Article

Microsoft fixes security update that breaks Internet Explorer

SearchSecurity.com Staff

Microsoft issued a security update addressing a problem with a previous patch for Internet Explorer, which resulted in causing some Web pages to display improperly.

    Requires Free Membership to View

    Login

SearchSecurity.com
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The advisory fixes security bulletin MS09-054, which addressed memory corruption errors a data stream handler corruption vulnerability and an HTML component handling flaw in Internet Explorer 5.01 and 6-8. Once deployed however, some customers reported problems viewing certain Web pages. The fix caused IE to miscalculate a Web page property that determines the top position for some Web elements, such as links and Web page banners. A script safety check also caused problems, causing problems in Web pages that use a mixture of VBScript and JavaScript.

Microsoft updates:
Oct. - Microsoft addresses critical SMBv2 flaw, fixes record number of flaws: Microsoft addressed three critical vulnerabilities in Windows Server Message Block. Thirteen bulletins addressed a record 34 flaws.

Sept. - Microsoft repairs Windows media, TCP/IP vulnerabilities: Microsoft released five critical updates fixing a serious flaw in the Windows Media Format Runtime engine and TCP/IP processing errors that could crash Web and mail servers. 

Aug. - Microsoft fixes Office Web Components vulnerability, kill-bit bypass: Microsoft repaired critical vulnerabilities in Microsoft Office Web Components affecting Office Word, Excel and PowerPoint viewer as well as its ISA and BizTalk servers.

Microsoft's Christopher Budd who heads the Microsoft Security Response team, said the browser problems have been limited and there have been no reports of any attacks against the vulnerabilities.

"While the number of customers affected by these two issues is limited, after working both with affected customers and our CSS group, we feel the best thing for all customers is to proactively provide this update as widely as possible to help prevent other customers from encountering the issues," Budd wrote in a blog entry describing the Internet Explorer display problem.

Budd said the security bulletin will be rereleased through the Windows Update, Microsoft Update, and Automatic Updates as Microsoft update 976749.

The problematic Internet Explorer security bulletin was part of a record patching month for Microsoft. The regular October update cycle fixed a record 34 vulnerabilities in Windows, Internet Explorer and Microsoft Office. The Microsoft bulletins also contained the first security update for Windows 7, addressing ActiveX control issues as a result of components built using a flawed version of Microsoft Active Template Library.


Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top