Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Microsoft Zaps eEye from IE Flaw Credits

    By
    Ryan Naraine
    -
    August 24, 2006
    Share
    Facebook
    Twitter
    Linkedin

      Microsoft on Aug. 24 re-released its MS06-042 bulletin to provide patches for a code execution Internet Explorer flaw that was introduced by the original fix.

      The reissued browser patch, which is effectively an out-of-band update, brings an end to an embarrassment episode that included a verbal spat between Redmond, Wash., software maker and a private security research firm.

      Microsoft originally described the problem as a browser crash but was later forced to acknowledge the critical security risk after eEye Digital Security issued a public warning that the crash was remotely exploitable.

      /zimages/2/28571.gifRead more here about the vulnerability introduced by Microsofts IE browser patch.

      In the updated bulletin, Microsoft removed eEyes name from the list of companies credited with reporting the flaw.

      “Unfortunately, eEye Digital Security chose to make the exploitability of the already public crashing issue widely available despite our concerns that this would put customers at risk,” a Microsoft spokesperson said.

      “Therefore as per our acknowledgement policies, they are not credited in the bulletin as working with Microsoft responsibly to protect our customers,” he added.

      The re-release was scheduled for Aug. 22 but was delayed for a few days because of problems with Microsofts patch delivery technology.

      A source told eWEEK said the problems centered around the way Microsofts proprietary SMS (Systems Management Server) handled cabinet (.cab) files.

      Mike Reavey, operations manager of the MSRC (Microsoft Security Response Center), defended the companys decision to delay the patch, arguing that a lot of customers affected by the bug would have had problems downloading the fix.

      “A large number of our customers running Internet Explorer 6.0 SP1 are running it on Windows 2000, as that is the most current version of Internet Explorer for that platform. Those customers rely heavily on deployment tools such as the Microsoft Baseline Security Analyzer (MBSA) and the Inventory Tool for Microsoft Updates (ITMU). The problem we discovered late in testing was related to a background technology used by those deployment technologies,” Reavey said.

      /zimages/2/28571.gifClick here to read more about why Microsoft delayed the IE patch.

      Because of the internal distribution problem, he said, a “significant portion of customers would have been unable to deploy the update” if it was rolled out on Aug. 22.

      “This is very important. Because while some customers still using Internet Explorer 6.0 SP1 do utilize other detection and deployment technologies, a large portion still rely on the deployment technologies like MBSA and the ITMU due to their support of older products and infrastructures,” Reavey said.

      MBSA (Microsoft Baseline Security Analyzer) and ITMU (Inventory Tool for Microsoft Updates) are used by IT professionals to help determine the security state and update compliance of managed systems.

      “Because this directly affects the ability of those customers most affected by the re-release to protect themselves, we delayed the release to successfully address this issue so that all customers could protect themselves fully. We simply cannot leave those customers behind on a security release. We feel it this was the right call to make, and it was not an easy one,” he added.

      /zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Ryan Naraine

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×