Update for MS06-042 on hold
Microsoft has acknowledged that last weeks security update didn’t go as smoothly as they hoped. The plan had been to provide a fix today as part of its regular Tuesday update but things are on hold for now. Apparently, the folks at the Microsoft Security Response Center found that testing the fix required more than just one week.
As a developer I can only guess this is a nightmare situation for the folks at Microsoft. There still exists an exploitable flaw in last weeks patch, yet it may be another week before we see a fix. And even then, I may think twice about updating immediately. It really depends how many threats appear in the wild trying to use this vulnerable code.
Meanwhile, my recommendation is to implement Microsoft’s “workaround”.
|1.||Start Internet Explorer 6.|
|2.||On the Tools menu, click Internet Options, and then click the Advanced tab.|
|3.||In the Settings box, click to clear the Use HTTP 1.1 check box under HTTP 1.1 settings, and then click OK.|