AOH :: ISN-1244.HTM

Download Problem Interferes with IE Patch Release




Download Problem Interferes with IE Patch Release
Download Problem Interferes with IE Patch Release



http://www.eweek.com/article2/0,1895,1846419,00.asp 

By Ryan Naraine 
August 9, 2005 

Microsoft late Tuesday confirmed that its "critical" Internet Explorer
patches had to be pulled after a hiccup caused some of the downloads
to be corrupted.

The glitch was detected by users attempting to install the IE patch
from the Microsoft Download center.

"Shortly after we released the updates this morning we found that
several of the Internet Explorer updates provided only to the Download
Center were corrupted, breaking the digital signature and preventing
them from installing," a post on the official Internet Explorer Weblog
said.

The patches posted on Microsoft Update and Windows Update were not
affected by the glitch and are installing properly.

"We've identified the problem, removed the affected updates from the
Download Center, and will repost them shortly to correct the issue,"  
said Jeremy Mazner, technical evangelist for Windows Vista and IE.

The cumulative IE update was part of the August release of six
security bulletins from the software maker to cover eight
vulnerabilities in the Windows operating system. The IE bulletin
carries a "critical" rating and delivers patches for three separate
remote code execution flaws in the world's most widely used browser.

The most serious of the three is a flaw in the way IE handles JPEG
images. An attacker could exploit the vulnerability by creating a
malicious JPEG image and luring a Web surfer to view the image. "An
attacker who successfully exploited this vulnerability could take
complete control of an affected system," the company said, adding that
the malicious image could also be distributed via e-mail.

The bulletin also includes patches for a cross-domain flaw in IE that
could lead to system takeover and information disclosure attacks.

A third remote code execution bug was found in the way the browser
instantiates COM Objects that are not intended to be used in Internet
Explorer. This flaw could also be exploited by an attacker to take
"complete control" of an unpatched system, Microsoft Corp. warned.



_________________________________________
Attend ToorCon 
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org 

Site design & layout copyright © 1986-2014 CodeGods