Microsoft Releases IE Security Update (URL spoofing finally patched)

Microsoft Technet ^ | 02/02/2004 | Microsoft

[general_re]

Microsoft Security Bulletin MS04-004

Cumulative Security Update for Internet Explorer (832894)

Issued: February 2, 2004
Version: 1.0

Summary

Who should read this document: Customers who are using Microsoft® Internet Explorer

Impact of vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Systems administrators should apply the security update immediately.

Security Update Replacement: This update replaces the one that is provided in Microsoft Security Bulletin MS03-048, which is itself a cumulative update.

Caveats: None

Tested Software and Security Update Download Locations:

Affected Software:

* Microsoft Windows NT® Workstation 4.0 Service Pack 6a
* Microsoft Windows NT Server 4.0 Service Pack 6a
* Microsoft Windows NT Server 4.0 Terminal Server Edition, Service Pack 6
* Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4
* Microsoft Windows XP, Microsoft Windows XP Service Pack 1
* Microsoft Windows XP 64-Bit Edition, Microsoft Windows XP 64-Bit Edition Service Pack 1
* Microsoft Windows XP 64-Bit Edition Version 2003
* Microsoft Windows Server® 2003
* Microsoft Windows Server 2003, 64-Bit Edition

[general_re]

Patch already available via Windows Update...

[Neets]

Oh cripes..not again.

[general_re]

Actually, this is a good thing - this bug has been known for some time, but now the fix is finally available. I strongly suggest that people using IE install the patch as soon as possible...

[old-ager]

Better apply it -- now ALL the hackers know about it.

[Neets]

No, I know it's a good thing...

...IT guy won't be happy to hear this tho...we have over 100 Lab computers that will need to be updated.

[general_re]

Ah. Well, at least you have a month to work it out, since I think that's it until March, patchwise ;)

[goldstategop]

Mercifully, the number of Windows patches has declined... two years ago it seemed as if Windows needed a patch every other week. Today you can go months before a critical upgrade is made available. I consider that progress.

[Cicero]

Good. We've been waiting for this one. Thanks for the heads up.

[Sledge]

Your IT guy needs to install a Software Update Server (SUS), which is available free from Microsoft. The SUS replaces the Automatic update feature on your Domain PC's with a SUS client. When updates are downloaded and approved on the SUS, they are automatically deployed to the client PC's.

The 100+ machine network I administer will be updating itself while I sleep. Life is good...

[GeronL]

I at this second, just finished downloading the thing, I'll install after I go offline.

it was an automatic update, I didn't even notice until it was 97% finished.

[GeronL]

Automatic Update.... its there for a reason... =o)

[George Smiley]

Oh, puhleeze.

Buffer Overflow City.

Microsoft is to security what the Clintons are to morality.

[general_re]

Thanks for the bump.

[antiRepublicrat]

Better apply it -- now ALL the hackers know about it.

This has been known for a very long time, to our surprise, MS finally got around to fixing it. When was it they were trying to say they fix security flaws faster than OSS?

[steplock]

How long did it take them to fix this HUGE hole?

Over a month? or has it been two months now?

How many millions of dollars have been lost to scams by this flaw?

Or WAS it a flaw? Could it have been a government order to attempt to spoof us?

[Ouachita]

Good. It seems that this patch has also corrected the problem with the vertical scrollbar in IE, which an earlier patch had apparently created.

[justlurking]

Duplicate thread:

http://www.freerepublic.com/focus/f-chat/1070325/posts

I really don't mind, though -- I just wanted to link the two together.

You probably didn't see it because I also posted it to "Front Page News".

[general_re]

Ah, I missed the magic combination of words that would reveal it when I searched - sorry ;)

[Rightone]

Thank you. THANK YOU! The double scroll problem is finally fixed. This, folks, is the problem whereby you click on the scrollbar and it goes down TWO screens instead of the expected one screen that popped up after a previous update. It now works properly again.

[adam_az]

http://www.mozilla.org/products/firebird/

That will fix your problem! ;)