backtop


Print 44 comment(s) - last by Blight AC.. on Dec 28 at 3:57 PM

Microsoft is having some trouble with its new patch

It looks like Microsoft's Internet Explorer just hit a small patch of trouble in its battle with the Mozilla Foundation's Firefox browser.

Users begin reporting crashes soon after the Redmond, Washington-based company issued a Microsoft Security Bulletin patch, MS07-069, which was designed to fix four privately reported back-doors that could allow remote code execution upon visiting a site which contained malicious code.  Microsoft soon narrowed the crashes to the patch and specifically to users of Internet Explorer 6 and Windows XP Service Pack 2. 

The latest version of the Internet Explorer browser is IE7, so IE6 is an outdated version, but is still common on many computers.

The bug causes IE6 to freeze when it tries to load a webpage.  Microsoft says the bug is caused "as a result of customization" and is not widespread.  What exactly "customization" entails is not detailed by Microsoft, but it appears to suggest that while IE6/SP2 users may be affected, only a specific subset of this group will likely experience crashes.

Microsoft has added information on the problem to its Knowledge Database and issued a suggestion that affected users make edits to their registry as detailed in a separate post.  Microsoft says the registry edits will fix the Internet Explorer bugs.

Some users are suggesting that Microsoft should just issue a new patch to fix the problem instead of recommending registry edits that may stump inexperienced users.  One blogger, Paul Shannon writes, "With hundreds of users here running XP SP2 with IE6, how can Microsoft be serious that the solution is to edit each registry?  Is this some sort of joke? It would be easier to have each user install Mozilla Firefox and stop using IE completely."

Microsoft has had its struggles with browser bugs, but so has its rival Mozilla.  Both giants are trying to avoid these kinds of slips as the next generation browser war approaches, with Microsoft preparing to release its eighth iteration of Internet Explorer and Mozilla gearing up for the release of Firefox 3.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

I wonder
By michal1980 on 12/20/2007 1:59:23 PM , Rating: 3
if Paul Shannon, also recommends linux ever.

He ever stop to think that a patch might be in the works, but in the meantime you can do a reg-edit to fix the problem?

or just upgrade to ie7 and not have the bug?




RE: I wonder
By FITCamaro on 12/20/2007 2:09:57 PM , Rating: 3
Other than for corporate users who don't have a choice, anyone who hasn't upgraded to IE7 on XP in my mind is an idiot. IE7 is worlds better and more secure.


RE: I wonder
By thebrown13 on 12/20/2007 2:41:50 PM , Rating: 2
Same, IE6 blows hard.


RE: I wonder
By JS on 12/20/2007 6:46:34 PM , Rating: 5
quote:
Same, IE6 blows hard.


Exactly, and that is why I'm not upgrading. As a web developer you need to be able to test on IE6, because it renders so suckily. IE7 is not that important in this respect, because if it renders ok in FF and IE6 you're almost certainly going to get a good result in IE7.

And for personal browsing I definitely prefer Firefox over IE7.


RE: I wonder
By Blight AC on 12/21/2007 9:33:25 AM , Rating: 3
Yeah, and if you don't use web based applications that break in IE7 your fine. However, there are a few web based applications that my company uses that just do not work in IE7 unfortunately, and the companies that developed it just tell us too bad.


RE: I wonder
By retrospooty on 12/20/2007 2:45:49 PM , Rating: 4
Some of us use firefox and opera and therefore have no need to update IE6.


RE: I wonder
By Spuke on 12/20/2007 3:21:19 PM , Rating: 2
You're not just patching the browser, you're also patching the OS. IE and the OS are intertwined. I would recommend patching IE even if you don't use it.


RE: I wonder
By mindless1 on 12/21/2007 6:23:13 AM , Rating: 2
By the same token, applying a patch for an app you don't use that could potentially interfere with what is otherwise a properly working OS, could also be a bad idea.

I don't get it, how is everyone having such problems with IE6, I mean NOW saying they switched because IE7 is better, when I distinctly recall the majority back in the day saying they had no trouble with IE6 that any problems must be (some other) user fault, besides some rendering glitches.

It seems suspiciously like everyone is just gung-ho new version pimping. I don't mean IE in particular, it applies to many apps. Doesn't everyone get tired of trying to play know-it-all and urge others to change doing what they are content with? I mean, doesn't it dawn on some of you that a person who runs IE6 would be actively seeking to switch to IE7 if their use of IE6 was causing THEM problems?

Same with most software actually, it's as though every third geek out there completely forgets that so long as a user is using version X of (Photoshop or whatever), that it meets their needs, they don't care if you think they should change to version Y or Z. I suppose it's a bit more excusable with IE since it's free, but it doesn't change the basic idea that people really don't need to be told what you think they should run, they'll ASK you if they want to know (this comment not directed whoely at any one person, I was just reminded of the persistence of this mindset again now).


