Microsoft releases update to August IE patch

By Justin Mann on September 12, 2006, 7:30 PM
A patch for a patch is something we've come to expect from Microsoft now and then, so it wasn't a real surprise to hear about a silently released update for IE. The MS06-042 patch, released in August, addressed a security flaw in IE. This patch, as of today, has been re-released, to address yet another security flaw that was introduced because of the older patch. Once again, it was the team over at eEye Digital Security that discovered the flaw, which centered around HTTP and compression:

According to Microsoft's security bulletin, the IE patch was updated September 12 to fix another remote code execution vulnerability in IE's handling of long URLs from Websites using HTTP 1.1 protocol and compression. That's almost identical to the problem introduced in the original version of the patch, then discovered by security researchers at eEye Digital Security.
The turn around was fairly quick this time, a welcome relief to those who often must wait months or more for a critical patch to be ready.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.