Language Selection

English French German Italian Portuguese Spanish

M$ Initially Released Corrupted IE Patch

Filed under
Microsoft

The patch for Internet Explorer that Microsoft on Tuesday urged users to install as soon as possible was initially flawed, the company said Wednesday.

Several of the Internet Explorer updates initially provided via the Download Center were corrupted, Microsoft officials said, and couldn't be installed.

"The updates were corrupted, breaking the digital signatures," a member of the IE development team wrote on the browser's official blog on Tuesday. "We've identified the problem [and] removed the affected updates from the Download Center."

The broken signatures caused failures of both Systems Management Server (SMS) -- the enterprise management tool used to distribute new software and updates -- and individual Internet Explorer installations.

"If customers got the update from the Download Center in the first few hours after the 10 a.m. [PDT] release, then the update that was downloaded would not install," confirmed a Microsoft spokesperson Wednesday. "Microsoft immediately pulled the ability to get the updates from the Download Center, investigated the cause of the problem, and re-published the updates."

Only the update files posted on the Download Center -- which is where links in the individual security bulletins take users -- were affected, Microsoft said. "Automatic Update, Windows Update, Microsoft Update, and Windows Server Update Services (WSUS) were not affected," the company said in an explanation added to the MS05-038 bulletin Wednesday.

The glitch is an embarrassment for Microsoft. "I've never seen an update corrupted like this," said Mike Murray, the director of research at vulnerability management vendor nCircle. "We've had updates that were broken somehow or didn't work like they should, but not this."

Some users commenting on Microsoft's blog site took the company to task for the screw-up. Dominic White, a South African studying computer science at Rhodes University who has published papers on automated update technologies in general, and Microsoft's in particular, was one.

"What bothers me is the way this was described," wrote White. "'This only impacts users downloading via Download Center' [Microsoft said], but this is exactly what it would look like if someone had compromised the patches. Nobody seemed to think about the possibility of hacked patches and Microsoft didn’t have to say they weren’t hacked, just a bug.

Full Story.

More in Tux Machines

Tiny quad-core ARM mini-PC runs Ubuntu with Cinnamon

A startup is pitching a $129-$199 “Imp” mini-PC on Indiegogo based on a quad-core Odroid-U3 SBC, with HDMI streaming and an Ubuntu/Cinnamon Linux desktop. A day after reporting on one Israeli-based, non-Android ARM mini-PC — SolidRun’s $100 CuBoxTV with OpenElec Linux — here comes another. Aside from the usual hyperbole found on crowdfunding pages — are we really “democratizing the digital home experience” or just buying an embedded ARM computer? — the Ubuntu-based Imp mini-PC looks like a pretty good deal. Read more

Ready to give Linux a try? These are the 5 distros you need to consider

There are so many Linux distributions that choosing one can be overwhelming for a new user. One might be too intimidating for a user to even try, while another might be too simplified, blocking that user from knowing how Linux systems actually function. I have been using Linux as my primary OS since 2005 and have tried all major (and quite a lot of minor) distributions. I have learned that not every distribution is for everyone. Since I also assist people in migrating to Linux, I have chosen the 5 distros that I recommend to new users based on their level of comfort and desire to learn (or not learn) more about Linux. Read more

Review of the new Firefox browser built for developers

Mozilla recently announced a new browser version for developers on the 10th anniversary of the Firefox browser. The Usersnap team and I took a look at whether it works well for the web development process, offers developers a variety of possible applications, and if it keeps up with the Google Chrome dev tools. Read more

Mapping the world with open source

In the world of geospatial technology, closed source solutions have been the norm for decades. But the tides are slowly turning as open source GIS software is gaining increasing prominence. Paul Ramsey, senior strategist at the open source company Boundless, is one of the people trying to change that. Ramsey has been working with geospatial software for over ten years, as programmer and consultant. He founded the PostGIS spatial database project in 2001, and is currently an active developer and member of the project steering committee. Ramsey serves as an evangelist for OpenGeo Suite, works with the Boundless business development team to share about their collection of offerigns, and speaks and teaches regularly at conferences around the world. Read more