RSSMicrosoft Re-Re-Releases IE Patch
By Nate Mook | Published September 13, 2006, 4:53 PM
Acknowledging that its patching process has "not been an example of our best work," Microsoft this week issued a second update to security bulletin MS06-042, which was released in August. The original patch included a security vulnerability - and it turns out the fix introduced even more.
MS06-042, which was intended to resolve a number of security vulnerabilities in Internet Explorer, shipped with a deployment issue. The patched caused IE6 to crash when a site that uses the HTTP 1.1 protocol and compression is visited.
It was later discovered that the bug also opened the door to attackers. The existence of a vulnerability in the patch was first announced by eEye Digital Security, which Microsoft chided for publicly disclosing the flaws.
An update to MS06-042 was issued on August 24, and Microsoft urged all users to upgrade. However, that fix also apparently contained a number of other security holes, the company has disclosed.
"A similar vulnerability was also discovered in IE5.01 on Windows 2000, IE 6.0 SP1 (in a different location), and the original release of Windows Server 2003 (not SP1). This re-release fixes that vulnerability," said IE group program manger Tony Chor.
"This release and the need for subsequent re-releases have certainly been a learning experience for us," Chor conceded, adding that, "we have used this experience to improve our processes and increase transparency to ensure all of our releases are of the quality we expect and our customers deserve."
The problems with the Internet Explorer patch is not the first time that Microsoft has had to deal with secondary issues caused by its fixes. In April, it had to reissue a patch because certain NVidia and Hewlett Packard printer drivers were incompatible with the update.
Thats it! I've had it! I'm going to dump Windoze and use Linux instead...
...heh, just kidding :)
Score: 0
|They can re-issue the patch 50,000 times as far as I'm concerned. If there are no exploits for the new "holes" made by the previous patch, then PRACTICALLY SPEAKING it's a non-issue...
Score: 0
|At least this isn't a common occurance. Everyone deserves a break now and then, and in this case people should cut them some slack.
Score: 0
|If at first you don't succeed.....
Score: 0
|Hardy har har ... Oh look, another chance to bash MS, and look who's here copying snippets and adding sly comments ... iiiiiiittts PC Twa% trolling his highly informative views about his ex.
Did they hurt you so ... do you still cry at night ?
Nevermind, there will be another MS story soon. Oh look, a thread about the new MS mp3 player, i wonder whos the first to slate it .... iiiiiiiittts PC Twa% :)
Score: 0
|Galway you are absolutely right. Microsoft the one company that makes almost money as much as the rest of the i.t. industry combined makes mistakes almost as much one as well, a big company that doesn't know what they are doing and can't handle their success. This is most likely because they were never meant to have it in the first place. They suck, plain and simple. They have the best paid, (possibly) programmers and software designers in the industry. yet, they can't relase a product on time, they can't ship a reliable product and they can't ship a secure product. So either those programmers need to start from scartch or let india take over the programming. After all india is known to have far smarter people then the u.s. does. Because we are worried about money they are worried about getting smart. Who will win in the end? I know our jobs won't because they can program better at a third of the price. Sad to say huh.....
Score: 0
|Damn...
They fire you too?
Score: 0
|The problem:
Vendor X writes buggy program Y that "cheats" the registry--i.e., it does not reference a specific entry, but may look for the 11th entry and use it, or it may reference something by name and the name includes the version number (version changes with a patch). Now, the third-party program screws up, and may also screw up windows because the patch changes or moves the registry entries effecting the code written by the poor programmers.
Now, MS must be compatible with other programs, but the programs must also be compatible with XP SP1, SP2, and future-proof with SP3. Many times the programmers can easily do this with a little extra work, but since they are lazy like me, they do it the easiest way I refer to as "cheating". This is why it is so dam hard for MS to write patches--it is third-party software conflicts more often than not.
Score: 0
|Amazingly, it is Microsoft itself that wrote IE and Microsoft Word 2000, the two latest patches that MS seems to be having trouble with.
Score: 0
|Yes, but read the last line:
"In April, it had to reissue a patch because certain NVidia and Hewlett Packard printer drivers were incompatible with the update."
That is what I was talking about--HP and nvidia software causing the patch to waste windows. This issue in question is actually just microsoft I see though--but Word 2000 is unrelated.
Score: 0
|Who told you Microsoft wronte ie. It was bought from some other company, just like all other programs microsoft sells.
Score: 0
|They didn't write Windows?
Won't Mr. Gates be surprised.
Score: 0
|Oh well? I love patch release news.
Score: 0
|...
It's tricky business, and Microsoft seems
to be making a sincere effort to rectify
issues.
Can't ask for more than ~that~ !
...
The Computer Rodent
...
Score: 0
|I'm not questioning corporate "effort" - just saying that there are going to be more problems with patches compared to anything else because of the team structure.
Score: 0
|...
"because of the
team structure"
...
No. Patches are just tricky because they're
necessarily done without beta testing and
there's ~lots~ of unforseen ramifications
possible.
Ain't like Vista which is being being written
as homework assignments by kids from
Microsoft High in Philadelphia.
...
The Computer Rodent
...
"Share a file /
Go to jail !"
...
Score: 0
|Not their best work? No kidding... The guys doing their patches is sustained engineering; filled with new blue badges, contract fill-ins, and managers finding their way. Duh.
Score: 0
|...
"new blue badges,
contract fill-ins,
and managers finding
their way"
...
Microsoft uses a LOT of contract employees,
but they don't send out for day laborers from
the temp agency to make security patches.
The Microsofties trying to put together Vista
for the past MORE THAN FIVE YEARS are
probably day labor from temp agencies,
though.
...
The Computer Rodent
...
Score: 0
|