In association with heise online

« previous | next »
13 September 2006, 11:18

The secret update -- the patch for the patch is now patched

On patch day, in addition to the new updates, Microsoft has also revisited two old ones - the cumulative IE update in MS06-042, which has been fixed once already, and the MS06-040 Server service patch. The latter is intended, according to Christopher Budd from Microsoft's security team, to resolve incompatibility issues. But the new IE update has a few surprises up its sleeve.

Group Manager Tony Chor explains the reasons for the new changes in the IE Blog. A new security vulnerability in Internet Explorer, similar to a previously resolved problem, was discovered. It occurred at a different point in the code and different program versions are affected too. Nonetheless a patch for this new flaw has been packed into the cumulative Internet Explorer update - published last month - retrospectively. This has already been modified once, after it initially opened up a new security vulnerability.

The problem occurs when parsing over-long URLs and carries the number CVE-2006-3873. It affects both Internet Explorer 5 and IE 6, where the current service packs for Windows 2003 Server (SP1) or XP (SP2) are not installed.

See also:

(ehe)

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-731492

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung SSD 830 Series 128GB
  2. Samsung SSD 830 Series 256GB
  3. Samsung SSD 830 Series Desktop Upgrade Kit 256GB
  4. Intel Core i5-3570K
  5. Samsung Galaxy S3 i9300 16GB blau
  6. Gigabyte GeForce GTX 670 OC
  7. Crucial m4 SSD 128GB
  8. Diablo 3 (deutsch)
  9. Palit GeForce GTX 670
  10. Samsung Galaxy Nexus i9250 16GB silber

The H

The H open source

The H Security

The H Internet Toolkit