Microsoft finally re-issues botched IE patch
2 days after expected, Microsoft has re-released a vital security update because of its Ie (IE) browser. The now stopped Mac form of Ie isn’t affected.
The re-released patch is essential since it “fully resolves” a significant security bug Microsoft introduced using the original update, launched 8 August.
Microsoft acknowledged there were issues with its update right after it had been released. Websites that used HTTP (HyperText Transfer Protocol) 1.1 compression to accelerate the installing of images might cause the browser to fail and customers of web-based programs for example PeopleSoft, Siebel, and Sage CRM had issues with the program.
The problem has no effect on customers of Microsoft’s latest Service Pack 2 form of Home windows XP, but customers of Ie 6 Service Pack 1 on Home windows 2000 Service Pack 4 and Home windows XP Service Pack 1 may take a hit, Microsoft stated.
A week ago, Microsoft launched a “hotfix” download that addressed these complaints, however the software vendor also made the decision to accept unusual step of announcing it might re-release the whole update (known as MS06-042). This could make sure that customers to Microsoft’s automatic update services would instantly get the fixed patch.
That update was slated to possess been launched this Tuesday, however it was ultimately postponed due to an “issue discovered in final testing”, Microsoft stated.
Just like Microsoft was announcing this delay, security scientists at eEye Digital Security revealed the safety issue, stating that Microsoft’s 8 August update had really produced a brand new IE bug that attackers could exploit to operate unauthorised software on the PC.
Though no attacks exploiting this bug happen to be reported, eEye thinks that the problem is critical.
“Unhealthy guys essentially learn about this and realize that this is an exploitable scenario,” eEye’s chief hacking officer Marc Maiffret stated on Tuesday.
While Microsoft presenting bugs in the security updates isn’t uncommon, it’s unusual for the organization to provide assistance with if this intends to fix these bugs, stated Russ Cooper, senior information security analyst for Cybertrust Corporation.
It’s also unusual for security firms like eEye to then investigate these bugs for security problems and disclose their existence before Microsoft has patched the issue, he added. “They ought to have reported this problem to Microsoft first, and just,Inch he stated, “After which anxiously waited for Microsoft to produce a fix.”