IE 6.0 SP1 Security Vulnerability Update

Tony Chor, IE Group Program Manager has announced on the IEBlog the general availability of the final version of the MS06-042 update. While the re-release of the security update was initially announced for 22 August, 2006, the testing team had identified some last minute issues that would have prevented the update deployment and consequently the patch was postponed.

"As I mentioned Tuesday, the original release of MS06-042 introduced a new security vulnerability for IE 6.0 SP1 users. This re-release fixes that vulnerability. We recommend all IE 6.0 SP1 customers install the update immediately. Users running Windows XP SP2, Server 2003 SP1, IE 5.01 on Windows 2000, or any of the IE7 betas, The IE7 Release Candidate 1, or Windows Vista are not affected and do not need to take action," wrote Chor.

Chor revealed that the re-released security bulletin for IE 6.0 SP1 has been made available for download from Windows Update, Automatic Update, Download Center and WSUS.

"After the initial release of MS06-042, we were responsibly informed of a potentially exploitable security vulnerability via a crash in urlmon.dll; we also started receiving reports of customers running into the crash during normal usage," stated Chor.