MS06-042 Re-released

Hey folks –  Mike Reavey here, I wanted to follow up on our Security Advisory we released on Tuesday about the re-release of MS06-042 for IE 6.0 SP1 customers.

We’ve resolved the issues that delayed the re-release and have released the revised update.

The revised update fully resolves the security vulnerability we discussed in the Advisory. We also have resolved the issues that we discovered prior to the planned release on Tuesday.

We are now urging IE 6.0 SP1 customers to go ahead and deploy this revised update as soon as possible.

Now that the revised update is out, I wanted to address something that’s really been concerning customers and some confusion regarding the nature of the issue we discovered and whether it warranted holding the release.

It’s important to note that the security vulnerability introduced by MS06-042 was only on Internet Explorer 6.0 SP1.  A large number of our customers running Internet Explorer 6.0 SP1 are running it on Windows 2000, as that is the most current version of Internet Explorer for that platform.  Those customers rely heavily on deployment tools such as the Microsoft Baseline Security Analyzer (MBSA) and the Inventory Tool for Microsoft Updates (ITMU).  The problem we discovered late in testing was related to a background technology used by those deployment technologies.

That would have meant that a significant portion of customers would have been unable to deploy the update if we had tried to release it on August 22nd as originally stated.  This is very important.  Because while some customers still using Internet Explorer 6.0 SP1 do utilize other detection and deployment technologies, a large portion still rely on the deployment technologies like MBSA and the ITMU due to their support of older products and infrastructures. Because this directly affects the ability of those customers most affected by the re-release to protect themselves, we delayed the release to successfully address this issue so that all customers could protect themselves fully.

We simply cannot leave those customers behind on a security release.  We feel it this was the right call to make, and it was not an easy one.  However, we worked around the clock and were able to address the issue and re-release quickly.


*This posting is provided “AS IS” with no warranties, and confers no rights.*