RE: MS 3/28/02 Security Patch for IE6 - warning!

From: Eric (ewsat_private)
Date: Tue Apr 02 2002 - 22:14:23 PST

Next message: Andreas Sandblad: "Winamp: Mp3 file can control the minibrowser"

Previous message: Thor Larholm: "RE: MS 3/28/02 Security Patch for IE6 - warning!"
In reply to: Thor Larholm: "RE: MS 3/28/02 Security Patch for IE6 - warning!"
Next in thread: the Pull: "RE: MS 3/28/02 Security Patch for IE6 - warning!"
Reply: the Pull: "RE: MS 3/28/02 Security Patch for IE6 - warning!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Theregister was running the script locally - in the myComputer zone.  If 
you host the malicious html on a webpage, etc. then the patch does indeed 
prevent the execution of code.

At 12:51 AM 4/3/2002 +0200, Thor Larholm wrote:
>Further, the patch doesn't seem to work completely:
>
>http://www.theregister.co.uk/content/4/24667.html
>
>Though, in other cases, it works better than expected:
>
>http://jscript.dk/unpatched/N280302-01.html
>
>A revision of the patch may be in place.
>
>Regards
>Thor Larholm
>Jubii A/S - Internet Programmer
>
>-----Original Message-----
>From: Phil Dibowitz [mailto:webmasterat_private]
>Sent: 2. april 2002 20:44
>To: bugtraqat_private
>Subject: MS 3/28/02 Security Patch for IE6 - warning!
>
>
>BugTraq'ers,
>
>I usually consider this list a bit over my head, and don't post, just read.
>I'm
>not totally sure this is on-topic, but I think it is. =)
>
>The MS Security Patch for IE6:
>
>----------------
>Security Update, March 28, 2002 (Internet Explorer 6)
>2456 KB/ Download Time: < 1 min The "28 March 2002 Cumulative Patch for
>Internet
>Explorer" update eliminates all previously addressed security
>vulnerabilities
>affecting Internet Explorer 6, as well as two new vulnerabilities, and is
>discussed in Microsoft Security Bulletin MS02-015. Download now to protect
>your
>computer from these vulnerabilities, the most serious of which could allow a
>
>malicious user to run code on your computer.
>----------------
>(That's directly from the MS Windows Update Site)
>
>Seems to be pretty buggy. It trashed a Win2K machine of mine yesterday.
>After
>installing, I rebooted and shortly after lost my network connection... then
>I
>was unable to get into 'Network and Dialup Connections' or 'Add/Remove
>programs.' I tried recovery from 'Safe Mode' and 'Last known good
>configuration'
>options at boot, but I had the same problems in both modes. Doing a
>'recovery'
>from CD didn't fix it either. As a last resort I chose to do an 'upgrade'
>from
>CD which downgraded IE6 to IE5 fixing the problem. I was then able to patch
>up
>to the latest IE MINUS that patch.
>
>A friend mine also had a very similar experience with the patch. I'm curious
>to
>know if others have the same problem, and I also wanted to warn people.
>
>Phil
>--
>Insanity Palace of Metallica
>http://www.ipom.com
>webmasterat_private
>--

Next message: Andreas Sandblad: "Winamp: Mp3 file can control the minibrowser"
Previous message: Thor Larholm: "RE: MS 3/28/02 Security Patch for IE6 - warning!"
In reply to: Thor Larholm: "RE: MS 3/28/02 Security Patch for IE6 - warning!"
Next in thread: the Pull: "RE: MS 3/28/02 Security Patch for IE6 - warning!"
Reply: the Pull: "RE: MS 3/28/02 Security Patch for IE6 - warning!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 03 2002 - 09:04:35 PST