Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Wednesday, August 23, 2006

Update for MS06-042 on hold

Microsoft has acknowledged that last weeks security update didn’t go as smoothly as they hoped. The plan had been to provide a fix today as part of its regular Tuesday update but things are on hold for now. Apparently, the folks at the Microsoft Security Response Center found that testing the fix required more than just one week.

(More Info from Microsoft)

As a developer I can only guess this is a nightmare situation for the folks at Microsoft. There still exists an exploitable flaw in last weeks patch, yet it may be another week before we see a fix.  And even then, I may think twice about updating immediately.  It really depends how many threats appear in the wild trying to use this vulnerable code.

Microsoft Security Advisory (923762)

Meanwhile, my recommendation is to implement Microsoft’s “workaround”.

1.Start Internet Explorer 6.
2.On the Tools menu, click Internet Options, and then click the Advanced tab.
3.In the Settings box, click to clear the Use HTTP 1.1 check box under HTTP 1.1 settings, and then click OK.

Share on Facebook


Anonymous Anonymous said...

Bill P.
In your blog you posted how
to do a workaround for "Update MS06-042 on hold". I understand its
not necessary to use a workaround on certain platforms like IE6 XPSP2? Is this true or should I still do the workaround? I did install the update MS06-042 late last week with no problem to my windows XPSP2.

5:09 PM  
Blogger Unknown said...

Hi John,

You may never see any problems with IE since the MS06-042 update. It will only cause a problem if you go to a web site that uses HTTP 1.1 compression. If you do it will crash.

If however you are seduced into going to a malicious web site which takes advantage of this flaw, you could be infected.

I haven't read anything that says IE XPSP2 is immune.

The change suggested here is pretty simple and shouldn't impact your surfing.

12:16 PM  

Post a Comment

<< Home