Microsoft To Fix Patch That Crashes IE - InformationWeek
02:44 PM

Microsoft To Fix Patch That Crashes IE

Despite the patch problems, Microsoft continues to urge people to apply the MS06-042 fixes, since they resolve a number of vulnerabilities.

Microsoft Corp. has confirmed that it will re-release a security bulletin issued last week because it's making some users' browsers crash when they visit certain sites.

The MS06-042 bulletin, which fixed 8 flaws in Internet Explorer 5.01 and 6, will be recrafted, then re-released next Tuesday, Aug. 22, a company security program manager said Wednesday.

"We've made an update to MS06-042 to let customers know of an issue they might see after applying the update to Internet Explorer 6 Service Pack 1 systems," wrote Mike Reavey, the operations manager of the Microsoft Security Response Center (MSRC), on the group's blog.

Users running IE 6 SP1 on Windows XP SP1 and Windows 2000 systems will watch their browsers crash when they visit sites that have both compression and the HTTP 1.1 protocol enabled.

Until MS06-042 is re-released, users can apply a Microsoft-made hotfix. However, it's not available for download; users must contact Microsoft's product support by telephone to request the hotfix.

Even though last week's patches may crash some users' copies of IE, Microsoft continued to urge everyone to apply the MS06-042 fixes. "Since [it] resolves a number of security vulnerabilities we recommend customers continue to deploy the update," said Reavey.

Users running IE 6 on systems powered by Windows XP SP2, Windows Server 2003, or Windows System 2003 SP1 are unaffected by the bug and will not need to re-deploy the patched patch next week.

The IE glitch wasn't the only problem with the Aug. 8 fixes that Microsoft has copped to. On Tuesday, it revised the MS06-040 bulletin to acknowledge that after installing the patch, programs which request a large amount of contiguous memory -- Microsoft Business Solutions' Navivision 3.70 was the example given -- may crash. The problem crops up only on systems running the 32-bit version of Windows Server 2003 SP1.

Microsoft has a hotfix for this bug as well; users must, however, phone support to obtain it.

The Redmond, Wash. developer also went out of its way to tell users that the fix in MS06-040 does not take care of another bug in the Server service which popped up earlier this month. That flaw, which when exploited generates a denial-of-service (Dos) on an unspecified range of Windows operating systems, is still on Microsoft's to-do list.

"Its [sic] important to distinguish that while MS06-040 addresses a vulnerability in the Server Service it does not resolve the Denial of Service issue I spoke about earlier," wrote MSRC program manager Adrian Stone last week on the team's blog. "We are still working on the security update for the DoS issue and the report for it came in after we had completed our testing cycle for MS06-040.

"With the importance and potential severity previously mentioned regarding MS06-040, we felt it was important to get the security update out as soon as possible. We'll continue working on the DoS issue and will release a security update once it's reached an appropriate level of quality," Stone concluded.

Microsoft took other steps to insure that the MS06-040 fix was in customers' hands as soon as possible. For the first time, the company admitted to prioritizing critical patches, and it used a new warning label when patches were delivered to users via Microsoft Update or Windows Update.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
2017 State of IT Report
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends for 2018
As we enter a new year of technology planning, find out about the hot technologies organizations are using to advance their businesses and where the experts say IT is heading.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll