Critical Security Patch for IE Pulled, Reposted
- By Scott Bekker
- August 10, 2005
A problem in Microsoft's process for posting patches to the Microsoft Download Center during the August patch day on Tuesday caused users attempting to pull down a critical cumulative patch for Internet Explorer to receive a corrupted file.
The issue forced Microsoft to remove the patch, MS05-038, from the Download Center. After working through the night, Microsoft had a 2.0 version of the patch back up on the Download Center on Wednesday.
The patch was the most serious of six bulletins that Microsoft posted during its Patch Tuesday event this month. The cumulative update for Internet Explorer addressed three new security flaws, two of which were critical vulnerabilities that could allow remote code executions. The patch also included numerous kill bits for outdated objects known to be vulnerable to attack.
The corrupt files issue only affected users who received MS05-038 through the Microsoft Download Center. The files posted to Microsoft's automated patch distribution infrastructure -- Windows Update, Microsoft Update, Window Server Update Services or Software Update Services -- did not share the corruption problem.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.