Frequent crashes after Windows Update

Moderators: André, AvantGuard

Locked
User avatar
MysteryFCM
Administrator
Administrator
Posts: 7330
Joined: Tue Dec 09, 2003 2:34 am
Windows Version: 10, 8.0, 8.1, 7, Vista, XP
Avant Version: 13.00 Build 23
Default engine: Gecko
IE Version: 7.x, 8.x, 9.x, 10.x, 11.x
Skin: AthenX
Location: Newcastle Upon Tyne, UK
Contact:

Frequent crashes after Windows Update

Post by MysteryFCM » Wed Aug 16, 2006 11:50 pm

This is a note to those experiencing frequent and random crashes after the August Windows Updates (specifically, the IE updates).

This is a known issue and unfortunately, until such time as Microsoft releases a fix for their bugger up, there is nothing we can do to help.

For information on this, please see the following.

http://www.microsoft.com/technet/securi ... 6-042.mspx
http://isc.sans.org/diary.php?storyid=1604

The suggested work-around by Microsoft is to disable HTTP/1.1. To do this, go to Tools > Internet Options > Advanced and scroll down to the HTTP 1.1 options, then untick it.

Note, this will likely result in issues when visiting site's that require such.

Moved from Announcements to Bug Reports. - hornakapopolis

User avatar
MysteryFCM
Administrator
Administrator
Posts: 7330
Joined: Tue Dec 09, 2003 2:34 am
Windows Version: 10, 8.0, 8.1, 7, Vista, XP
Avant Version: 13.00 Build 23
Default engine: Gecko
IE Version: 7.x, 8.x, 9.x, 10.x, 11.x
Skin: AthenX
Location: Newcastle Upon Tyne, UK
Contact:

Re: Frequent crashes after Windows Update

Post by MysteryFCM » Wed Aug 23, 2006 4:27 pm

Recent Internet Explorer Security Update Opens Windows Users to Attack

The flaw in the cumulative update, initially thought to only crash Internet Explorer, actually allows an attacker to run code on computers running Windows 2000 and Windows XP Service Pack 1.

Overview
On August 8th, Microsoft released a cumulative update for Internet Explorer 6 Service Pack 1 (MS06-042). By the following day, users and businesses began to notice that the update caused Internet Explorer to crash when browsing some websites.

On August 11th, Microsoft created a knowledgebase article which mentioned problems with the MS06-042 patch, and how Internet Explorer can crash when viewing web pages that use compression. The knowledgebase article failed to mention that the bug is not just a crash, but in fact is something that an attacker can use to remotely compromise PCs. The article also referenced a hotfix for the issue which can be requested through Microsoft Product Support Services.

As of today, August 22nd, technical details of this vulnerability are not public, but it is safe to assume that a savvy attacker can discover the underlying issue and exploit it via a malicious website. eEye is warning its customers to be aware of the risk, and to contact Microsoft Support to obtain the hotfix.

More information on this issue and links to the Microsoft Support documents can be found on the eEye Research Portal:

http://research.eeye.com/html/alerts/AL20060822.html

User avatar
MysteryFCM
Administrator
Administrator
Posts: 7330
Joined: Tue Dec 09, 2003 2:34 am
Windows Version: 10, 8.0, 8.1, 7, Vista, XP
Avant Version: 13.00 Build 23
Default engine: Gecko
IE Version: 7.x, 8.x, 9.x, 10.x, 11.x
Skin: AthenX
Location: Newcastle Upon Tyne, UK
Contact:

Re: Frequent crashes after Windows Update

Post by MysteryFCM » Wed Aug 23, 2006 5:07 pm

Patch not coming out...

http://support.microsoft.com/?kbid=918899

On August 15, 2006, Microsoft announced that it will release a new version of security update 918899 (MS06-042) on August 22, 2006. This new version was to address this problem for customers who use Internet Explorer 6 Service Pack 1. Because of an issue that was discovered in final testing, Microsoft will not release the new version of security update 918899 on August 22, 2006. Microsoft will release this update for Internet Explorer 6 Service Pack 1 when it meets an appropriate level of quality for broad distribution.

