Microsoft fixes security update that breaks Internet Explorer

By SearchSecurity.com Staff 03 Nov 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Microsoft issued a security update addressing a problem with a previous patch for Internet Explorer, which resulted in causing some Web pages to display improperly.

SearchSecurity.com To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The advisory fixes security bulletin MS09-054, which addressed memory corruption errors a data stream handler corruption vulnerability and an HTML component handling flaw in Internet Explorer 5.01 and 6-8. Once deployed however, some customers reported problems viewing certain Web pages. The fix caused IE to miscalculate a Web page property that determines the top position for some Web elements, such as links and Web page banners. A script safety check also caused problems, causing problems in Web pages that use a mixture of VBScript and JavaScript.

Microsoft updates: Oct. - Microsoft addresses critical SMBv2 flaw, fixes record number of flaws: Microsoft addressed three critical vulnerabilities in Windows Server Message Block. Thirteen bulletins addressed a record 34 flaws. Sept. - Microsoft repairs Windows media, TCP/IP vulnerabilities: Microsoft released five critical updates fixing a serious flaw in the Windows Media Format Runtime engine and TCP/IP processing errors that could crash Web and mail servers.  Aug. - Microsoft fixes Office Web Components vulnerability, kill-bit bypass: Microsoft repaired critical vulnerabilities in Microsoft Office Web Components affecting Office Word, Excel and PowerPoint viewer as well as its ISA and BizTalk servers.

Microsoft's Christopher Budd who heads the Microsoft Security Response team, said the browser problems have been limited and there have been no reports of any attacks against the vulnerabilities.

"While the number of customers affected by these two issues is limited, after working both with affected customers and our CSS group, we feel the best thing for all customers is to proactively provide this update as widely as possible to help prevent other customers from encountering the issues," Budd wrote in a blog entry describing the Internet Explorer display problem.

Budd said the security bulletin will be rereleased through the Windows Update, Microsoft Update, and Automatic Updates as Microsoft update 976749.

The problematic Internet Explorer security bulletin was part of a record patching month for Microsoft. The regular October update cycle fixed a record 34 vulnerabilities in Windows, Internet Explorer and Microsoft Office. The Microsoft bulletins also contained the first security update for Windows 7, addressing ActiveX control issues as a result of components built using a flawed version of Microsoft Active Template Library.

Tags: Windows Security: Alerts, Updates and Best Practices,  Web Browser Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Security: Alerts, Updates and Best Practices Windows 7 DoS flaw allows hackers to freeze Microsoft's newest OS Microsoft patches serious Windows kernel flaws Microsoft to address flaws in Windows, Office for Mac What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Microsoft issues SMB vulnerability advisory, patch pending Attackers target Microsoft IIS; new SMB flaw discovered Microsoft repairs Windows media, TCP/IP vulnerabilities Web Browser Security InZero Systems launches hardware-based security gateway Web security firm ranks Firefox, Safari browsers as flaw prone Mozilla update repairs Firefox buffer overflow vulnerabilities Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Do Facebook URL security concerns justify blocking social networks? Phishing attacks to remain a major problem, say security experts Adrian Perrig: Improve SSL/TLS Security Through Education and Technology New Bahama botnet evades search engines, fuels click fraud SANS: Application threats, website flaws pose biggest security threats Web Browser Security Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary BotHunter  (SearchSecurity.com) principle of least privilege (POLP)  (SearchSecurity.com) security identifier  (SearchSecurity.com) trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary