Read up on the latest ideas and technologies from companies that sell hardware, software and services. Why Security SaaS Makes Sense Today
CRM your salespeople will love
Mimosa™ NearPoint™ for Microsoft® Exchange Server: Email Archiving 101
Taking On Demand CRM Integration to the Next Level
Wireless LANs: Is my enterprise at risk?
Delivering the Power of Choice with Microsoft Dynamics CRM
Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
Solve Exchange Storage Problems Once and For All: A New Approach without Stubs or Links
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
Two days later than expected, Microsoft has re-issued a critical security update for its Internet Explorer (IE) browser.
The re-issued patch is important because it "fully resolves" a serious security bug Microsoft introduced with the original update, released August 8.
Microsoft acknowledged that there were problems with its update soon after it was issued. Web sites that used HTTP (HyperText Transfer Protocol) 1.1 compression to speed up the downloading of images could cause the browser to fail and users of Web-based applications such as PeopleSoft, Siebel, and Sage CRM had problems with the software.
The issue does not affect users of Microsoft's latest Service Pack 2 version of Windows XP, but users of Internet Explorer 6 Service Pack 1 on Windows 2000 Service Pack 4 and Windows XP Service Pack 1 are affected, Microsoft said.
Last week, Microsoft released a "hotfix" download that addressed these problems, but the software vendor also decided to take the unusual step of announcing it would re-release the entire update (called MS06-042). This would ensure that subscribers to Microsoft's automatic update services would automatically receive the fixed patch.
That update was slated to have been released this Tuesday, but it was ultimately delayed because of an "issue discovered in final testing," Microsoft said.
Just as Microsoft was announcing this delay, security researchers at eEye Digital Security disclosed the security issue, saying that Microsoft's Aug. 8 update had actually created a new IE bug that attackers could exploit to run unauthorized software on a PC.
Though no attacks exploiting this bug have been reported, eEye believes that the issue is critical.
"The bad guys basically know about this and know that it's an exploitable scenario," eEye's chief hacking officer Marc Maiffret said Tuesday.
Microsoft has published a security advisory on this issue, which can be found at http://www.microsoft.com/technet/security/advisory/923762.mspx .
While Microsoft introducing bugs in its security updates is not uncommon, it is unusual for the company to give guidance on when it plans to fix these bugs, said Russ Cooper, senior information security analyst for Cybertrust.
It is also unusual for security firms like eEye to then investigate these bugs for security problems and disclose their existence before Microsoft has patched the problem, he added. "They should have reported ... this issue to Microsoft first, and only," he said. "And then waited for Microsoft to release a fix."
Details on the newly re-released MS06-042 security update can be found at http://www.microsoft.com/technet/security/Bulletin/MS06-042.mspx.
Computerworld Member Login
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Seagate Barracuda ES.2 Hard Drive With SAS-Interface Tops New Storage Performance Council (SPC) Component Benchmarks 2008-10-16 13:15:00+10
Bento 2 by FileMaker Now Available 2008-10-16 12:21:00+10
Progress Software Selected for ACORD Standards Framework 2008-10-16 09:45:00+10
Tandberg Data lifts RDX® QuikStor™ capacity to 500GB and offers continuous data protection 2008-10-16 09:23:00+10
Kroll Ontrack Offers More Complete Data Recovery Solution with SSD And Flash Capabilities 2008-10-16 09:00:00+10
Understanding Email Marketing: A Guide for SMBs
Email marketing is often viewed as a marketers silver bullet. If used effectively, email campaigns will provide strong results for a limited spend each and every time. Download this white paper to discover how email marketing can work for you and your business.
