Microsoft Delays MS06-042 Repatch

Microsoft MS06-042 update has generated increasing headaches since its implementation, although it was designed to address and fix cumulative Internet Explorer vulnerabilities. Security research firm eEYE Digital Security warned the Redmond Company that the installed patches causes the browser to crash when the user attempted to navigate Websites using the HTTP 1.1 protocol and compression.

In addition, Secunia has reported that the vulnerability introduced by patch MS06-042 not only causes a buffer overflow via an extensively long URL, but also opens the machine to remote code execution. Although Microsoft has announced on August 15 that it would re-release MS06-042 on August 22, 2006, this will apparently not be the case as yet. The Redmond Company has confirmed that a problem identified in the final stage of the re-patch testing will postpone the release of the update until it meets quality standards that will recommend it for broad distribution.

"Microsoft is also aware of public reports that this issue can lead to a buffer overrun condition for Internet Explorer 6 Service Pack 1 customers that have applied MS06-042. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time. Microsoft is aggressively investigating the public reports. Only customers using Internet Explorer 6.0 SP1 are affected, all other customers should continue their deployments of MS06-042. Customers using Internet Explorer 6.0 SP 1 should continue their deployment of MS06-042 and follow the existing guidance provided in Knowledge Base article 923762 and the Suggested Actions section of this Security Advisory," stated the company.