Bill
Wed Sep 24 23:42:58 CDT 2003
Ignore the other joker, please.
Here's a link to the bulletin for this patch, which has an update:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-032.asp
Here's the stuff from the Technical Details section that I suspect you are
thinking of:
----------------------------------------------------------------------------
--
Microsoft originally issued this bulletin on August 20th, 2003. Subsequent
to issuing the security bulletin, Microsoft received reports that the patch
provided with this bulletin does not properly correct the Object Type
Vulnerability (CAN-2003-0532).
Microsoft also identified a problem that specifically affects Windows XP
systems that are configured as web servers serving ASP.NET web pages and
causes clients connecting to the web server to receive an error when they
attempt to view pages on the site. This problem only affects Windows XP
computers that have installed Internet Information Services (IIS) 5.1 (which
is not installed by default) and configured with the .NET Framework version
1.0 to serve ASP.NET based Web pages--it does not affect other versions of
Windows. Microsoft has published a knowledge base article 827641 that
provides steps to work around this issue while maintaining the level of
protection provided by the security patch.
Microsoft is investigating these reports and will re-issue this bulletin
with an updated patch that corrects these problems.
----------------------------------------------------------------------------
So - Microsoft is aware that this patch does not correct all the
vulnerabilities it was expected to. When they come up with a corrected fix,
it'll be issued just as this one was, via Windows Update, AutoUpdate, and
referenced by a security bulletin mailing to the subscription list.
In the meantime, there are workaround steps in the technical bulletin's
Frequently Asked Questions section which you can take to mitigate the yet
unpatched issues. Microsoft isn't aware that these are being exploited yet,
so you'll need to weigh whether the workaround steps are more onerous than
the risk entails.
"adam" <amb03@uow.edu.au> wrote in message
news:147a01c3830c$702b06a0$a301280a@phx.gbl...
> Hi
>
> I am just wondering does anyone know of any issues
> regarding the latest patch for IE?
> I have heard it has a bug???
>
> any info would be greatly appreciated
>
> thanks
>
> adam