Microsoft fixes botched IE patch

Robert McMillan   Today’s Top Stories   or  Other Security Stories  

Winning Enterprise Authentication: 5 Key Steps for Success Dynamic Data Center and Virtualization Drives Operational Excellence at Emory Healthcare Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management Web Threat Protection Accelerating Satellite WANs with Riverbed Malicious Software Defense: Have we moved beyond the need for anti-virus and spyware protection software? Computerworld Technology Briefing: Intelligent Users Use Business Intelligence Virtual Reality SaaS Solutions for Remote Systems Management Sign up to receive Security Resource Alerts

August 24, 2006 (IDG News Service) -- Two days later than expected, Microsoft Corp. reissued a critical security update for its Internet Explorer browser.

The reissued patch is important because it "fully resolves" a serious security bug Microsoft introduced with the original update, released Aug. 8.

Microsoft acknowledged that there were problems with its update soon after it was issued. Web sites that used HTTP 1.1 compression to speed up the downloading of images could cause the browser to fail, and users of Web-based applications such as PeopleSoft, Siebel, and Sage CRM had problems with the software.

The issue does not affect users of Microsoft's latest Service Pack 2 version of Windows XP, but users of IE 6 Service Pack 1 on Windows 2000 Service Pack 4 and Windows XP Service Pack 1 are affected, Microsoft said.

Last week, Microsoft released a "hotfix" download that addressed these problems, but the software vendor also decided to take the unusual step of announcing it would rerelease the entire update (called MS06-042). This would ensure that subscribers to Microsoft's automatic update services would automatically receive the fixed patch.

That update was scheduled to have been released on Tuesday, but was delayed because of an "issue discovered in final testing," Microsoft said.

Just as Microsoft was announcing this delay, security researchers at eEye Digital Security Inc. disclosed the security issue, saying that Microsoft's Aug. 8 update had actually created a new IE bug that attackers could exploit to run unauthorized software on a PC.

Though no attacks exploiting this bug have been reported, eEye believes that the issue is critical.

"The bad guys basically know about this and know that it's an exploitable scenario," eEye's chief hacking officer, Marc Maiffret, said Tuesday.

Microsoft has published a security advisory on this issue.

While Microsoft's introducing bugs into its security updates is not uncommon, it is unusual for the company to give guidance on when it plans to fix these bugs, said Russ Cooper, senior information security analyst at Cybertrust Inc.

It is also unusual for security firms like eEye to then investigate these bugs for security problems and disclose their existence before Microsoft has patched the problem, he added. "They should have reported ... this issue to Microsoft first -- and only," he said. "And then waited for Microsoft to release a fix."

Details on the newly rereleased MS06-042 security update can be found on Microsoft's TechNet Web site.

Reprinted with permission from

IDG.net
Story copyright 2008 International Data Group. All rights reserved.

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

Microsoft will re-release 'butchered' patch Microsoft fixes memory bug in security patch New Microsoft patch gets DHS push

"Twitter users are getting their identities stolen by a phishing scam. It appears the micro-blogging honeymoon is now over...." Read more... "One defensive computing topic that doesn't seem to get the attention it deserves is protecting the hard disk with a..." Read more... Read more Security posts or See all Blogs

Hackers hijack Obama's, Britney's Twitter accounts Apple's Steve Jobs blames 'hormone imbalance' for weight loss Expert: Microsoft made $1.5B on 'Vista Capable' campaign More top stories...

Jobs may have Type 1-like diabetes, says endocrinologist IT execs losing ground on compensation, salary study says Five things Apple needs to do at Macworld

Boss by day, gamer by night: Tech leaders' favorite video games High-tech titans from Red Hat, Adobe, Cisco and more admit: All they really need to know they learned from ... World of Goo? Little tech wins big as nanocar inventor takes top science award A car 1/20,000 the size of a human hair? Yes indeed. Nanovehicles could one day be used to build large objects such as memory devices or buildings. Don't miss our nanocar image gallery. Google teams with Norad to track Santa on Christmas Eve A hi-res Santa Cam captured video in key stops along St. Nick's trek around the globe. Tracking was provided by Google Maps and Google Earth, with updates available for mobile phone and Twitter users. Microsoft again extends Windows XP drop-dead date System builders -- the smaller shops and computer dealers that build PCs to order -- will be able to obtain Windows XP Professional licenses through at least May 30. Windows 7 Get the latest news, reviews and more about Microsoft's newest desktop operating system More Continuing Coverage Windows 7 Voting Technology Google's Chrome browser Economy in turmoil: Latest news and tips iPhone 3G Bill Gates moves on Windows Vista A to Z Mac A to Z 2008 Salary Survey Find wage data for 50 IT job titles. More Special Reports 2009 Premier 100 IT Leaders 2008 Premier 100 IT Leaders 2007 Premier 100 IT Leaders 2008 Best Places to Work in IT 2007 Best Places to Work in IT 2008 Salary Survey 2007 Salary Survey 2006 Salary Survey 2008 IT Forecast 2007 IT Forecast 40 Years of Computerworld Top 12 Green-IT Users The FAQs About Going Green IT Schools to Watch iPhone: One Year Later Global Mobile Your Next Data Center Management: Reinventing IT Stop Data Leaks Web 2.0 Security Surviving Disasters Managing Storage Virtualization The Lean Storage Machine Storage on Trial Can Web 2.0 Save BI? Bypass These BI Potholes All Zones Business Continuity Zone The File Data Management Zone Security Management Zone The SAS Zone Business Intelligence and Analytics Zone The Enterprise Search Zone Software as a Service Zone The Security Zone See your link here

Process Automation with Symantec Process Automation with Symantec View this new webcast today! Go to the webcast  Computerworld Executive Bulletin: Building a Robust Antivirus Defense Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. (Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing  Creating a green data center to help reduce energy costs and gain a competitive advantage Download this new white paper today! (Source: VMware) With today's rapid IT growth, companies are looking to consolidate datacenter operations to achieve space and cost savings. And as energy costs continue to rise, datacenter efficiency becomes even more important. This IBM report details how companies are reducing energy usage and costs to gain a completive advantage. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. An In-Depth Look at ROI BI: Proven Tools for Competitive Advantage in Uncertain Times Illuminata Report: Making the Thin Provisioning Connection View more whitepapers

• Microsoft will re-release 'butchered' patch
• Microsoft fixes memory bug in security patch
• New Microsoft patch gets DHS push

• Hackers hijack Obama's, Britney's Twitter accounts
• Jobs may have Type 1-like diabetes, says endocrinologist
• Apple's Steve Jobs blames 'hormone imbalance' for weight loss
• More top stories 

The Security Zone With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. Having the right policies, procedures and server configurations is critical... Learn more in The Security Zone See All Zones

Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day. New baits

"Turning information into a Competitive Advantage" Companies today are realizing that competitive advantage is harder to sustain when based solely on gains in productivity and cost efficiency. The focus is shifting to invest more in business optimization initiatives which rely on trusted information to develop new insights that deliver better business results. But how can this be done efficiently in a business environment across multiple applications and processes. The answer is an Information Agenda - an innovative approach to transforming business information into a strategic asset for competitive advantage. View this webcast now!  See more Webcasts

IT Blogwatch: IE's market share is tanking Internet Explorer continue to lose market share -- mainly to Firefox and Safari. ... [more]