Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

MS06-042 Re-release postponed to ensure Quality

CERT has issued an advisory and Microsoft has updated their advisory regarding long URL strings that can a buffer overflow condition.  The August 22nd release was postponed, so that QA issues could be fully resolved.

CERT - Microsoft Internet Explorer long URL buffer overflow
http://www.kb.cert.org/vuls/id/821156

QUOTE: Microsoft Internet Explorer 6 Service Pack 1 on Windows 2000 and Windows XP SP1 contains a vulnerability when viewing a web site using the HTTP 1.1 protocol. If the web site uses HTTP 1.1 compression and contains an overly long URL, a buffer overflow can occur. Note that this vulnerability was introduced with the first release of the MS06-042 updates on August 8, 2006.

MS06-042 Re-release postponed to ensure Quality
http://blogs.technet.com/msrc/archive/2006/08/22/448689.aspx

QUOTE: On August 15, 2006 Microsoft announced that it would be re-releasing MS06-042 Tuesday, August 22, 2006 to address an issue affecting Internet Explorer 6 Service Pack 1 customers discussed in Microsoft Knowledge Base Article 923762. Due to an issue discovered in final testing, Microsoft will not be re-releasing MS06-042 today. This update will be re-released for Internet Explorer 6 Service Pack 1 when it meets an appropriate level of quality for broad distribution.

Additional Links:

Microsoft Security Advisory (923762)
http://www.microsoft.com/technet/security/advisory/923762.mspx

Secunia
http://secunia.com/advisories/21557/

FrSIRT
http://www.frsirt.com/english/advisories/2006/3356

Security Focus
http://www.securityfocus.com/news/11408