Microsoft Flubs Patch, Putting Users At Risk 209
An anonymous reader writes "Microsoft is rushing to fix a flaw introduced by the company's latest security update to Internet Explorer. From the article: 'The flaw, initially thought to only crash Internet Explorer, actually allows an attacker to run code on computers running Windows 2000 and Windows XP Service Pack 1 that have applied the August cumulative update to Internet Explorer 6 Service Pack 1, security firm eEye Digital Security asserted. The update, released on August 8, fixed eight security holes but also introduced a bug of its own, according to Marc Maiffret, chief hacking officer for the security firm, which notified Microsoft last week that the issue is exploitable.'"
Re:Closed source strikes again (Score:5, Informative)
Just Please... (Score:5, Informative)
Please don't automatically reboot my machines again when the patch's patch is installed. I have the custom options in MS Update to allow me to control install/reboot for the updates. Well, it ignored that this week and rebooted 2 of my machines for me.
Then, I noticed that The Register had a couple of articles this week about the same thing happening to others.
Just who in the hell does MS think they are?
Oh, and if the patch's patch's patch needs a reboot as well, don't do that too.
Oh, and if.... nevermind.
Re:will it cause problems? (Score:3, Informative)
Re:will it cause problems? (Score:2, Informative)
Re:Closed source strikes again (Score:0, Informative)
If there was a flaw in Windows (a hypothetical one, I don't mean the one from today), and someone posted "Haha! This sort of thing would never happen if you used Ubuntu!" without the link to Ubuntu's screw up, it would moderated up - maybe not to 5, but it sure as hell wouldn't be moderated as a troll.
Re:will it cause problems? (Score:3, Informative)
Well, count me as "not anyone". I still run Win2000 on two machines, and my one XP box is still SP1 because I refuse to install WGA [wikipedia.org]. On the other hand, this now prevents me from using Windows Update as well so you could say it doesn't affect me, but I can still update through WindizUpdate [windizupdate.com] though I'm not sure if the broken patch made it there or not.
Point being...there are still people who haven't gone to SP2 or even XP yet and don't plan to, but they still install updates. They might be a small minority percentage-wise, but that doesn't mean there's not lots of them out there.
Re:will it cause problems? (Score:2, Informative)
Disable HTTP 1.1 (Score:4, Informative)
Internet Explorer 6 Service Pack 1 unexpectedly exits after you install the 918899 update
Additionally they go on to say in this article: A new version of security update 918899 is currently in development and will be released to all Microsoft Internet Explorer 6 Service Pack 1 customers by August 22, 2006.
This patch was NOT released today - they LIED! :-)
Since that change, the crashes stopped at least but now that this is out I have much move incentive to upgrade our last few W2K machines up to WinXPSP2.
Re:Closed source strikes again (Score:2, Informative)
Re:will it cause problems? (Score:3, Informative)
At the risk of sounding redundant:
1 The 300 MB download is for system administrators and others who need the SP in all possible configurations.
2 Windows Update downloads all necessary components in the background. This shouldn't be a problem even over a dial-up connection.
3 Service Packs are available on CD, for a nominal S&H charge.
Re:Sick of this crap (OT) (Score:3, Informative)
Re:Question (Score:3, Informative)
It's not quite that simple. If you have a corporate install of several tens of thousands PCs using the same base OS package, then the base package must be compatible with all applications that are to be deployed upon it. Now, XP SP2 breaks several applications, this is a known fact. Therefore, it may be more trouble rolling out SP2 on short notice instead of keeping up with hotfixes and using other measures (firewalls, anti-virus, IDS) to keep on top of security vulnerabilities in the SP1 base package.
Corporate installs are thus more likely to be one or more Service Packs behind. This has been common practice since NT4 times.
MartRe:Closed source strikes again (Score:3, Informative)