Cumulative update for Internet Explorer released (MS06-042, KB918899)

Information here:
http://support.microsoft.com/?kbid=918899
http://www.microsoft.com/technet/security/bulletin/ms06-042.mspx

I note that Siebel will finally be releasing an update to address the changes forced to activex by the EOLAS suit during Spring of 2006 (NH spring, not SH)

 

 

 

Published Tue, Aug 8 2006 23:26 by sandi
Filed under: , ,

Comments

# re: Cumulative update for Internet Explorer released (MS06-042, KB918899)

Wednesday, August 09, 2006 7:54 AM by Dave
And of course, MS06-042 breaks HTML Help just like MS05-026 did by preventing access to help files outside the local computer unless you make a registry change. This just keeps continuing. As they're discontinuing WinHelp, with HTML Help never really being completed and all these patches breaking it anyway, Microsoft currently has no Help system in-place and won't for some time to come.

# re: Cumulative update for Internet Explorer released (MS06-042, KB918899)

Thursday, August 10, 2006 2:40 PM by Maico

I discovered that my internet explorer crashes very often since I installed KB918899 on my XP professional SP1 system and I had to uninstall it, but now I am more vulnerable because this is a critical patch.

I also tested it out on a virtual pc machine and the bug appeared there also so I am 100%sure it is a problem with KB918899 for SP1 systems.

Anyone here who has had the same experience ? I can't find anything on google since the patch is only a few days old but I'm sure more people will get into trouble with this patch.

Microsoft why don't you test you patches better before releasing them !!!

example of when IE crashes : when I type "BHO remove" in google and click on the first result

Sandi says: Can you please be more specific?  What version of IE are you running, and exactly what is the error message? There should be a link in the crash window that gives you specifics of the files (modules) involved.

# re: Cumulative update for Internet Explorer released (MS06-042, KB918899)

Friday, August 11, 2006 3:18 AM by Thomas L
Actually, this is on SP2 systems as well. And peoplesoft users seem to have the same problems.
IE Version: 6.0.2900.2180.xpsp.050622-1524.
Removing KB918899 makes this problem disappear.
Ref on peoplesoft:
http://marc.theaimsgroup.com/?l=patchmanagement&m=115526551122303&w=2

# re: Cumulative update for Internet Explorer released (MS06-042, KB918899)

Friday, August 11, 2006 6:50 PM by sandi
There are reports in the patch management mailing list of MS06-042 causing crashes when PeopleSoft is installed.  One noted crash involves 0xC0000005 in NTDLL.DLL

The fix for those using PeopleSoft, from the windows.update newsgroup, is:

In PIA, navigate to "PeopleTools -> Web Profile -> Web Profile Configurations". Search for your webprofile. In the "General" tab, uncheck the following:

Compress Responses = unchecked

Compress Response References = unchecked

Compress Query = unchecked [If you have PT8.44, please ignore since Compress Query does exist in PT8.44]

Save your webprofile changes and you must bounce your PIA.

On a surface level, this kind of makes sense given that two of the defect fixes were related to cross domain problems when compression was involved.

Another suggested fix is to disable "Use HTTP 1.1" via IE Tools, Internet Options, Advanced Tab - there is a hotfix available if this fixes your problem:
http://support.microsoft.com/kb/923762/en-us


Final suggested fix, again from the patch management mailing list, is to uninstall MS06-042, edit the registry to ensure the following key exists, then reinstall MS02-042, then reboot:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer]
"QFEInstalled"=dword:00000001

# re: Cumulative update for Internet Explorer released (MS06-042, KB918899)

Sunday, August 13, 2006 2:28 PM by jmd
on Windows 2000 Pro (SP4) with IE6 SP1 crashes too... can be fixed (temporally i think until MS releases a patch to fix this...) unchecking the HTTP 1.1 in the IE settings...

best regards.
jmd-

# re: Cumulative update for Internet Explorer released (MS06-042, KB918899)

Monday, August 14, 2006 8:31 AM by Thomas L
@sandi

None of the workarounds you posted fixed my problem.
"Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2963, fault address 0x0006d031."

# re: Cumulative update for Internet Explorer released (MS06-042, KB918899)

Monday, August 14, 2006 2:27 PM by ManniT
I experienced the sam problem after that KB918899-Update. Very often crashed my IE. So I thought it could only be that update. I decided to uninstall, and since my that problem vanished. The lack of security I can not judge!

# re: Cumulative update for Internet Explorer released (MS06-042, KB918899)

Monday, August 14, 2006 7:19 PM by sandi
http://msmvps.com/blogs/spywaresucks/archive/2006/08/12/107385.aspx

# re: Cumulative update for Internet Explorer released (MS06-042, KB918899)

Thursday, August 17, 2006 11:45 AM by kevin

My 2001 computer has Windows XP. IE crashed for good, because of KB918899 or viral attack?

Sandi says:  Its difficult to say without precise information about the crash; symptoms, error messages etc.

# re: Cumulative update for Internet Explorer released (MS06-042, KB918899)

Tuesday, October 03, 2006 1:19 PM by Jay
KB918899 still crashes my system. If I remove it, but leave all other updates the system works fine. I have resolved it to a line of code that in javascript. As long as I do not call document.createStyleSheet the test web app works fine. I have a very small web app that can recreate this without any toruble