Microsoft replaces bug-filled patch

Share this article:

Microsoft today re-released a patch to replace a bug-filled fix that caused some applications to crash when users installed it beside Internet Explorer (IE) 6.0 Service Pack (SP)1 in conjunction with HTTP 1.1.

Redmond's security experts now hope the corrected patch will successfully solve the MS06-042 vulnerability that could lead to remote code execution caused by long URL buffer overflow.

The original patch was released Aug. 8, along with 11 other patches. But within a few days of the release, users started noticing unexpected web browser crashes, Marc Maiffret, co-founder and CTO of eEye Digital Security, has said.

"We are now urging IE 6.0 SP1 customers to go ahead and deploy this revised update as soon as possible," Mike Reavey, program manager of the Microsoft Security Response Center, said today on a company blog.

Reavey defended Microsoft's decision to delay the patch's release.

Microsoft held off on releasing the updated fix due to technology concerns in deployment tools, such as the Microsoft Baseline Security Analyzer (MBSA) and the Inventory Tool for Microsoft Updates (ITMU), which are used by customers running IE on Windows 2000, Reavey said.

"That would have meant that a significant portion of customers would have been unable to deploy the update if we had tired to release it on Aug. 22 as originally stated," he said. "This is very important. Because while some customers still using (IE 6.0 SP1) do utilize other detection and deployment technologies, a large portion still rely on the deployment technologies like MBSA and ITMU due to their support of older products and infrastructures."

Click here to email reporter Dan Kaplan.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.