RE: I wonder
By afkrotch on 12/20/07, Rating: 0
RE: I wonder
By retrospooty on 12/20/2007 3:42:08 PM , Rating: 1
Thank you very much. I guess I sit here as a moron, behind my firewall, having never been hacked, exploited or even so much as a virus. How stupid I must feel right now. /rolls eyes.

You can remain as paranoid as you like, leave me out of it.


RE: I wonder
By xti on 12/20/2007 3:49:32 PM , Rating: 2
I feel even safer without a firewall cuz:

im not that important to be hacked.
i visit the same 3 sites all day long by choice.

/shrug


RE: I wonder
By TomZ on 12/20/2007 5:06:39 PM , Rating: 1
Sorry, but you're not very smart then. You need to realize that any time you are connected to the Internet, there is probably someone scanning ports on your IP address to try to hack into your machine. Going on the Internet without protection of a firewall is taking unnecessary risks.

But enjoy your false sense of security...


RE: I wonder
By xti on 12/20/07, Rating: 0
RE: I wonder
By TSS on 12/20/07, Rating: 0
RE: I wonder
By TomZ on 12/20/2007 9:11:42 PM , Rating: 3
Somehow I don't think you guys understand the purpose of a firewall. Nevermind.


RE: I wonder
By wordsworm on 12/20/2007 9:24:51 PM , Rating: 2
He probably leaves the door to his house unlocked when he goes out. Some country folk are like that. Then they're surprised when someone walks in and takes everything.


RE: I wonder
By omnicronx on 12/21/2007 10:15:30 AM , Rating: 3
quote:
He probably leaves the door to his house unlocked when he goes out. Some country folk are like that. Then they're surprised when someone walks in and takes everything.

Because robbers go door to door checking to see who left theirs unlocked! If someone wants in your house, they will get in. Most Robberies are not at random ;)

On the note of viruses/spyware, not all viruses/spyware have weird looking processes or cause your cpu to spike. There are many that edit or put themselves on top of existing processes to mask themselves from you. For all you know you could have a virus on your computer right now, sitting and waiting for the owner to activate it and use your computer as part of a botnet.. happens everyday ;)


RE: I wonder
By cheetah2k on 12/24/2007 3:01:33 AM , Rating: 2
The 3 bears left the door unlocked, and look what little red riding hood did to their pad.

Pays to firewall. I dont want nobody eating my porridge


RE: I wonder
By Justin Case on 12/26/2007 11:58:46 AM , Rating: 2
You really need to brush up on your hacker history. It was Goldilocks.

PS. - Regarding firewalls, any closed-source product made in the last 5 years, especially in the US, is extremely liklely to have backdoors.


RE: I wonder
By HeelyJoe on 12/20/2007 7:35:14 PM , Rating: 4
Do you ever wonder where most of the computers in bot nets come from?

Unsecured computers make easy targets, and it doesn't just effect you.


RE: I wonder
By mindless1 on 12/21/2007 7:02:57 AM , Rating: 4
Remember that they don't necessarily know if you're important enough to be hacked, until they've hacked you in order to find out if there was anything of interest.

What might they be interested in?

1) General chaos, mischief, curiosity, etc.
2) Hiding illegal files.
3) Downloading illegal files (child pron, MP3, etc).
4) Turning the box into a spam server.
5) Ripping your credit card, bank info, etc.
6) Gaining info to potentially blackmail you.
7) Turning system into a bot for DDOS or other use.
8) Turn system into a bot just to increase the bot army size, so that it has good rental value.

You don't have to be "that important" to be useful to somebody.


RE: I wonder
By JonnyDough on 12/21/2007 5:41:46 PM , Rating: 1
Never had a virus? I doubt it. 2-3 years of browsing, a bit of free porn...you're going to catch something. Especially if you have a girlfriend! I know mine likes to open forwards from her friends. My girlfriend isn't allowed anywhere NEAR my gaming machine. She gets the old P4 (sock478) that she was dumb enough to buy years ago in college.

Not to mention, virus software robs you of speed almost as much as some viruses and you pay as much for it as you would to be on XBox live for a year. Screw that. It takes 2 hours to reinstall windows on an old system. I'll take the $25 an hour over the $50 a year spent on anti-virus that slows down my computer.


RE: I wonder
By mindless1 on 12/21/2007 6:44:41 AM , Rating: 2
Actually, there isn't much someone can make use of if it's not even running, because there had to be another entry point for the malicious code. Whatever that point is, if the code is on the box through something running already, that would have to run it to exploit anything more but at that point it's game-over already, no need to exploit part of the IE engine anymore.

