Re: IE cumulative security patch

From: Karl Levinson (klevinson@CHESAPEAKECAPITAL.COM)
Date: 02/19/02


Date:         Tue, 19 Feb 2002 14:50:53 -0500
From: Karl Levinson <klevinson@CHESAPEAKECAPITAL.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Just FYI, Microsoft second level support has been able to reproduce the
problem where the MSHTML.DLL file in the February 11 2002 IE Cumulative
Patch breaks web pages that contain the Microsoft ListView Active-X control,
both by using my sample code and also their own test HTML code.

-----Original Message-----
From: Karl Levinson
Sent: Friday, February 15, 2002 11:00 AM
To: 'NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM'
Subject: RE: IE cumulative security patch

Correction, the Microsoft February 11 2002 IE Cumulative Patch appears to
break the MICROSOFT ListView Active-X control from the VB6 suite. [I
previously said this was a third party control, it is not.] I have sample
code on hand to show the problem, though I'm not sure if this is of interest
to anyone.

-----Original Message-----
From: Karl Levinson
Sent: Thursday, February 14, 2002 3:34 PM
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: RE: IE cumulative security patch

I wanted to report that we just installed the Q316059 February 11, 2002
cumulative IE patch from Microsoft. On every single machine here [confirmed
on at least 6 Windows 2000 SP2 machines], the MSHTML.DLL file included in
that patch broke our ability to run the ListView Active-X control. This was
a major problem for us.

Naturally, Microsoft gave no way to uninstall this patch. Replacing this
one file appeared to resolve the problem. I'm planning to report this to
Microsoft and FarPoint as well. <insert "trustworthy computing" joke here>

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by VeriSign - The Internet Trust Company
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Do you have 128-bit SSL encryption server security?
Get VeriSign's FREE Guide, "Securing Your Web Site for Business," and learn
everything you need to know about using 128-bit SSL to encrypt your
e-commerce transactions, secure your intranets and authenticate your Web
site. 128-bit SSL is serious security for your online business. Get it now!
http://www.verisign.com/cgi-bin/go.cgi?a=n094765650008000
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo



Relevant Pages

  • Re: [Full-disclosure] Security Alert: Unofficial IE patches appear on internet
    ... created by a vulnerability is as serious as this case and the available ... Microsoft will be inclined strongly against holding on to this patch. ... Microsoft often have patches ready but wait for the corporate known ...
    (Full-Disclosure)
  • Re: Worm in Patch
    ... a naive and trusting nature in your personality believing that you would ... "receive a patch" instead of getting it from a trusted source..? ... Essentially - Microsoft never emails you a patch. ... using Windows XP "prettifications". ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Why do i keep on receiving shutdown system ?
    ... the Microsoft provided information on the matter can be ... The Symantec Repair utility and manual removal instructions can be found ... The patch that would have prevented this whole fiasco for you: ... If you have Sasser, the Microsoft provided information on the matter can be ...
    (microsoft.public.windowsxp.security_admin)
  • Re: NT Authority..
    ... You could have Blaster or you could have Sasser. ... the Microsoft provided information on the matter can be ... The patch that would have prevented this whole fiasco for you: ... After enabling the Internet Connection Firewall or creating the read-only ...
    (microsoft.public.windowsxp.help_and_support)
  • So Windows Update is a dog, now what?
    ... extension, that means that the soon-to-be-released Windows Update, ... How about someone getting serious about patch management over at ... In their explanation of the severity rating scheme, the Microsoft ... incredibly reliable mechanism for getting patches onto systems, ...
    (NT-Bugtraq)