|
ALARM Group ALERT - click for a description of ALARM, The Computing Alert System
Alert Number: 082406-01
Alert Date: 8/24/06
Alert Title: Microsoft re-releases security update MS06-042
Update-to:
081706-01 "Microsoft updates multiple security bulletins"
080806-01 "Microsoft releases security bulletin for August"
OS/Platform/Application:
Microsoft Internet Explorer 6.0 Service Pack 1, when used with:
Microsoft Windows XP (Professional and Home Editions)
Microsoft Windows 2000 (Professional Edition, Service Pack 4, and Advanced Server)
Attention: Windows System Administrators, Desktop Support Personnel |
Summary: On August 24 2006 Microsoft re-released Security Bulletin MS06-042. Performance and stability issues were detected on some computers following the initial release of MS06-042 on August 8 2006; these issues led Microsoft to issue knowledge base article (KB923762) on August 15 2006. KB923762 offered acknowledgement of the issues and list of symptoms, a temporary hotfix for affected users, and a statement indicating that an update for the Bulletin (to include a definitive fix) would be offered on August 22 2006. The re-release date was pushed back from August 22 when it was discovered that the revised bulletin was not performing to the expectations of the vendor.
In the time period between August 17 and 22 2006 several Internet security agencies reported that the application of MS06-042 opened up a new security vulnerability.
The revised update (offered on August 24 2006) is reported to fix associated stability and security issues.
Recommended Actions: Windows System Administrators and other Personnel that support XP and 2000 systems running Microsoft Internet Explorer 6 Service Pack 1 are encouraged to apply the updated security bulletin MS06-042 as soon as possible.
ITS Actions: ITS Systems Management and Operations Staff will apply the re-release to the appropriate ITS servers as part of the next scheduled system update.
RESOURCES:
Security Bulletin MS06-042:
http://www.microsoft.com/technet/security/Bulletin/MS06-042.mspx
Microsoft Security Center blog entry on re-release:
http://blogs.technet.com/msrc/archive/2006/08/24/449860.aspx
SANS diary entry on re-release:
http://isc.sans.org/diary.php?storyid=1634
Microsoft Security Advisory 923762 (details of release delay and vulnerability issues):
http://www.microsoft.com/technet/security/advisory/923762.mspx
Eeye Alert AL20060822 (details exploitable nature of original MS06-042 bulletin):
http://research.eeye.com/html/alerts/AL20060822.html
Network World articles on delayed re-release and new vulnerability:
http://www.networkworld.com/nlvirusbug44824
http://www.networkworld.com/nlvirusbug44825
