Software / Services August 24, 2006 3:00 PM

Microsoft Finally Reissues Botched IE Patch

By Robert McMillan, IDG News Service

Two days later than expected, Microsoft has reissued a critical security update for its Internet Explorer browser.

The reissued patch is important because it "fully resolves" a serious security bug Microsoft introduced with the original update, released August 8.

Microsoft acknowledges that there were problems with its update soon after it was issued. Web sites that used HTTP (HyperText Transfer Protocol) 1.1 compression to speed up the downloading of images could cause the browser to fail, and users of Web-based applications such as PeopleSoft, Siebel, and Sage CRM had problems with the software.

The issue does not affect users of Microsoft's latest Service Pack 2 version of Windows XP, but users of Internet Explorer 6 Service Pack 1 on Windows 2000 Service Pack 4 and Windows XP Service Pack 1 are affected, Microsoft says.

Coming Through Auto Update

Last week, Microsoft released a "hotfix" download that addressed these problems, but the software vendor also decided to take the unusual step of announcing that it would rerelease the entire update (called MS06-042). This would ensure that subscribers to Microsoft's automatic update services would receive the fixed patch.

That update had been slated for release on August 22, but it was ultimately delayed because of an "issue discovered in final testing," Microsoft says.

Just as Microsoft was announcing this delay, security researchers at eEye Digital Security disclosed the security issue, saying that Microsoft's August 8 update had actually created a new IE bug that attackers could exploit to run unauthorized software on a PC.

Though no attacks exploiting this bug have been reported, eEye believes that the issue is critical.

"The bad guys basically know about this and know that it's an exploitable scenario," eEye's chief hacking officer Marc Maiffret said Tuesday.

Microsoft has published a security advisory on this issue.

While Microsoft's introducing bugs in its security updates is not uncommon, it is unusual for the company to give guidance on when it plans to fix such bugs, says Russ Cooper, senior information security analyst for Cybertrust.

It is also unusual for security firms like eEye to then investigate the bugs for security problems and disclose their existence before Microsoft has patched the problem, he adds. "They should have reported ... this issue to Microsoft first, and only," he says. "And then waited for Microsoft to release a fix."

Microsoft has posted additional details on the newly rereleased MS06-042 security update.

Sponsored Resource:Find your perfect All-in-One printing solution from HP.

Read more like this: microsoft , ie, internet explorer, browser bug, patch, security patch, late security patch

Add Yours

Comments Readers reply with their ideas and expertise.

Subscribe to this discussion via email or RSS

What do you think?

Posting comment ...

Save on Printing Costs

How a print management strategy can benefit your bottom line. Read more here.

Business News Daily

Get the latest technology news that's important to you and your business, fresh seven days a week.

Internet downloads

Free Internet Eraser Clean up traces of your surfing activity.
Business Startup Expert Business Startup Expert - Business Plan Creator and Startup Manager Software
Business Turnaround Expert Business Turnaround Expert provides tools and strategies to help grow profilts.
Business Icon Set Business Icon Set lets you spice up your software or websites with fine icons
Internet Explorer History Eraser Internet evidence eraser eliminates all typed URL record of browser from your pc

311 more results...

Latest in Business Center Blogs

Tech Inciter - December 18, 2009 7:55 AM
Facebook Target of FTC Privacy Complaint Ten privacy groups have filed a complaint with the Federal Trade Commission that seeks a roll-back of recent changes to Facebook's privacy policy.
BizFeed - December 18, 2009 6:37 AM
Windows Mobile on Life Support, Drops Behind iPhone The iPhone has jumped into the number two spot for smartphones in the U.S. while Microsoft is pushing Windows Mobile 7 back farther to the end of 2010.
Tech Inciter - December 17, 2009 4:41 PM
Shut Down "Fake Steve Jobs" Not AT&T "Operation Chokehold" is a fun fantasy that has gone too far. What if someone gets hurt?
BizFeed - December 17, 2009 2:24 PM
Google Phone and Netbook Hint at Apple Playbook Google is shaking things up by getting into mobile phone and netbook hardware according to rumors. What exactly is Google's grand strategy?
BizFeed - December 17, 2009 11:38 AM
BlackBerry Outage Not Winning Any Fans for RIM RIM suffered a brief e-mail outage. The situation is resolved, but in a tough smartphone market any outage is bad for business.
Tech Inciter - December 17, 2009 11:31 AM
Is a Google Netbook on the Horizon? What won't Google do to extend its reach into businesses and homes. If a handset seemed far-fetched, a Chrome OS netbook almost makes sense.

All Blogs »

Featured Webcasts

Mobile Management: Reducing Risks and Maximizing Return
Type: audio

Company: Absolute Software

Categories: Mobile ,Networking,Security
The Advantages of Row and Rack- Oriented Cooling Architectures for Data Centers
Type: whitepaper

Company: APC by Schneider Electric

Categories: Green Tech,Networking,Virtualization

More webcasts »

Name	City

Address 1	State	Zip

Address 2	E-mail (optional)

Resource Centers

Microsoft Finally Reissues Botched IE Patch

People who read this also read:

Coming Through Auto Update

Comments Readers reply with their ideas and expertise.

What do you think?

Save on Printing Costs

Business News Daily

Internet downloads

Latest in Business Center Blogs

Featured Webcasts

Free Whitepapers

Software and Services Whitepapers from PC World

Whitepaper Alerts

PC World's Marketplace

Sponsored Links

More from the PC World BusinessCenter

Resources

Network