On BNET: 6 job search essentials
BNET Business Network:
BNET
TechRepublic
ZDNet
98 TalkBacks

By Joris Evers
Posted on ZDNet News: Sep 13, 2006 4:54:00 PM

Microsoft has issued a third version of a troubled Internet Explorer patch, aiming to fix a bug in an earlier update that could be exploited to hijack Windows PCs.

The original MS06-042 patch, released on Aug. 8, introduced not one, but two new security holes. Microsoft addressed one flaw in an updated version of the patch released Aug. 24 and dealt with the second flaw in the third version released Tuesday, Tony Chor, a group program manager on the IE team at Microsoft, wrote on a corporate blog.

MS06-042, a cumulative security update for the widely used Web browser, was one of a dozen security updates delivered last month and was meant to repair eight flaws. Microsoft tagged the update "critical," its most severe rating.

The patch now fixes 10 flaws, including two introduced by earlier versions of the update. The first bug affected IE 6.0 with Service Pack 1 and could be exploited by remote attackers to commandeer a Windows PC. The second flaw is similar, but affects IE 5.01 on Windows 2000, IE 6.0 Service Pack 1 (in a different location), and IE in the original release of Windows Server 2003.

"This update cycle has not been an example of our best work, but...we have used this experience to improve our processes and increase transparency to ensure all of our releases are of the quality we expect and our customers deserve," Chor wrote.

This is one of the first times a Microsoft security patch has introduced a new vulnerability, leaving customers in a "darned if you do and darned if you don't position," said Mark Shavlik, chief executive of patch management company Shavlik Technologies.

"A user who has either the first or second version of MS06-042 installed may get hacked if they visit an evil Web site with Internet Explorer," Shavlik said in an e-mailed statement.

The third version of the IE patch was released alongside three new Microsoft security updates in the company's regular monthly update cycle. The company also issued a new version of Windows patch MS06-040 to fix a problem some people experienced with the original update on 64-bit and 32-bit versions of Windows Server 2003 with Service Pack 1 and Windows XP Professional x64 Edition. The company last month made available a "hotfix" to temporarily fix the glitch.

