Language Selection

English French German Italian Portuguese Spanish

M$ Initially Released Corrupted IE Patch

Filed under
Microsoft

The patch for Internet Explorer that Microsoft on Tuesday urged users to install as soon as possible was initially flawed, the company said Wednesday.

Several of the Internet Explorer updates initially provided via the Download Center were corrupted, Microsoft officials said, and couldn't be installed.

"The updates were corrupted, breaking the digital signatures," a member of the IE development team wrote on the browser's official blog on Tuesday. "We've identified the problem [and] removed the affected updates from the Download Center."

The broken signatures caused failures of both Systems Management Server (SMS) -- the enterprise management tool used to distribute new software and updates -- and individual Internet Explorer installations.

"If customers got the update from the Download Center in the first few hours after the 10 a.m. [PDT] release, then the update that was downloaded would not install," confirmed a Microsoft spokesperson Wednesday. "Microsoft immediately pulled the ability to get the updates from the Download Center, investigated the cause of the problem, and re-published the updates."

Only the update files posted on the Download Center -- which is where links in the individual security bulletins take users -- were affected, Microsoft said. "Automatic Update, Windows Update, Microsoft Update, and Windows Server Update Services (WSUS) were not affected," the company said in an explanation added to the MS05-038 bulletin Wednesday.

The glitch is an embarrassment for Microsoft. "I've never seen an update corrupted like this," said Mike Murray, the director of research at vulnerability management vendor nCircle. "We've had updates that were broken somehow or didn't work like they should, but not this."

Some users commenting on Microsoft's blog site took the company to task for the screw-up. Dominic White, a South African studying computer science at Rhodes University who has published papers on automated update technologies in general, and Microsoft's in particular, was one.

"What bothers me is the way this was described," wrote White. "'This only impacts users downloading via Download Center' [Microsoft said], but this is exactly what it would look like if someone had compromised the patches. Nobody seemed to think about the possibility of hacked patches and Microsoft didn’t have to say they weren’t hacked, just a bug.

Full Story.

More in Tux Machines

Meet Cornelius Schumacher - Akademy Keynote Speaker

At Akademy 2014, outgoing KDE e.V. Board President Cornelius Schumacher will give the community keynote. He has attended every Akademy and has been amazed and inspired at every one of them. If you want more of what KDE can bring to your life, Cornelius's talk is the perfect elixir. Here are glimpses of Cornelius that most of us have never seen. They give a sense of what has made him a successful leader of KDE for several years. Read more

PLASMA ACTIVE PORTED TO KF5

The GSoC might have come to an end, but I am very happy with the progress that we have made porting the Plasma Active to KF5. In my previous blogposts i have describe some of the stuff which they have been ported. So at the moment a lot of the basic features have come back to the Plasma Active, so yes it is at a usable state :) One of the big changes is that Nepomuk has been replaced with Baloo. Despite the fact that a lot of the Nepomuk stuff has been ported, there are still some things left, for example the timeline and tag support on the active-filebrowser. Read more

Mozilla Unveils $33 Intex Cloud FX Smartphone

Mozilla is targeting first time smartphone buyers who haven’t yet upgraded their basic feature phones because of high prices or technology specifications. In an interview with The Wall Street Journal, Jane Hsu, director of product marketing at Mozilla based in Taiwan, explains how the company was able to bring down the cost of smartphones and discusses Mozilla’s future plans. Read more

Appliance maker Electrolux joins IoT-focused AllSeen Alliance

The group is one of the more diverse consortiums, with members ranging from consumer electronics and chipset manufacturers to retailers and service providers. Primarily, work revolves around the AllJoyn open-source framework, which AllSeen said acts as a universal translator for objects and devices to interact. Read more