Language Selection

English French German Italian Portuguese Spanish

M$ Initially Released Corrupted IE Patch

Filed under
Microsoft

The patch for Internet Explorer that Microsoft on Tuesday urged users to install as soon as possible was initially flawed, the company said Wednesday.

Several of the Internet Explorer updates initially provided via the Download Center were corrupted, Microsoft officials said, and couldn't be installed.

"The updates were corrupted, breaking the digital signatures," a member of the IE development team wrote on the browser's official blog on Tuesday. "We've identified the problem [and] removed the affected updates from the Download Center."

The broken signatures caused failures of both Systems Management Server (SMS) -- the enterprise management tool used to distribute new software and updates -- and individual Internet Explorer installations.

"If customers got the update from the Download Center in the first few hours after the 10 a.m. [PDT] release, then the update that was downloaded would not install," confirmed a Microsoft spokesperson Wednesday. "Microsoft immediately pulled the ability to get the updates from the Download Center, investigated the cause of the problem, and re-published the updates."

Only the update files posted on the Download Center -- which is where links in the individual security bulletins take users -- were affected, Microsoft said. "Automatic Update, Windows Update, Microsoft Update, and Windows Server Update Services (WSUS) were not affected," the company said in an explanation added to the MS05-038 bulletin Wednesday.

The glitch is an embarrassment for Microsoft. "I've never seen an update corrupted like this," said Mike Murray, the director of research at vulnerability management vendor nCircle. "We've had updates that were broken somehow or didn't work like they should, but not this."

Some users commenting on Microsoft's blog site took the company to task for the screw-up. Dominic White, a South African studying computer science at Rhodes University who has published papers on automated update technologies in general, and Microsoft's in particular, was one.

"What bothers me is the way this was described," wrote White. "'This only impacts users downloading via Download Center' [Microsoft said], but this is exactly what it would look like if someone had compromised the patches. Nobody seemed to think about the possibility of hacked patches and Microsoft didn’t have to say they weren’t hacked, just a bug.

Full Story.

More in Tux Machines

Intel Graphics On Ubuntu: GNOME vs. KDE vs. Xfce vs. Unity vs. LXDE

For those wondering how the Intel (U)HD Graphics compare for games and other graphical benchmarks between desktop environments in 2018, here are some fresh benchmarks using GNOME Shell on X.Org/Wayland, KDE Plasma 5, Xfce, Unity 7, and LXDE. Read more

Linux Kernel 4.15 Delayed Until Next Week as Linus Torvalds Announces Ninth RC

It's not every day that you see a ninth Release Candidate in the development cycle of a new Linux kernel branch, but here we go, and we can only blame it on those pesky Meltdown and Spectre security vulnerabilities that affect us all, putting billions of devices at risk of attacks. That, and the fact that things haven't calmed down since last week's eight Release Candidate, which was supposed to be the last for the upcoming series. According to Linus Torvalds, there are still has some networking fixes pending, and there's also a very subtle boot bug that was discovered the other day. Read more Also: Linux 4.15 Goes Further Into Overtime: Linux 4.15-rc9

Review: Ubuntu MATE 17.10

Ubuntu MATE 17.10 is a solid release with a few minor caveats about the Mutiny layout. The Traditional MATE layout is very nice, but Mutiny still needs some work. For users who want the classic GNOME 2 look-and-feel, Ubuntu MATE is an excellent choice. However, Unity users looking for a Unity-like experience should still give Ubuntu MATE with the Mutiny layout a try, but need to be aware that it does have some issues and it won't work exactly like Unity. The Contemporary layout is also an option for Unity users, but is even further removed from the Unity experience than Mutiny is. Read more

Today in Techrights