Microsoft Releases Critical IE Patch 172
Laura Brown writes "Microsoft has released its security software patches for April. The most anticipated is the MS06-013 patch, which fixes several IE bugs, including the "create TextRange ()" vulnerability. Hackers had been exploiting this problem by installing unauthorized software on PCs.
"
The Exploit (Score:5, Informative)
And here's Microsoft's acknowledgement [microsoft.com] of the exploit (dated 03.23.2006).
And here's an "expert" saying that releasing the above exploit is irresponsible [sys-con.com] (dated 03.24.2006).
It is now 04.12.2006 and a patch is out to correct it.
*checks his watch*
Not bad, but your response time could use some imporvement.
ActiveX, Java and Flash controls may be impacted (Score:5, Informative)
This won't affect IE6 on Windows 2000, and it's worth noting that things like Flash will work just fine in Firefox, Mozilla or Opera on Windows too.
Re:The Exploit (Score:3, Informative)
Re:ActiveX, Java and Flash controls may be impacte (Score:5, Informative)
Amusingly, this behavior can be disabled with either a patch or a registry change. [microsoft.com]
Re:I DLed them this AM. A question... (Score:3, Informative)
Re:Schedule Over Security? (Score:2, Informative)
Regardless they will and do relevant testing, takes days to weeks depending on scope of change its effects... sometimes the effects ripple out to third-parties which can further delay deployment.
I generally don't like Windows the product or many of MS current and prior practices but I do understand the issue they face when releasing a patch into such a large and diverse customer ecosystem.
The article's titles doesn't do it justice (Score:4, Informative)
Source (Score:2, Informative)
Re:Schedule Over Security? (Score:4, Informative)
There, fixed that for you.
Re:Why? (Score:2, Informative)
I'm not sure if you can install it automatically (through sms or whatever it's called), so it might not be practical if you have to install it on a lot of computers.
Re:You mean, IE users point and laugh (Score:1, Informative)
Also, this "click to enable" feature can be bypassed using JavaScript. That is not a bug, Microsoft allowed this as a workaround.