IE August 2005 Security Update is now available!

re: IE August 2005 Security Update is now available!

Espen Andersson — Wed, 10 Aug 2005 02:39:41 GMT

I'm just curious: There are still several unpatched security vulnerabilities in Internet Explorer. Will these patched in the future, or are you just fixing newly discovered vulnerabilities?

re: IE August 2005 Security Update is now available!

Will — Wed, 10 Aug 2005 08:30:27 GMT

All browsers have some number of unpatched security issues; in BugZilla, they're marked private so they're not publicly visible.

I'm really tired of people making vague claims about unpatched bugs without providing specific information. In the past, I've seen a lot of really dubious "bugs" that weren't patched because they didn't really exist.

Correctifs d'aout 2005 pour IE disponible

Cyril's Blog — Wed, 10 Aug 2005 12:30:43 GMT

re: IE August 2005 Security Update is now available!

Mike Dimmick — Wed, 10 Aug 2005 14:41:51 GMT

If you're talking about Secunia's reports of unpatched vulnerabilities, I've found in the past that, sometimes, the vulnerabilities are actually fixed but Secunia don't update their information.

I encourage the IE team to confirm whether the supposedly 'unpatched' vulnerabilities still reproduce, and if not, to inform Secunia.

re: IE August 2005 Security Update is now available!

shane — Wed, 10 Aug 2005 15:17:05 GMT

Why does IE even instantiate COM objects that are not intended for use in IE? IE has to instantiate the object in order to query IObjectSafety, which is why this COM vulnerabilities exist. All that would be required is a key in the registry for the object to indicate whether it should be used in this way or not. The first time the object is used, IE can ask the user whether they want to set this key, and at any time the user could revoke it.

See:
http://www.securityfocus.com/archive/1/391803

for more details.

re: IE August 2005 Security Update is now available!

Espen Andersson — Wed, 10 Aug 2005 15:57:43 GMT

Yes, I was talking about those Secunia has marked as unpatched.

"If you're talking about Secunia's reports of unpatched vulnerabilities, I've found in the past that, sometimes, the vulnerabilities are actually fixed but Secunia don't update their information."

If that's the case, I would like to see Microsoft to inform them. There are a lot of people out there, including myself, who uses security as an argument to switch to e.g. Mozilla Firefox or Opera. If Microsoft could fix all unpatched vulnerabilities, at least those who has a comparatively high risk level in addition to the great bug fixes they have announced will be available in Internet Explorer 7 beta 2, I believe Internet Explorer would be close to a great browser.

PS: I didn't really want to start a discussion about the unpatched security vulnerabilities in Internet Explorer - I was just curious why they still haven't fixed them ...

re: IE August 2005 Security Update is now available!

Dominic White — Wed, 10 Aug 2005 16:23:56 GMT

The funny thing is this is exactly what a compromise of Mircrosoft's patching infastructure would look like and nobody batted an eyelid.

Surely patching tools should be screaming warning bells all over the place? Why did customers just continue trying to install the patches via other methods instead of going "wait is this a hack?"

Scary world we live in.

Well done to the IE team for an otherwise successful patch release.

re: IE August 2005 Security Update is now available!

UnexpectedBill — Wed, 10 Aug 2005 17:44:49 GMT

Hello all...

I don't mean to come across as harsh or rude, but will someone at Microsoft *please* fix the updated automatic updating components?

I realize that some users will need to be reminded repeatedly that they should reboot their computer to finish updating.

However, I'm of the school of thought that I will reboot when I'm ready to do so. I find the continual reminder window to be rude and incredibly aggravating. It may not be smart or the best approach, but I'd really like to see an update to the Microsoft Update/Windows Automatic Updating stuff that lets a user tell automatic updates to *be quiet* and *stop bothering me*!

re: IE August 2005 Security Update is now available!

Udolpho — Wed, 10 Aug 2005 18:08:48 GMT

As usual the comments section quickly fills with stunning insights.

"PS: I didn't really want to start a discussion about the unpatched security vulnerabilities in Internet Explorer - I was just curious why they still haven't fixed them"

Uh, I spot a contradiction. If you want to know why an alleged vuln has not been fixed, then you *do* want to start a discussion about unfixed vulns. Oh wait, maybe you just want to contribute a zero-usefulness swipe. Could you be yet another passive aggressive nerd posting here?

As for the person who deliberately installs updates that require a reboot, then complains about the dialog prompting a reboot...don't you think the prompt is maybe *supposed* to be annoying?

And, duh, you could always put off installing the patch until you are prepared to reboot afterwards. Patch descriptions indicate whether a reboot is likely to be required. Wait, reading, so difficult...

re: IE August 2005 Security Update is now available!

Espen Andersson — Wed, 10 Aug 2005 18:29:30 GMT

Asking a question doesn't have to result in a discussion. If there's a reason - okay, that's fine for me. That's all I need to know. I asked because I'm curious why Microsoft doesn't fix all security vulnerabilities when they say they take security seriously. If they say that the remaining vulnerabilities not are high-level risks, I accept that. They know more about these problems than I do and that's why I ask.

re: IE August 2005 Security Update is now available!

