Microsoft hotfix for IE patch available

Last Tuesday, problems forced Microsoft to put off the release of a hotfix for the cumulative Internet Explorer patch for security bulletin MS06-042. The patch from the August Patch Tuesday opened up a security hole in Internet Explorer 6 SP1 running on Windows 2000 and Windows XP SP1 systems. Attackers could exploit it to plant arbitrary program code.

The software giant has now reworked the announced hotfix and made it available starting immediately through Windows Update and as a download. Microsoft developers wrote in the Microsoft security blog that the hotfix was delayed because shortly before its release they discovered more problems related to the interplay of the patch with Microsoft's Baseline Security Analyzer (MBSA ) and Inventory Tool for Microsoft Updates (ITMU) analysis tools.

These tools are used primarily by large companies to search for and install necessary patches on their computers. Given this problem in the retracted version of the hotfix, it appears likely that it would not have been installed on the majority of those computers. Recognising that the lion's share of the machines affected by the security hole are operated in precisely that kind of environment, the company elected to rework the hotfix yet again so that the patch for the patch can now be installed on all affected computers without complication.

Microsoft recommends that all users of Internet Explorer 6 SP1 on Windows 2000 and Windows XP SP1 install the newly released update as soon as possible. Users who have switched off http-1.1 support can reactive it once the machine has been updated and restarted (Tools/Internet Options/Advanced/HTTP 1.1 Settings).

Please see also:

• MS06-042 Re-released, entry in Microsoft's Security Blog
• MS06-042, updated security bulletin from Microsoft

(ehe)