Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Microsoft Zaps eEye from IE Flaw Credits

    By
    Ryan Naraine
    -
    August 24, 2006
    Share
    Facebook
    Twitter
    Linkedin

      Microsoft on Aug. 24 re-released its MS06-042 bulletin to provide patches for a code execution Internet Explorer flaw that was introduced by the original fix.

      The reissued browser patch, which is effectively an out-of-band update, brings an end to an embarrassment episode that included a verbal spat between Redmond, Wash., software maker and a private security research firm.

      Microsoft originally described the problem as a browser crash but was later forced to acknowledge the critical security risk after eEye Digital Security issued a public warning that the crash was remotely exploitable.

      /zimages/2/28571.gifRead more here about the vulnerability introduced by Microsofts IE browser patch.

      In the updated bulletin, Microsoft removed eEyes name from the list of companies credited with reporting the flaw.

      “Unfortunately, eEye Digital Security chose to make the exploitability of the already public crashing issue widely available despite our concerns that this would put customers at risk,” a Microsoft spokesperson said.

      “Therefore as per our acknowledgement policies, they are not credited in the bulletin as working with Microsoft responsibly to protect our customers,” he added.

      The re-release was scheduled for Aug. 22 but was delayed for a few days because of problems with Microsofts patch delivery technology.

      A source told eWEEK said the problems centered around the way Microsofts proprietary SMS (Systems Management Server) handled cabinet (.cab) files.

      Mike Reavey, operations manager of the MSRC (Microsoft Security Response Center), defended the companys decision to delay the patch, arguing that a lot of customers affected by the bug would have had problems downloading the fix.

      “A large number of our customers running Internet Explorer 6.0 SP1 are running it on Windows 2000, as that is the most current version of Internet Explorer for that platform. Those customers rely heavily on deployment tools such as the Microsoft Baseline Security Analyzer (MBSA) and the Inventory Tool for Microsoft Updates (ITMU). The problem we discovered late in testing was related to a background technology used by those deployment technologies,” Reavey said.

      /zimages/2/28571.gifClick here to read more about why Microsoft delayed the IE patch.

      Because of the internal distribution problem, he said, a “significant portion of customers would have been unable to deploy the update” if it was rolled out on Aug. 22.

      “This is very important. Because while some customers still using Internet Explorer 6.0 SP1 do utilize other detection and deployment technologies, a large portion still rely on the deployment technologies like MBSA and the ITMU due to their support of older products and infrastructures,” Reavey said.

      MBSA (Microsoft Baseline Security Analyzer) and ITMU (Inventory Tool for Microsoft Updates) are used by IT professionals to help determine the security state and update compliance of managed systems.

      “Because this directly affects the ability of those customers most affected by the re-release to protect themselves, we delayed the release to successfully address this issue so that all customers could protect themselves fully. We simply cannot leave those customers behind on a security release. We feel it this was the right call to make, and it was not an easy one,” he added.

      /zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Avatar
      Ryan Naraine

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×