Pete — Wed, 10 Aug 2005 21:08:40 GMT

Re: Yellow Shield of Annoyance

I really dislike the yellow shield. It is slightly less annoying than the prompt that comes up with a restart countdown, but I've accidently hit the reboot a couple times. Wish I knew who was actually in charge of that around here.

It is not an IE component from what I can tell. We can't do anything about it.

re: IE August 2005 Security Update is now available!

AndyC — Wed, 10 Aug 2005 22:58:46 GMT

Rebecca Norlander on why the SP2 updater is deliberately annoying:

http://channel9.msdn.com/ShowPost.aspx?PostID=9809#9809

I'll agree it can be a bit invasive but it certainly does the job!

re: IE August 2005 Security Update is now available!

vince — Wed, 10 Aug 2005 23:35:09 GMT

> I'd really like to see an update to the Microsoft Update/Windows
> Automatic Updating stuff that lets a user tell automatic updates to
> *be quiet* and *stop bothering me*!

I just attended a talk where Windows Update decided to run in the background on the presenters machine, and then popped up the "reboot in 5 mins dialog". Unfortunately it was in the middle of the talk, and the "ask me later" button on delayed things about 10 mins or so, so the talk was contiually being interrupted so he could walk to the machine and click "ask me later" again. No option for "just leave me alone". It was very unprofessional, and it makes me glad I never use windows machines to give presentations with.

re: IE August 2005 Security Update is now available!

codemastr — Thu, 11 Aug 2005 00:02:03 GMT

I hate the reboot dialog too. It can't be stopped! Even if you kill the process that generates this dialog, Windows restarts it!

re: IE August 2005 Security Update is now available!

Annoyed Updater — Thu, 11 Aug 2005 00:29:02 GMT

The reboot dialog can be stopped. If it's annoying you, stop the Automatic Updates service. Note that visiting Windows Update will restart this service and the reminders so if you go there, you'll need to do this again. From the command-line, net stop "Automatic Updates".

re: IE August 2005 Security Update is now available!

Tom — Thu, 11 Aug 2005 03:08:46 GMT

Spanish update is still wrong. Have you tested right?.

See you.

re: IE August 2005 Security Update is now available!

Jeremy [MSFT] — Thu, 11 Aug 2005 07:06:41 GMT

Tom, can you tell us what platform version of the Spanish package you are experiencing this on?

re: IE August 2005 Security Update is now available!

Tom — Thu, 11 Aug 2005 11:23:36 GMT

Hi Jeremy,

I have downloaded the update again this morning and it already works and install fine. Maybe was that when I had downloaded the patch, it still was the old one with the signature problem.

My platform is WinXp Pro SP2 Spain(I don't know if this what you are asking for).

Thanks for you support :).

See you.

re: IE August 2005 Security Update is now available!

tom_markus — Thu, 11 Aug 2005 14:06:58 GMT

I am installing on a french language machine, windows 2000. Windows update
first installed an update from v5 to v6, then crashed out with the error
0x8007041D

Multiple reboots/dropping security levels
to minimum does not help

Speaking of fixing bugs...

Michael "Sandwich" C — Sun, 14 Aug 2005 10:45:20 GMT

Regarding unpatched bugs... I know that it has been stated that IE7 will not be made available for Windows 2000 and lower, primarily (to my understanding) due to difficulties in implementing the various new features.

However, there are plenty of bugs in IE6 that are being addressed in IE7 - primarily concerning the rendering engine (CSS1 & 2 support, PNG transparency, etc). In my opinion, these ARE bugs in IE6, since it claims to support PNG and CSS.

Considering the vast number of corporations that will continue to run Windows 2000, would it not be wise to address these basic issues? How difficult would it be to patch in IE6 (call it 6.5 or something) the same rendering bugs that are being fixed in IE7?

re: IE August 2005 Security Update is now available!

Schaz — Sun, 21 Aug 2005 20:01:44 GMT

The message about being aware of the problem with the Download Center updates needed to be both on the site and provided to PSS. I can't use Windows Update (it fails, nobody can figure it out) so must go to each security bulletin individually and download each patch. I spent an hour on the phone with PSS when, with proper communication, it should have been a 1-minute call: "They're fixing the download, try again in X hours."

re: IE August 2005 Security Update is now available!

S Parker — Tue, 23 Aug 2005 13:54:07 GMT

On the day of release I updated two servers over remote desktops from the Update website (possibly withthe corrupt files)

On reboot I could no longer remote to them.
I utilised VNC to see the desktop in which took over an hour to get to the login splash screen.

The servers are now unable to access the web and actually hang on going into IE connections TAB.

As the servers are in the US and I am in the UK. trouble shooting is limited and I have to wait for personal to come in. (for rebooting)
As the server hangs on shutdown.

Any advise??

Patch Day August 2005 - Seite 2 | hilpers

Patch Day August 2005 - Seite 2 | hilpers — Tue, 20 Jan 2009 17:07:34 GMT

PingBack from http://www.hilpers.com/958592-patch-day-august-2005-a/2

IEBlog IE August 2005 Security Update is now available | Paid Surveys

IEBlog IE August 2005 Security Update is now available | Paid Surveys — Sat, 30 May 2009 01:15:17 GMT

PingBack from http://paidsurveyshub.info/story.php?title=ieblog-ie-august-2005-security-update-is-now-available