14 DAY TRIAL // Microsoft has patched a patch released for Internet Explorer. It might not sound good, but it's true. And it all began with the Redmond company's monthly patch cycle. On December 11th, 2007, Microsoft made available Security Bulletin MS07-069 Cumulative Security Update for Internet Explorer (942615). As it is a tradition with offering and implementing security updates into Internet Explorer, the company releases a complete set of patches for all the supported versions of the browser, every month. Each security bulleting not only plugs the latest security holes, but also deals with previous vulnerabilities.
The MS07-069 security bulletin "resolves four privately reported vulnerabilities. The most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights", Microsoft revealed. "The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles access to freed memory."
With the exception of scenarios involving IE6 and IE7 running on Windows Server 2003, in which case the security update is considered only Moderate, the vulnerabilities in the IE versions running on the remaining Windows clients, including Windows Vista, have all been labeled with a maximum severity rating of Critical, as they allow remote code execution.
However, at the same time, MS07-069 produced some unwanted behavior out of IE6 on XP PS2. "On Tuesday we released Knowledge Base article KB946627, which highlighted a known issue with Internet Explorer 6 on Windows XP Service Pack 2 after applying MS07-069 Cumulative Security Update for Internet Explorer (942615). The article documented a workaround, which required a registry setting change. Since then, the Internet Explorer team has been working to release an automated workaround application of the registry setting discussed in KB946627", revealed Kieron Shorrock, MSRC Program Manager responsible for Internet Explorer.
But, of course that making a workaround available was by all means not sufficient to address the issue. In this context, the Redmond company has been working to make available an automated resolve. At this point in time, a patch for the initial IE patch can be grabbed by users that run IE6 on Windows XP SP2, and that have experienced functionality issues, after the install of MS07-069. Users can either go to 946627 or run Windows Update, in order to deploy the patch.
"We have updated Knowledge Base article KB946627 so that it points to the automated workaround. It has also been made available via Windows Update and Automatic Update for all Internet Explorer 6 customers on Windows XP Service Pack 2", Shorrock added.