Care to give an example of a plausible infection on a system where someone isn't using their unpatched version of IE6 but otherwise practices safe computing (so we could reaonably attribute the root problem to an unpatched IE6)? I know you must have one, to be calling people morons, right? Note this isn't a challenge for just anyone to find an example, rather afkrotch made the statement and now should have at least one plausible example to justify it.


RE: I wonder
By The Jedi on 12/20/2007 2:56:53 PM , Rating: 1
The IE7 interface sucks IMNSHO. They take the buttons away from the place people have been clicking for like 10 years, and stick them in unintuitive places. Microsoft forces it on you with no ability to customize the UI to make it look like IE6.

I'm adapting mind you, because I believe IE7 is a more professionally designed application compared to Firefox, so I'm really sticking with "Internet Explorer". I can't get over how cutting and pasting, or editing a URL on the Firefox address bar is not the same. It's like it's not properly designed. It doesn't behave like I expect.

Although I have both browsers (heading off the flamers), and I occassionally switch between the two, surely there is a large amount of similar resistance to moving from IE6. I think I still have it on a machine or two.


RE: I wonder
By Zelvek on 12/20/2007 3:29:23 PM , Rating: 2
How in the fire fox address bar different?


RE: I wonder
By overzealot on 12/23/2007 11:09:24 AM , Rating: 2
I think he's talking about how firefox allows you to select portions of the URL bar instead of the whole lot.
Although, if you're only single clicking there's no difference so I'm perplexed.


RE: I wonder
By theapparition on 12/20/2007 3:43:06 PM , Rating: 2
In the view settings, you can turn on the old menu's back on. Don't know exactly what buttons moved that's really affecting you. Is it the back/forward home refresh buttons that moved to the top annoying?


Boy did I feel this one!
By Cr0nJ0b on 12/20/2007 3:33:37 PM , Rating: 2
I'm one of those corporate customers that is on IE6 and can't change. I've tried to go to ie7, but it broke some of my apps and IT forced me to go back...so yesterday...IT forces this patch on my system...reboot and all...and now my browser is hosed up. It not an infrequent thing either....I'm estimating that 1 in 10 sites will crash my browser. I hope the reg edit fixes this, but I'm more concerned with the effect of the patch on my business apps. You would think that IT would have tested this before sending it out...

Oh well, Merry christmas. It's only the end of our year...no big deal.




RE: Boy did I feel this one!
By kilkennycat on 12/20/2007 10:48:27 PM , Rating: 2
The patch works and is deep in the registry keys unique to IE6. Not likely to affect any apps other than IE6. Still no excuse for the MS release error. MS must not have done any QC. For me, IE6 crashed in 'urlmon' immediately after installing the faulty security patch.


RE: Boy did I feel this one!
By fictisiousname on 12/21/2007 8:51:28 AM , Rating: 2
Patch to fix the patch that fixes the...

http://www.microsoft.com/downloads/details.aspx?Fa...

Merry Christmas


RE: Boy did I feel this one!
By Blight AC on 12/21/2007 9:37:59 AM , Rating: 2
Yeah, it's now an executable instead of a registry edit.


RE: Boy did I feel this one!
By jonodsparks on 12/21/2007 10:17:17 AM , Rating: 2
Hey! Cut your IT team some slack. I work in back office IT and the patch was a frakkin' nightmare to support. We are forced to keep IE6 due to Oracle apps (developed by our applications team) not running on IE7. You blame internal IT...maybe you should look at the restrictions on your IT team as they try to support several thousand users(size of the company I work for), dozens of servers, and still have people expecting personalized treatment, like they are the only ones with a problem.

Try walking is our shoes for a little while...you perspective might change.


RE: Boy did I feel this one!
By Cr0nJ0b on 12/21/2007 10:53:56 AM , Rating: 2
Believe me, I feel for for our IT guys. They are on the front lines of a very difficult battle. My issue is more with the restrictions that you are talking about and the cost saving choices that executives make. We use oracle apps as well (another poor choice IMHO)...we outsourced most of our IT staff to India, app dev has been put on a back burner...all these things make the life of the common IT guys much harder than it needs to be. Sure we are saving cost, but how much additional inefficiency are we injecting into the business? I mean, it's been what...a week...and I'm guessing that 15,000 users are seeing browser crashes all day long and wondering why. That is just dumb. They could at least send out a message to the field...


RE: Boy did I feel this one!
By thenewopsguy on 12/24/2007 12:30:43 AM , Rating: 2
You know, I work in the Back Office of IT as well. Not having this particular issue resolved on all systems by now is really...shocking.

