Language Selection

English French German Italian Portuguese Spanish

M$ Initially Released Corrupted IE Patch

Filed under
Microsoft

The patch for Internet Explorer that Microsoft on Tuesday urged users to install as soon as possible was initially flawed, the company said Wednesday.

Several of the Internet Explorer updates initially provided via the Download Center were corrupted, Microsoft officials said, and couldn't be installed.

"The updates were corrupted, breaking the digital signatures," a member of the IE development team wrote on the browser's official blog on Tuesday. "We've identified the problem [and] removed the affected updates from the Download Center."

The broken signatures caused failures of both Systems Management Server (SMS) -- the enterprise management tool used to distribute new software and updates -- and individual Internet Explorer installations.

"If customers got the update from the Download Center in the first few hours after the 10 a.m. [PDT] release, then the update that was downloaded would not install," confirmed a Microsoft spokesperson Wednesday. "Microsoft immediately pulled the ability to get the updates from the Download Center, investigated the cause of the problem, and re-published the updates."

Only the update files posted on the Download Center -- which is where links in the individual security bulletins take users -- were affected, Microsoft said. "Automatic Update, Windows Update, Microsoft Update, and Windows Server Update Services (WSUS) were not affected," the company said in an explanation added to the MS05-038 bulletin Wednesday.

The glitch is an embarrassment for Microsoft. "I've never seen an update corrupted like this," said Mike Murray, the director of research at vulnerability management vendor nCircle. "We've had updates that were broken somehow or didn't work like they should, but not this."

Some users commenting on Microsoft's blog site took the company to task for the screw-up. Dominic White, a South African studying computer science at Rhodes University who has published papers on automated update technologies in general, and Microsoft's in particular, was one.

"What bothers me is the way this was described," wrote White. "'This only impacts users downloading via Download Center' [Microsoft said], but this is exactly what it would look like if someone had compromised the patches. Nobody seemed to think about the possibility of hacked patches and Microsoft didn’t have to say they weren’t hacked, just a bug.

Full Story.

More in Tux Machines

Red Hat's Survey in India

From Raspberry Pi to Supercomputers to the Cloud: The Linux Operating System

Linux is widely used in corporations now as the basis for everything from file servers to web servers to network security servers. The no-cost as well as commercial availability of distributions makes it an obvious choice in many scenarios. Distributions of Linux now power machines as small as the tiny Raspberry Pi to the largest supercomputers in the world. There is a wide variety of minimal and security hardened distributions, some of them designed for GPU workloads. Read more

IBM’s Systems With GNU/Linux

  • IBM Gives Power Systems Rebates For Linux Workloads
    Big Blue has made no secret whatsoever that it wants to ride the Linux wave up with the Power Systems platform, and its marketeers are doing what they can to sweeten the hardware deals as best they can without adversely affecting the top and bottom line at IBM in general and the Power Systems division in particular to help that Linux cause along.
  • Drilling Down Into IBM’s System Group
    The most obvious thing is that IBM’s revenues and profits continue to shrink, but the downside is getting smaller and smaller, and we think that IBM’s core systems business will start to level out this year and maybe even grow by the third or fourth quarter, depending on when Power9-based Power Systems and z14-based System z mainframes hit the market. In the final period of 2016, IBM’s overall revenues were $21.77 billion, down 1.1 percent from a year ago, and net income rose by nearly a point to $4.5 billion. This is sure a lot better than a year ago, when IBM’s revenues fell by 8.4 percent to $22 billion and its net income fell by 18.6 percent to $4.46 billion. For the full 2016 year, IBM’s revenues were off 2.1 percent to $79.85 billion, but its “real” systems business, which includes servers, storage, switching, systems software, databases, transaction monitors, and tech support and financing for its own iron, fell by 8.3 percent to $26.1 billion. (That’s our estimate; IBM does not break out sales this way, but we have some pretty good guesses on how it all breaks down.)

Security News

  • DB Ransom Attacks Spread to CouchDB and Hadoop [Ed: Get sysadmins who know what they are doing, as misconfigurations are expensive]
  • Security advisories for Monday
  • Return on Risk Investment
  • Widely used WebEx plugin for Chrome will execute attack code—patch now!
    The Chrome browser extension for Cisco Systems WebEx communications and collaboration service was just updated to fix a vulnerability that leaves all 20 million users susceptible to drive-by attacks that can be carried out by just about any website they visit.
  • DDoS attacks larger, more frequent and complex says Arbor
    Distributed denial-of-service (DDoS) attacks are becoming more frequent and complex, forcing businesses to deploy purpose-built DDoS protection solutions, according to a new infrastructure security report which warns that the threat landscape has been transformed by the emergence of Internet of Things (IoT) botnets. The annual worldwide infrastructure security report from Arbor Networks - the security division of NETSCOUT - reveals that the largest distributed denial-of-service (DDoS) attack reported in 2016 was 800 Gbps, a 60% increase over 2015’s largest attack of 500 Gbps.