[ISN] Microsoft patches break some Web sites

From: InfoSec News (isn@private)
Date: Fri Nov 04 2005 - 09:09:21 PST


http://www.networkworld.com/news/2005/110305-microsoft-patches.html

By Jeremy Kirk
IDG News Service
11/03/05

Two patches released by Microsoft earlier this year for its Internet
Explorer browser may cause some Web sites not to load properly.

The bulletins, MS05-038 and MS05-052, removed "unsafe functionality"  
and change how the browser handles ActiveX controls for security
reasons, Stephen Toulouse, a program manager in Microsoft's security
unit, wrote on Thursday on the Microsoft Security Center Response
Blog.

After installing MS05-038, first published Aug. 9 on the Microsoft
Download Center, Web pages containing Component Object Model (COM)  
objects called monikers may not work as expected.

MS05-052, published Oct. 11, added an additional check for a specific
interface for ActiveX controls before allowing a COM object to run in
Internet Explorer. But it also blocks some Web pages containing
ActiveX controls, Microsoft said. Users who are missing certain
registry subkeys may also experience problems with this patch,
Microsoft said.

Microsoft has published instructions on how to resolve the MS05-038
issues [1].

Instructions for the two possible problems with MS05-052 can be found
here [2] and here [3].

[1] http://support.microsoft.com/kb/906294
[2] http://support.microsoft.com/kb/909889
[3] http://support.microsoft.com/kb/909738



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.



This archive was generated by hypermail 2.1.3 : Fri Nov 04 2005 - 09:15:12 PST