Recent Posts


Email Notifications

Personal Links


Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

MS06-042 Re-release postponed to ensure Quality

CERT has issued an advisory and Microsoft has updated their advisory regarding long URL strings that can a buffer overflow condition.  The August 22nd release was postponed, so that QA issues could be fully resolved.

CERT - Microsoft Internet Explorer long URL buffer overflow

QUOTE: Microsoft Internet Explorer 6 Service Pack 1 on Windows 2000 and Windows XP SP1 contains a vulnerability when viewing a web site using the HTTP 1.1 protocol. If the web site uses HTTP 1.1 compression and contains an overly long URL, a buffer overflow can occur. Note that this vulnerability was introduced with the first release of the MS06-042 updates on August 8, 2006.

MS06-042 Re-release postponed to ensure Quality

QUOTE: On August 15, 2006 Microsoft announced that it would be re-releasing MS06-042 Tuesday, August 22, 2006 to address an issue affecting Internet Explorer 6 Service Pack 1 customers discussed in Microsoft Knowledge Base Article 923762. Due to an issue discovered in final testing, Microsoft will not be re-releasing MS06-042 today. This update will be re-released for Internet Explorer 6 Service Pack 1 when it meets an appropriate level of quality for broad distribution.

Additional Links:

Microsoft Security Advisory (923762)



Security Focus