More Microsoft Patch problems MS06-042
This has been one of the “problem child” patches this time around and it looks as though it’s worse than initially thought. Apparently, instead of “just” crashing IE SP1 when viewing compressed http 1.1 web pages on WinXP SP1 or Windows 2000 SP4…. as stated in Microsoft’s bulletins, this could also lead to a buffer overflow allowing for code execution. Microsoft is saying that they are not aware of that vulnerability being exploited or impacting customers at this time. The issue that was originally reported is detailed in this knowledge base article.
Sans now has a brief on this as well. It should be noted that exploits may be available soon.
–Update 8/24/06–
Microsoft has re-released the patch now, the Microsoft bulletin can be found here.
Brian Krebs at the Security Fix has the story as well and a good brief on the history of this one. He also points out that this is for IE6 SP1 only.
Popularity: 1% [?]
Related Posts - Microsoft security roundup OK - there have been a number of Excel problems floating around in the last week - week and a half. Securiteam blog has a FAQ on the Excel 0-day vulnerabilities with Excel and Excel Viewer Incidents.org kindly gives us a scoresheet documenting the three different vulnerabilities that have been......
- Microsoft Support extensions for XP Good news for Windows XP users (especially XP Home). Microsoft has extended the support period for XP Home and Pro. Originally, security patch related support was expected to end December 31st of this year. According to the article for XP Home... So for the consumer versions of Windows XP, mainstream......
- Microsoft should use a /home partition.... I saw this yesterday or day before... George Ou has said that Microsoft should move user data to it's own volume (or partition). He is ABSOLUTELY RIGHT. I think these days the default install for any modern operating system ought to assume you care enough about your data to seperate......
Related Websites - SAINT 7.9 Product Release From Saint Newletter: Key New Features in SAINT 7.9 Vulnerability Scanner Microsoft Patch Tuesday scan policy - This scan policy checks for the latest published Microsoft Patch Tuesday vulnerabilities (2nd Tuesday of each month) New Vulnerability Check Type Coverage now includes - Blind SQL injection Flash application - Flash application......
- How To: Programmatically Open Folders Recently as a part of support activity, I came across a unique task. This application had a windows service running on cluster of 8 different servers. To ensure that windows service is up and running, I had to check the timestamps of the log files this service was updating periodically.......
- Law Enforcement Badges and Memorabilia Different people have different interests when it comes to collecting memorabilia and other collectibles. For example, some people collect law enforcement badges and other law enforcement memorabilia. The reasons for such a collection may stem from having a history working with law enforcement or possibly having an ancestor that was......
Similar Posts
- Microsoft December 2005 Security updates
- Another update on the 0day Explorer exploit
- Exploits in the wild and other news
- Microsoft October 2006 patch Tuesday
- Two critical fixes from Microsoft on December patch Tuesday