Despite the patch problems, Microsoft continues to urge people to apply the MS06-042 fixes, since they resolve a number of vulnerabilities.
Microsoft Corp. has confirmed that it will re-release a security bulletin issued last week because it's making some users' browsers crash when they visit certain sites.
The MS06-042 bulletin, which fixed 8 flaws in Internet Explorer 5.01 and 6, will be recrafted, then re-released next Tuesday, Aug. 22, a company security program manager said Wednesday.
"We've made an update to MS06-042 to let customers know of an issue they might see after applying the update to Internet Explorer 6 Service Pack 1 systems," wrote Mike Reavey, the operations manager of the Microsoft Security Response Center (MSRC), on the group's blog.
Users running IE 6 SP1 on Windows XP SP1 and Windows 2000 systems will watch their browsers crash when they visit sites that have both compression and the HTTP 1.1 protocol enabled.
Until MS06-042 is re-released, users can apply a Microsoft-made hotfix. However, it's not available for download; users must contact Microsoft's product support by telephone to request the hotfix.
Even though last week's patches may crash some users' copies of IE, Microsoft continued to urge everyone to apply the MS06-042 fixes. "Since [it] resolves a number of security vulnerabilities we recommend customers continue to deploy the update," said Reavey.
Users running IE 6 on systems powered by Windows XP SP2, Windows Server 2003, or Windows System 2003 SP1 are unaffected by the bug and will not need to re-deploy the patched patch next week.
The IE glitch wasn't the only problem with the Aug. 8 fixes that Microsoft has copped to. On Tuesday, it revised the MS06-040 bulletin to acknowledge that after installing the patch, programs which request a large amount of contiguous memory -- Microsoft Business Solutions' Navivision 3.70 was the example given -- may crash. The problem crops up only on systems running the 32-bit version of Windows Server 2003 SP1.
The Redmond, Wash. developer also went out of its way to tell users that the fix in MS06-040 does not take care of another bug in the Server service which popped up earlier this month. That flaw, which when exploited generates a denial-of-service (Dos) on an unspecified range of Windows operating systems, is still on Microsoft's to-do list.
"Its [sic] important to distinguish that while MS06-040 addresses a vulnerability in the Server Service it does not resolve the Denial of Service issue I spoke about earlier," wrote MSRC program manager Adrian Stone last week on the team's blog. "We are still working on the security update for the DoS issue and the report for it came in after we had completed our testing cycle for MS06-040.
"With the importance and potential severity previously mentioned regarding MS06-040, we felt it was important to get the security update out as soon as possible. We'll continue working on the DoS issue and will release a security update once it's reached an appropriate level of quality," Stone concluded.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.