In association with heise online

13 September 2006, 10:18

The secret update -- the patch for the patch is now patched

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

On patch day, in addition to the new updates, Microsoft has also revisited two old ones - the cumulative IE update in MS06-042, which has been fixed once already, and the MS06-040 Server service patch. The latter is intended, according to Christopher Budd from Microsoft's security team, to resolve incompatibility issues. But the new IE update has a few surprises up its sleeve.

Group Manager Tony Chor explains the reasons for the new changes in the IE Blog. A new security vulnerability in Internet Explorer, similar to a previously resolved problem, was discovered. It occurred at a different point in the code and different program versions are affected too. Nonetheless a patch for this new flaw has been packed into the cumulative Internet Explorer update - published last month - retrospectively. This has already been modified once, after it initially opened up a new security vulnerability.

The problem occurs when parsing over-long URLs and carries the number CVE-2006-3873. It affects both Internet Explorer 5 and IE 6, where the current service packs for Windows 2003 Server (SP1) or XP (SP2) are not installed.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit