Microsoft has released an updated version of a faulty Internet Explorer patch to fix a serious security flaw introduced by the original version.
The flaw was discovered after users of IE 6 with Service Pack 1 reported that the browser crashed when certain Web pages were viewed. That crash turned out to be the result of a buffer overrun vulnerability introduced by the security update, Microsoft said earlier this week. The flaw could be exploited by cyberattackers, it said.
"The revised version (of the update)...fully resolves the security vulnerability," a Microsoft representative said in a statement sent via e-mail on Thursday in the US.
The company originally set Tuesday for the release of a new version of the MS06-042 update that would fix the browser crash problem. However, it postponed delivery because of distribution problems. At the same time, eEye Digital Security disclosed that the crash was actually an exploitable security flaw, sending Microsoft scrambling to push the fixed patch out as soon as possible.
Microsoft sent out the initial MS06-042 security bulletin on August 8, as part of its monthly patch cycle. The update, deemed "critical" by Microsoft, addresses eight flaws in the widely used browser. It is one of a dozen security updates in this month's Patch Tuesday batch.
The patch trouble and the security issue only have an impact on users of IE 6.0 with SP1, which may run on Windows XP or Windows 2000. They do not affect other versions of IE, such as that in Windows XP with SP2 or in Windows Server 2003, Microsoft said. The company is urging affected users to download and install the new patch.
