Language Selection

English French German Italian Portuguese Spanish

M$ Initially Released Corrupted IE Patch

Filed under
Microsoft

The patch for Internet Explorer that Microsoft on Tuesday urged users to install as soon as possible was initially flawed, the company said Wednesday.

Several of the Internet Explorer updates initially provided via the Download Center were corrupted, Microsoft officials said, and couldn't be installed.

"The updates were corrupted, breaking the digital signatures," a member of the IE development team wrote on the browser's official blog on Tuesday. "We've identified the problem [and] removed the affected updates from the Download Center."

The broken signatures caused failures of both Systems Management Server (SMS) -- the enterprise management tool used to distribute new software and updates -- and individual Internet Explorer installations.

"If customers got the update from the Download Center in the first few hours after the 10 a.m. [PDT] release, then the update that was downloaded would not install," confirmed a Microsoft spokesperson Wednesday. "Microsoft immediately pulled the ability to get the updates from the Download Center, investigated the cause of the problem, and re-published the updates."

Only the update files posted on the Download Center -- which is where links in the individual security bulletins take users -- were affected, Microsoft said. "Automatic Update, Windows Update, Microsoft Update, and Windows Server Update Services (WSUS) were not affected," the company said in an explanation added to the MS05-038 bulletin Wednesday.

The glitch is an embarrassment for Microsoft. "I've never seen an update corrupted like this," said Mike Murray, the director of research at vulnerability management vendor nCircle. "We've had updates that were broken somehow or didn't work like they should, but not this."

Some users commenting on Microsoft's blog site took the company to task for the screw-up. Dominic White, a South African studying computer science at Rhodes University who has published papers on automated update technologies in general, and Microsoft's in particular, was one.

"What bothers me is the way this was described," wrote White. "'This only impacts users downloading via Download Center' [Microsoft said], but this is exactly what it would look like if someone had compromised the patches. Nobody seemed to think about the possibility of hacked patches and Microsoft didn’t have to say they weren’t hacked, just a bug.

Full Story.

More in Tux Machines

Arch Linux 2015.03.01 Is Now Available for Download

A brand-new ISO image of the lightweight, highly customizable and powerful Arch Linux computer operating system has been released today, March 1, 2015, for those who want to deploy the acclaimed distribution on new computers. Read more

Cuberox, App-Driven Linux-Based Cube, Has Six Touch Screens

Vancouver-based startup Cuberox launched a new Kickstarter campaign on Tuesday to raise funds for a Linux-based cube of the same name. This gadget sports a touch-enabled screen on each side and is capable of running six apps simultaneously. The campaign is shooting to acquire $150,000 in funding before the March 29, 2015 deadline. Read more

Rancher Labs builds Linux system for Docker

As Docker continues to gain popularity, more and more minimalist operating systems are emerging to run the platform in production and at scale. Rancher Labs recently announced a new open-source operating system designed explicitly for Docker. While Docker is able run on almost any Linux distribution, RancherOS was conceptualized out of the company’s own needs, according to Sheng Liang, founder and CEO of Rancher Labs. Read more

The state of Linux gaming in the SteamOS era

For decades after Linux's early '90s debut, even the hardest of hardcore boosters for the open source operating system had to admit that it couldn't really compete in one important area of software: gaming. "Back in around 2010 you only had two choices for gaming on Linux," Che Dean, editor of Linux gaming news site Rootgamer recalls. "Play the few open source titles, Super Tux Kart and so on, or use WINE to play your Windows titles." Read more