Microsoft Re-Re-Releases IE Patch

Microsoft has recently released, for the third time, a patch for MS06-042. From the article:
According to Microsoft's security bulletin, the IE patch was updated September 12 to fix another remote code execution vulnerability in IE's handling of long URLs from Websites using HTTP 1.1 protocol and compression. That's almost identical to the problem introduced in the original version of the patch, then discovered by security researchers at eEye Digital Security.
This issue underscores the security issues that Microsoft continues to have. You have to continue to wonder if they can possibly live up to the promises they have made for Vista and IE7. While bugs and security issues are to be expected in software as complicated as what we're talking about here, a single issue having to be addressed 3 (and counting) times shows a lack of discipline. I'd guess they have their developers so focused on getting Windows Vista out the door that the MSRC probably isn't getting the resources it needs to do things properly. Judging by the many unreleased vulnerabilities in the queue, including 5 with a Severity of “High”, things don't look like they're going to get any better any time soon.
, , , ,

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: