Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Microsoft Re-patches Repatch, Issues Third Fix For IE Flaws

Among the patches posted Tuesday by Microsoft Corp. in its regular monthly release was a re-repatch of a fix for Internet Explorer that had already been pushed to users twice.

The Tuesday re-release of MS06-042, which debuted Aug. 8, included fixes for 10 vulnerabilities -- two more than in the original -- because of yet another bug uncovered by eEye Digital Security, a California-based company that was blasted last month by Microsoft for not abiding by its unwritten vulnerability disclosure rules.

The newly-patched bug in IE was reported by eEye to Microsoft Aug. 24, the same day that the Redmond, Wash.-based developer issued its first re-release of MS06-042 to fix another flaw it had overlooked. This second bug, said eEye in an online advisory, is "almost identical" to the vulnerability it spotted in August. Like that flaw, the new problem is in how IE handles long URLs when users visit sites that have applied both compression and the HTTP 1.1 protocol.

Although Microsoft didn't use the term, the just-fixed vulnerability was a "regression," a bug not present earlier but introduced by an error in the patch.

"This update cycle has not been an example of our best work," admitted Tony Chor, group program manager for Internet Explorer, in an entry on the team's blog.

  • 1