PDA

View Full Version : New update (KB832894)



MrBeef
03-02-2004, 07:01 AM
Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB832894)



i just went on this morning and went to windows update and found this critical update. What does this one cover...is it the spoofing web addys?

Babe Ruth
03-02-2004, 08:40 AM
MrBeef,

See the following MS TechNet article February Security Update (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/winfeb04.asp)

Cheers, Babe.

TonyF
03-02-2004, 10:27 AM
See http://www.microsoft.com/downloads/details.aspx?FamilyID=70530968-b59a-47c0-90d3-0c884910bc97&displaylang=en

Murray P
03-02-2004, 11:28 AM
this link (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms04-004.asp) gives detailed info on the vulnerabilities and fixes.

It may have nothing to do with it but, I updated IE (even though I rarely use it now) on the advice at an MS site that stated even if you do not use IE the update is crtitcal. After applying the IE patch and catching up with an office update my Mozilla Firebird bookmarks were gone except for the defaults and, 'updated, Imported IE Favourites. My home page had also been changed to the default and most of the customised Toolbars and some plugins are kaput. I searched high and low for the original bookmarks but they were nowhere to be found. Fortunately I had a month old backup to restore from so have lost only a few mainly work related ones. BTW, Thunderbird seems to be ok. It send and receives and the address book is iintact.

Before applying any patches, backup.

I would be interested to know if anyone else has had this or similar problems.

Cheers Murray P

Jen C
03-02-2004, 04:28 PM
> Before applying any patches, backup.
>
> I would be interested to know if anyone else has had
> this or similar problems.

Thanks for that warning Murray. I just downloaded that patch as well (after backing up the Phoenix folder under Application data first), but my MozillaFirebird was not affected at all by that update. All bookmarks, extensions and skins are still fine.

Sounds like your profile for MozillaFirebird was corrupted. Did you take a look in the Phoenix folder Phoenix\Profiles\name(or default)\random_8_letters.slt for your bookmarks.html?

dumdum
03-02-2004, 04:45 PM
No problems here with Firebird after downloading the patch for IE.

DD.

dumdum
03-02-2004, 04:50 PM
As a matter of interest, is it normal practice to do a backup before d/loading and installing these patches?
sorry this was meant to be included in the previous post.
Cheers
DD.

Fire-and-Ice
03-02-2004, 07:40 PM
> As a matter of interest, is it normal practice to do a backup before d/loading and installing these patches?

Its always a good idea to back everything up before installing or updating anything , software and hardware included, if you have anything on your HDD worth saving. ;-)

Most of us take the risk however and then grumble when it all turns to custard. :D

dumdum
03-02-2004, 08:39 PM
Thanks for that Fire.

Jim B
03-02-2004, 10:15 PM
Anyone who has installed the latest update and is having a problem logging into a site that requires a username and password can thank Microsoft for for the inconvenience.

The Microsoft patch has disabled a standard form of authentication which is widely used across the internet.
If HTTP or HTTPS URLs contain user information in the scripting code to manage state information, they will need to be changed to use cookies instead of user information.

This from http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/Bulletin/MS04-004.asp]ms ( [url) security bulletin[/url]



Does this Security Update contain any other changes to functionality in Internet Explorer?
Yes. This Internet Explorer cumulative update also includes a change to the functionality of a Basic Authentication feature in Internet Explorer. The update removes support for handling user names and passwords in HTTP and HTTP with Secure Sockets Layer (SSL) or HTTPS URLs in Microsoft Internet Explorer. The following URL syntax is no longer supported in Internet Explorer or Windows Explorer after you install this software update:

http(s)//usernamepassword@server/resource.ext

For more information about this change, please see the Frequently Asked Questions section for this specific issue in this bulletin or Microsoft Knowledge Base article 834489.

Additionally, this update will disallow navigation to "usernamepassword@host.com" URLs for XMLHTTP. Microsoft is currently creating an update to MSXML that will address this issue specifically for XMLHTTP and we will provide more information in this bulletin when the update becomes available.

Does the update contain any other security changes?
The update also refines a change made in Internet Explorer 6 Service Pack 1, which prevents web pages in the Internet zone from navigating to the Local Machine zone. This change was introduced to mitigate the effects of potential new cross domain vulnerabilities. The changes introduced in this update are further enhancements of the Internet Explorer 6 Service Pack 1 restrictions.

Murray P
03-02-2004, 11:57 PM
Jen, I looked in there its where I go to back up or import when I install a new ver of Firebird. It could be just coincidence but my suspicions are aroused that the patch has done something, possibly because it does not like my setup or security settings. Funny how IE imported favourites appeared out of nowhere with no action from me, updated entries and all.

Jim, that change to the security settings may be why an (other) industry site I registere with and tried to login to did not work either in Mozilla or IE with any cookie setting I tried. More puzzles as to why Mozilla F would not work on the site tho. The plot thickens. Might wipe then just reinstall MF.

Cheers Murray P

Laura
04-02-2004, 01:10 AM
It's an interesting thread.

For those running Windows, it's an important thread.

But its title in this PF1 thread doesn't make it clear to newbs - and maybe some olds? - that this is a Windows/Microsoft upgrade.

(Speaking personally, the numbers could mean anything. I'm used to seeing numbers passing by.They might relate to Linux or to digital cameras or music players or whatever They're for those in the know.)

So I hope you'll forgive me if I do another VERY basic post to alert those who don't know as much as you all do.
The experts here have told me to disable my Windows Automatic Update. Those of us who did so need prompt reminders for manual checks.