux User 1   | 09/13/06
I would hire him Spikey_Mike   | 09/13/06
I would fire both of you.... Linux User 1   | 09/13/06
Man, all this talk of hiring and firing... nomorems   | 09/13/06
Only in your dreams Linux User 1   | 09/13/06
Sorry there buddy... nomorems   | 09/13/06
Thankfully no one would hire SP with the authority to fire anyone slim-01   | 09/13/06
Plenty of interest Linux User 147460   | 09/13/06
Get a real OS slim-01   | 09/13/06
Get a job with DonnieBoyBumb Linux User 1   | 09/13/06
I've owned my own PC consulting for 20yrs slim-01   | 09/13/06
MS support Linux User 147460   | 09/13/06
Milly the "you can't possibly support MS on this" post applies to you also slim-01   | 09/13/06
Insults and complaining gets old Linux User 1   | 09/13/06
Ignore button Networktelecomguy   | 09/13/06
Well if that isn't the pot Shelendrea   | 09/13/06
Well if that isn't the pot Linux User 1   | 09/13/06
What, no witty comeback? Shelendrea   | 09/13/06
No just a slice of it Linux User 1   | 09/13/06
What is getting old is people who feel anything MS does is just peachy slim-01   | 09/13/06
all of the above ... :-) michael_t   | 09/13/06
Patch over patch over patch... jolumoar   | 09/13/06
No Linux/Firefox comments yet? Good :) axarce@...   | 09/13/06
Enterprise Linux User 1   | 09/13/06
Can't say I've had a problem voska   | 09/13/06
IE tab in firefox Linux User 1   | 09/13/06
people are still using IE6?!? corticus   | 09/13/06
People are still using IE ?!? critic-at-arms   | 09/14/06
are you sure it is from MS? gogobear06   | 09/25/06
IE7 fmc1935a@...   | 09/13/06
Still beta Linux User 1   | 09/13/06
Doesn't involve DRM so M$ gives it low priority (NT) DarthRidiculous   | 09/13/06
Doesn't involve DRM... interested_amateur@...   | 09/14/06
Yes........ (Links) TimeBomb   | 09/14/06
You get a cookie TimeBomb   | 09/14/06
Don't forget the patches are to defeat hackers! Dilberter   | 09/13/06
Ok, I'll throw my flame in with the rest scomanjim   | 09/13/06
Ok now Linux User 1   | 09/13/06
You are in denial SP slim-01   | 09/13/06
Microsoft makes a good software product Linux User 147460   | 09/13/06
I don't compare Windows to Red Hat slim-01   | 09/14/06
Strike three. Mr. Roboto   | 09/13/06
Strike 3 you are out!!! Linux User 1   | 09/13/06
Microsoft needs to be under Calif 3 strikes law slim-01   | 09/13/06
Firefox needs some bug patching Linux User 147460   | 09/13/06
I've never had a Firefox crash or any other software in Linux slim-01   | 09/14/06
It is reassuring to see that MS has such a good handle on quality :-) michael_t   | 09/13/06
The interesting Q is Why on earth people who rely on MS products michael_t   | 09/13/06
Patches on Patches AND Then we have WGA, Windows Genuine AGGRAVATION! Xwindowsjunkie   | 09/13/06
patch still BROKE! wallenpb@...   | 09/13/06
I use Mac OS X browsers Safari, Firefox, iCab, Opera, etc. 'Nuff said. Namorado_TX   | 09/13/06
Question Boot_Agnostic   | 09/14/06
Update lost an open file mastman   | 09/14/06
Well, at least the dog didn't eat his homework! [NT] swoopee   | 09/14/06
Our IT dept is worried gogobear06   | 09/25/06

What do you think?

advertisement
Click Here
advertisement