A patch for a patch is something we've come to expect from Microsoft
now and then, so it wasn't a real surprise to hear about a silently released update
for IE. The MS06-042 patch, released in August, addressed a security flaw in IE. This patch, as of today, has been re-released, to address yet another security flaw that was introduced because of the older patch. Once again, it was the team over at eEye Digital Security
that discovered the flaw, which centered around HTTP and compression:
According to Microsoft's security bulletin, the IE patch was updated September 12 to fix another remote code execution vulnerability in IE's handling of long URLs from Websites using HTTP 1.1 protocol and compression. That's almost identical to the problem introduced in the original version of the patch, then discovered by security researchers at eEye Digital Security.
The turn around was fairly quick this time, a welcome relief to those who often must wait months or more for a critical patch to be ready.