The updates are available through all of Microsoft's regular release channels, including Windows Update, Automatic Update and Download Center, and via patch deployment tools such as Windows Server Update Services. Microsoft recommends that all those affected install the new software immediately.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 98 Talkback(s)
Bashing MS
Don't bash what you can't beat. And if you can beat it, why don't you have a program out there that we can all use and get away from having to patch the patches?... (Read the rest)
Posted by: Storageman Posted on: 04/22/09 You are currently: a Guest | | Terms of Use
Gee, now had they built there stuff  Linux User 147560 | 09/13/06
Actually this has nothing to do with ....  ShadeTree | 09/13/06
Gee If you knew how to spell the correct word!  BBaker7958 | 09/13/06
Well if ZDNet had a preview I would have caught that  Linux User 147560 | 09/13/06
Picking nits  apapaleo@... | 09/13/06
Mistake  Linux User 1 | 09/13/06
Spelling Police = Please leave you add nothing to the discussion  slim-01 | 09/13/06
spelling  nmharleyrider@... | 09/13/06
...try mispelling a few things incorretly...  swoopee | 09/13/06
tee hee  RocketEater | 09/13/06
It can also mean  slim-01 | 09/13/06
Actually it wasn't a spelling error at all.  ShadeTree | 09/13/06
'When I use a word,'  swoopee | 09/13/06
The almighty has spoken  Linux User 1 | 09/13/06
Grammar  scomanjim | 09/13/06
Mistake user 147560  Linux User 1 | 09/13/06
George Ou will have a field day with this one!  tic swayback | 09/13/06
He won't, he's "not at liberty to say"(NT)  Monkey_MCSE | 09/13/06
Nah, just popped over to the blogs  barsteward | 09/13/06
Not less than a week  Yagotta B. Kidding | 09/13/06
Tic, Georgie already gave his verdict  V-Train | 09/13/06
The patch that  Shelendrea | 09/13/06
Sounds like Dr. Seuss  Chad_z | 09/13/06
ROTLMFAO  Shelendrea | 09/13/06
Very good Chad  slim-01 | 09/13/06
It's ok Shelendrea. More free adverising for Linux.  slim-01 | 09/13/06
Welcome to ALL OS/App patching today  Linux User 1 | 09/13/06
Third time a charm for IE patch?  Loverock Davidson | 09/13/06
Yeah, but...  Zeppo9191 | 09/13/06
Bashing MS  Storageman | 04/22/09
Patch the patch!!  Unemployed IT Guy | 09/13/06
Of course...  jasonp@... | 09/13/06
hahaha - they did that the first and second time  barsteward | 09/13/06
Boy  Reiley 411 | 09/13/06
Why don't they try  Shelendrea | 09/13/06
Even you can't possibly support MS on this.  slim-01 | 09/13/06
3-rtd time and still counting !  not of this world | 09/13/06
These guys are the village idiots. They do not appear to be a company  DonnieBoy | 09/13/06
Want to see the village idiot?  Confused by religion | 09/13/06
Sorry, did not have anything to do with this patch, I do NOT work for MS  DonnieBoy | 09/13/06
Get a job  Linux User 1 | 09/13/06
There are jobs outside of MS, quite good ones actuall.  DonnieBoy | 09/13/06
True. There is a life after Microsoft.  slim-01 | 09/13/06
Donnieboy is on the skids  Linux User 1 | 09/13/06
I would hire him  Spikey_Mike | 09/13/06
I would fire both of you....  Linux User 1 | 09/13/06
Man, all this talk of hiring and firing...  nomorems | 09/13/06
Only in your dreams  Linux User 1 | 09/13/06
Sorry there buddy...  nomorems | 09/13/06
Thankfully no one would hire SP with the authority to fire anyone  slim-01 | 09/13/06
Plenty of interest  Linux User 147460 | 09/13/06
Get a real OS  slim-01 | 09/13/06
Get a job with DonnieBoyBumb  Linux User 1 | 09/13/06
I've owned my own PC consulting for 20yrs  slim-01 | 09/13/06
MS support  Linux User 147460 | 09/13/06
Milly the "you can't possibly support MS on this" post applies to you also  slim-01 | 09/13/06
Insults and complaining gets old  Linux User 1 | 09/13/06
Ignore button  Unemployed IT Guy | 09/13/06
Well if that isn't the pot  Shelendrea | 09/13/06
Well if that isn't the pot  Linux User 1 | 09/13/06
What, no witty comeback?  Shelendrea | 09/13/06
No just a slice of it  Linux User 1 | 09/13/06
What is getting old is people who feel anything MS does is just peachy  slim-01 | 09/13/06
all of the above ... happy  michael_t | 09/13/06
Patch over patch over patch...  jolumoar | 09/13/06
No Linux/Firefox comments yet? Good happy  axarce@... | 09/13/06
Enterprise  Linux User 1 | 09/13/06
Can't say I've had a problem  voska | 09/13/06
IE tab in firefox  Linux User 1 | 09/13/06
people are still using IE6?!?  corticus | 09/13/06
People are still using IE ?!?  critic-at-arms | 09/14/06
are you sure it is from MS?  gogobear06 | 09/25/06
IE7  fmc1935a@... | 09/13/06
Still beta  Linux User 1 | 09/13/06
Doesn't involve DRM so M$ gives it low priority (NT)  DarthRidiculous | 09/13/06
Doesn't involve DRM...  interested_amateur@... | 09/14/06
Yes........ (Links)  TimeBomb | 09/14/06
You get a cookie  TimeBomb | 09/14/06
Don't forget the patches are to defeat hackers!  Dilberter | 09/13/06
Ok, I'll throw my flame in with the rest  scomanjim | 09/13/06
Ok now  Linux User 1 | 09/13/06
You are in denial SP  slim-01 | 09/13/06
Microsoft makes a good software product  Linux User 147460 | 09/13/06
I don't compare Windows to Red Hat  slim-01 | 09/14/06
Strike three.  Mr. Roboto | 09/13/06
Strike 3 you are out!!!  Linux User 1 | 09/13/06
Microsoft needs to be under Calif 3 strikes law  slim-01 | 09/13/06
Firefox needs some bug patching  Linux User 147460 | 09/13/06
I've never had a Firefox crash or any other software in Linux  slim-01 | 09/14/06
It is reassuring to see that MS has such a good handle on quality happy  michael_t | 09/13/06
The interesting Q is Why on earth people who rely on MS products  michael_t | 09/13/06
Patches on Patches AND Then we have WGA, Windows Genuine AGGRAVATION!  Xwindowsjunkie | 09/13/06
patch still BROKE!  wallenpb@... | 09/13/06
I use Mac OS X browsers Safari, Firefox, iCab, Opera, etc. 'Nuff said.  Namorado_TX | 09/13/06
Question  Boot_Agnostic | 09/14/06
Update lost an open file  mastman | 09/14/06
Well, at least the dog didn't eat his homework! [NT]  swoopee | 09/14/06
Our IT dept is worried  gogobear06 | 09/25/06

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

Smartphones

  • Last year, many businesses deferred the purchase of new laptops in favor of smartphones, and why not? Offering phone, calendar, email, IM and Web access, they're arguably the most practical business tools. Check out the latest CNET Reviews of Blackberry devices for all the knowledge you need to make an intelligent choice.
  • Designed for
    bold living.
  • blackberry bold
  • Edit Word docs, check email, even listen to iTunes® playlists. Do more and do it faster with the BlackBerry® Bold™.Learn more
  • blackberry logo
advertisement
Click Here