Despite the patch problems, Microsoft continues to urge people to apply the MS06-042 fixes, since they resolve a number of vulnerabilities.
Microsoft Corp. has confirmed that it will re-release a security bulletin issued last week because it's making some users' browsers crash when they visit certain sites.
The MS06-042 bulletin, which fixed 8 flaws in Internet Explorer 5.01 and 6, will be recrafted, then re-released next Tuesday, Aug. 22, a company security program manager said Wednesday.
"We've made an update to MS06-042 to let customers know of an issue they might see after applying the update to Internet Explorer 6 Service Pack 1 systems," wrote Mike Reavey, the operations manager of the Microsoft Security Response Center (MSRC), on the group's blog.
Users running IE 6 SP1 on Windows XP SP1 and Windows 2000 systems will watch their browsers crash when they visit sites that have both compression and the HTTP 1.1 protocol enabled.
Until MS06-042 is re-released, users can apply a Microsoft-made hotfix. However, it's not available for download; users must contact Microsoft's product support by telephone to request the hotfix.
Even though last week's patches may crash some users' copies of IE, Microsoft continued to urge everyone to apply the MS06-042 fixes. "Since [it] resolves a number of security vulnerabilities we recommend customers continue to deploy the update," said Reavey.
Users running IE 6 on systems powered by Windows XP SP2, Windows Server 2003, or Windows System 2003 SP1 are unaffected by the bug and will not need to re-deploy the patched patch next week.
The IE glitch wasn't the only problem with the Aug. 8 fixes that Microsoft has copped to. On Tuesday, it revised the MS06-040 bulletin to acknowledge that after installing the patch, programs which request a large amount of contiguous memory -- Microsoft Business Solutions' Navivision 3.70 was the example given -- may crash. The problem crops up only on systems running the 32-bit version of Windows Server 2003 SP1.
The Redmond, Wash. developer also went out of its way to tell users that the fix in MS06-040 does not take care of another bug in the Server service which popped up earlier this month. That flaw, which when exploited generates a denial-of-service (Dos) on an unspecified range of Windows operating systems, is still on Microsoft's to-do list.
"Its [sic] important to distinguish that while MS06-040 addresses a vulnerability in the Server Service it does not resolve the Denial of Service issue I spoke about earlier," wrote MSRC program manager Adrian Stone last week on the team's blog. "We are still working on the security update for the DoS issue and the report for it came in after we had completed our testing cycle for MS06-040.
"With the importance and potential severity previously mentioned regarding MS06-040, we felt it was important to get the security update out as soon as possible. We'll continue working on the DoS issue and will release a security update once it's reached an appropriate level of quality," Stone concluded.
The Business of Going DigitalDigital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.