Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Redmond's security experts now hope the corrected patch will successfully solve the MS06-042 vulnerability that could lead to remote code execution caused by long URL buffer overflow.
The original patch was released Aug. 8, along with 11 other patches. But within a few days of the release, users started noticing unexpected web browser crashes, Marc Maiffret, co-founder and CTO of eEye Digital Security, has said.
"We are now urging IE 6.0 SP1 customers to go ahead and deploy this revised update as soon as possible," Mike Reavey, program manager of the Microsoft Security Response Center, said today on a company blog.
Reavey defended Microsoft's decision to delay the patch's release.
Microsoft held off on releasing the updated fix due to technology concerns in deployment tools, such as the Microsoft Baseline Security Analyzer (MBSA) and the Inventory Tool for Microsoft Updates (ITMU), which are used by customers running IE on Windows 2000, Reavey said.
"That would have meant that a significant portion of customers would have been unable to deploy the update if we had tired to release it on Aug. 22 as originally stated," he said. "This is very important. Because while some customers still using (IE 6.0 SP1) do utilize other detection and deployment technologies, a large portion still rely on the deployment technologies like MBSA and ITMU due to their support of older products and infrastructures."
Click here to email reporter Dan Kaplan.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.