News

Critical Security Patch for IE Pulled, Reposted

A problem in Microsoft's process for posting patches to the Microsoft Download Center during the August patch day on Tuesday caused users attempting to pull down a critical cumulative patch for Internet Explorer to receive a corrupted file.

The issue forced Microsoft to remove the patch, MS05-038, from the Download Center. After working through the night, Microsoft had a 2.0 version of the patch back up on the Download Center on Wednesday.

The patch was the most serious of six bulletins that Microsoft posted during its Patch Tuesday event this month. The cumulative update for Internet Explorer addressed three new security flaws, two of which were critical vulnerabilities that could allow remote code executions. The patch also included numerous kill bits for outdated objects known to be vulnerable to attack.

The corrupt files issue only affected users who received MS05-038 through the Microsoft Download Center. The files posted to Microsoft's automated patch distribution infrastructure -- Windows Update, Microsoft Update, Window Server Update Services or Software Update Services -- did not share the corruption problem.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • After High-Profile Attacks, Biden Calls for Better Software Security

    Recent high-profile security attacks have prompted the Biden administration to issue an executive order aiming to tighten software security practices across the board.

  • With Hybrid Networks on Rise, Microsoft Touts Zero Trust Security

    Hybrid networks, which combine use of cloud services with on-premises software, require a "zero trust" security approach, Microsoft said this week.

  • Feds Advise Orgs on How To Block Ransomware Amid Colonial Pipeline Attack

    A recent ransomware attack on a U.S. fuel pipeline company has put a spotlight on how "critical infrastructure" organizations can prevent similar attacks.