Microsoft is also aware of public reports that this issue could lead to a buffer overrun condition for customers who use Internet Explorer 6 Service Pack 1 and who have applied security update 918899. We are not aware of attacks that try to use the reported vulnerability at this point, nor are we aware of customer impact at this point. Microsoft is aggressively investigating the public reports.

Only customers who use Internet Explorer 6 SP1 are affected. All other customers should continue their deployments of security update 918899. Customers who use Internet Explorer 6 SP 1 should continue their deployment of security update 918899 and follow the existing guidance that is provided in Microsoft Knowledge Base article 923762. These customers should also follow the suggestions that are described in the "Suggested Actions" section of Microsoft Security Advisory 923762
http://msmvps.com/blogs/bradley/archive ... 08846.aspx

User avatar
MysteryFCM
Administrator
Administrator
Posts: 7330
Joined: Tue Dec 09, 2003 2:34 am
Windows Version: 10, 8.0, 8.1, 7, Vista, XP
Avant Version: 13.00 Build 23
Default engine: Gecko
IE Version: 7.x, 8.x, 9.x, 10.x, 11.x
Skin: AthenX
Location: Newcastle Upon Tyne, UK
Contact:

Re: Frequent crashes after Windows Update

Post by MysteryFCM » Thu Aug 24, 2006 6:27 pm

This morning we re-released our August security update (MS06-042) for IE 6.0 SP1. This update is available through all of our normal release channels including Windows Update, Automatic Update, Download Center and our deployment tools such as WSUS.

As I mentioned Tuesday, the original release of MS06-042 introduced a new security vulnerability for IE 6.0 SP1 users. This re-release fixes that vulnerability. We recommend all IE 6.0 SP1 customers install the update immediately. Users running Windows XP SP2, Server 2003 SP1, IE 5.01 on Windows 2000, or any of the IE7 betas, The IE7 Release Candidate 1, or Windows Vista are not affected and do not need to take action.

Tony Chor
Group Program Manager
http://blogs.msdn.com/ie/archive/2006/08/24/717614.aspx

User avatar
MysteryFCM
Administrator
Administrator
Posts: 7330
Joined: Tue Dec 09, 2003 2:34 am
Windows Version: 10, 8.0, 8.1, 7, Vista, XP
Avant Version: 13.00 Build 23
Default engine: Gecko
IE Version: 7.x, 8.x, 9.x, 10.x, 11.x
Skin: AthenX
Location: Newcastle Upon Tyne, UK
Contact:

Re: Frequent crashes after Windows Update

Post by MysteryFCM » Tue Sep 12, 2006 5:55 pm

Update Available for IE 5.01, IE 6.0 SP1, and IE 6.0 on Server 2003

This morning we re-released three versions of our August 2006 cumulative security update (MS06-042). As I had written about before, the original release of MS06-042 introduced a new security vulnerability for IE 6.0 SP1 users which we addressed in a subsequent re-release. However, with the increased scrutiny this release received, a security researcher responsibly disclosed to us that a similar vulnerability was also discovered in IE5.01 on Windows 2000, IE 6.0 SP1 (in a different location), and the original release of Windows Server 2003 (not SP1). This re-release fixes that vulnerability.

This update is available through all of our normal release channels including Windows Update, Automatic Update, Download Center and our deployment tools such as WSUS. We recommend all affected customers install the update immediately. Users running Windows XP SP2, Server 2003 SP1 or any of the IE7 betas, IE7 Release Candidate 1, or Windows Vista are not affected and do not need to take action.

This release and the need for subsequent re-releases have certainly been a learning experience for us. This update cycle has not been an example of our best work, but as I mentioned earlier we have used this experience to improve our processes and increase transparency to ensure all of our releases are of the quality we expect and our customers deserve.

Tony Chor
Group Program Manager
http://blogs.msdn.com/ie/archive/2006/09/12/750815.aspx

Locked