Computer Tips -Tech Info

This has been one of the “problem child” patches this time around and it looks as though it’s worse than initially thought. Apparently, instead of “just” crashing IE SP1 when viewing compressed http 1.1 web pages on WinXP SP1 or Windows 2000 SP4…. as stated in Microsoft’s bulletins, this could also lead to a buffer overflow allowing for code execution. Microsoft is saying that they are not aware of that vulnerability being exploited or impacting customers at this time. The issue that was originally reported is detailed in this knowledge base article.

Sans now has a brief on this as well. It should be noted that exploits may be available soon.

–Update 8/24/06–

Microsoft has re-released the patch now, the Microsoft bulletin can be found here.

Brian Krebs at the Security Fix has the story as well and a good brief on the history of this one. He also points out that this is for IE6 SP1 only.

Popularity: 1% [?]

Similar Posts

• Microsoft December 2005 Security updates
• Another update on the 0day Explorer exploit
• Exploits in the wild and other news
• Microsoft October 2006 patch Tuesday
• Two critical fixes from Microsoft on December patch Tuesday

This entry was posted on Tuesday, August 22nd, 2006 at 3:57 pm and is filed under Computers, Security-Vulnerabilities, Security-updates, Windows Software, Windows Tech Support. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.