Let's take the registry edits. Create a .reg file from the registry edits given by Microsoft. Convert the .reg file to an .adm file. Import the .adm file into a Group Policy. Now, I realize there will be a replication delay between all of your domain controllers. However, if you add the time it takes for replication between the domain controllers and the time it takes for clients to process the background refreshes of group policy, well, on a network with only 2 DCs, at the most you are looking at 130 minutes for the problem to be resolved. 10 Minutes max for the two DCs in the same site to replicate, and then 90 minutes plus up to a 30 minute offset for the processing of group policy. 130 Minutes.

Ok, now we have an executable. You could write a computer startup script that is delivered through Group Policy. Again, you have 130 minutes for the replication to occur, and then you could tell your users to simply reboot their systems and they would install the executable.

Now, obviously rebooting isn't going to work for everyone. If you have some users who 'just have to have this fixed RIGHT NOW' and can't be bothered to reboot, there is always psexec. It's a free MS tool that let's you run executables on other systems on your network.

If you have an enterprise management system in place like SMS, you can create a package and have it execute on the client systems. By default, SMS clients check in every hour as well.

My .02 cents anyway.


Am I the only one that doesn't agree with this?
By ThePooBurner on 12/21/2007 2:01:34 AM , Rating: 2
quote:
Microsoft has had its struggles with browser bugs, but so has its rival Mozilla.

This seems a bit off base. How can you compare beta triage of a new version with the horrible bugs of a released version? And buggy patches ment to fix the holes? Sure, there might be a lot of bugs in FF, but no one really notices them in daily life. Bugs like the one mentioned here for IE aren't even comparable. It just seems like kind of a cheap shot at FF.




RE: Am I the only one that doesn't agree with this?
By Stark1 on 12/21/2007 2:39:30 AM , Rating: 2
I just wish web sites would follow the established net standards and not Microsofts just because they are the dominant browser. What good are standards if you are not going to follow them.


RE: Am I the only one that doesn't agree with this?
By Blight AC on 12/21/2007 9:46:24 AM , Rating: 2
If the majority of the browsers are IE, wouldn't that be the standard?

... just saying.


RE: Am I the only one that doesn't agree with this?
By nekobawt on 12/21/2007 4:29:43 PM , Rating: 2
Not necessarily. After all, how IE got to be one of the--if not THE--most commonly used browsers is why Microsoft got stuck with that monopoly/antitrust suit a while back.

Making IE an integral part of the OS isn't cheating, exactly, and a clever business move when you think about it, but it sure was sneaky. Users don't HAVE to use IE if they want to browse the internet, but they sure do if they want to navigate their hard drive; that makes it pretty annoying when IE-targeted spy-/malware gets on the computer, even if the user only uses Firefox.


By Blight AC on 12/28/2007 3:57:20 PM , Rating: 2
quote:
Users don't HAVE to use IE if they want to browse the internet, but they sure do if they want to navigate their hard drive; that makes it pretty annoying when IE-targeted spy-/malware gets on the computer, even if the user only uses Firefox.


Start > Run... > cmd


Just install Firefox then...
By Sunday Ironfoot on 12/20/2007 7:05:27 PM , Rating: 2
quote:
"With hundreds of users here running XP SP2 with IE6, how can Microsoft be serious that the solution is to edit each registry? Is this some sort of joke? It would be easier to have each user install Mozilla Firefox and stop using IE completely. "


So why doesn't he do that then?




RE: Just install Firefox then...
By Blight AC on 12/21/2007 9:45:10 AM , Rating: 2
Anyone in IT should know to create the key once manually then Export it to a .reg file and just run the .reg file on any other PC's that need the fix. A simple double click fix.

Not only that, but now the fix is offered as an executable patch.
http://support.microsoft.com/kb/946627


RE: Just install Firefox then...
By wallijonn on 12/21/2007 10:03:51 AM , Rating: 2
quote:
It would be easier to have each user install Mozilla Firefox and stop using IE completely. "


IE is still necessary to install security patches.

Personally, I only allow the Admin account to use IE, and only for updates (security, audio & video driver updates, anti-virus downloads & updates, etc.) I set the home page to the MS updates page.

For everything else there is FF and Opera.


More details
By seanademy on 12/20/2007 2:19:38 PM , Rating: 3
What exactly "customization" entails is not detailed by Microsoft, but it appears to suggest that while IE6/SP2 users may be affected, only a specific subset of this group will likely experience crashes.


The customization entails content that would require authentication (Custom Yahoo! page, such as My Yahoo!), etc. Another example would be a page that may have saved logon information.

Rather than a complete freeze of IE, most folks experience an error pointing to urlmon.dll.

--Sean

--Sean




IE6 has advantages
By tastyratz on 12/21/07, Rating: 0
"I modded down, down, down, and the flames went higher." -- Sven Olsen














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki