Microsoft fixes security update that breaks Internet Explorer

An update released Monday corrects two issues that affect the proper display of Web pages.

Microsoft issued a security update addressing a problem with a previous patch for Internet Explorer, which resulted in causing some Web pages to display improperly.

SearchSecurity.com
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The advisory fixes security bulletin MS09-054, which addressed memory corruption errors a data stream handler corruption vulnerability and an HTML component handling flaw in Internet Explorer 5.01 and 6-8. Once deployed however, some customers reported problems viewing certain Web pages. The fix caused IE to miscalculate a Web page property that determines the top position for some Web elements, such as links and Web page banners. A script safety check also caused problems, causing problems in Web pages that use a mixture of VBScript and JavaScript.

Microsoft updates:
Oct. - Microsoft addresses critical SMBv2 flaw, fixes record number of flaws: Microsoft addressed three critical vulnerabilities in Windows Server Message Block. Thirteen bulletins addressed a record 34 flaws.

Sept. - Microsoft repairs Windows media, TCP/IP vulnerabilities: Microsoft released five critical updates fixing a serious flaw in the Windows Media Format Runtime engine and TCP/IP processing errors that could crash Web and mail servers. 

Aug. - Microsoft fixes Office Web Components vulnerability, kill-bit bypass: Microsoft repaired critical vulnerabilities in Microsoft Office Web Components affecting Office Word, Excel and PowerPoint viewer as well as its ISA and BizTalk servers.

Microsoft's Christopher Budd who heads the Microsoft Security Response team, said the browser problems have been limited and there have been no reports of any attacks against the vulnerabilities.

"While the number of customers affected by these two issues is limited, after working both with affected customers and our CSS group, we feel the best thing for all customers is to proactively provide this update as widely as possible to help prevent other customers from encountering the issues," Budd wrote in a blog entry describing the Internet Explorer display problem.

Budd said the security bulletin will be rereleased through the Windows Update, Microsoft Update, and Automatic Updates as Microsoft update 976749.

The problematic Internet Explorer security bulletin was part of a record patching month for Microsoft. The regular October update cycle fixed a record 34 vulnerabilities in Windows, Internet Explorer and Microsoft Office. The Microsoft bulletins also contained the first security update for Windows 7, addressing ActiveX control issues as a result of components built using a flawed version of Microsoft Active Template Library.

Dig deeper on Windows Security: Alerts, Updates and Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close