ANN: KB918899 (MS06-042) Known Issues section updated again today (22 Aug-06)

X-post to IE General, IE6 Browser & Windows Update newsgroups.
Followup-To set for Windows Update newsgroup.

MS06-042: Cumulative security update for Internet Explorer
http://support.microsoft.com/?kbid=918899

<QP>
[Known Issues]

On August 15, 2006, Microsoft announced that it will release a new version
of security update 918899 (MS06-042) on August 22, 2006. This new version
was to address this problem for customers who use Internet Explorer 6
Service Pack 1. Because of an issue that was discovered in final testing,
Microsoft will not release the new version of security update 918899 on
August 22, 2006. Microsoft will release this update for Internet Explorer 6
Service Pack 1 when it meets an appropriate level of quality for broad
distribution.

Microsoft is also aware of public reports that this issue could lead to a
buffer overrun condition for customers who use Internet Explorer 6 Service
Pack 1 and who have applied security update 918899. We are not aware of
attacks that try to use the reported vulnerability at this point, nor are we
aware of customer impact at this point. Microsoft is aggressively
investigating the public reports.
</QP>

cf. http://www.securityfocus.com/news/11408
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org

From: "PA Bear" <>

| X-post to IE General, IE6 Browser & Windows Update newsgroups.
| Followup-To set for Windows Update newsgroup.
|
| MS06-042: Cumulative security update for Internet Explorer
| http://support.microsoft.com/?kbid=918899
|

< snip >

Thanx Robear !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

TYVM.

--
Vincenzo Di Russo
Microsoft® MVP - Most Valuable Professional
Windows - Internet Explorer since 2003
My home: http://mvp.support.microsoft.com/
My Blog: http://blogs.dotnethell.it/vincent/

PA Bear wrote:
> X-post to IE General, IE6 Browser & Windows Update newsgroups.
> Followup-To set for Windows Update newsgroup.
>
> MS06-042: Cumulative security update for Internet Explorer
> http://support.microsoft.com/?kbid=918899
>
> <QP>
> [Known Issues]
>
> On August 15, 2006, Microsoft announced that it will release a new version
> of security update 918899 (MS06-042) on August 22, 2006. This new version
> was to address this problem for customers who use Internet Explorer 6
> Service Pack 1. Because of an issue that was discovered in final testing,
> Microsoft will not release the new version of security update 918899 on
> August 22, 2006. Microsoft will release this update for Internet Explorer
> 6 Service Pack 1 when it meets an appropriate level of quality for broad
> distribution.
>
> Microsoft is also aware of public reports that this issue could lead to a
> buffer overrun condition for customers who use Internet Explorer 6 Service
> Pack 1 and who have applied security update 918899. We are not aware of
> attacks that try to use the reported vulnerability at this point, nor are
> we aware of customer impact at this point. Microsoft is aggressively
> investigating the public reports.
> </QP>
>
> cf. http://www.securityfocus.com/news/11408

X-post to IE General, IE6 Browser & Windows Update newsgroups.
Followup-To set for Windows Update newsgroup.

Another day, another revision of Known Issues section, and at least one new
hotfix for WinXP SP2 and Win2K03 SP1:

When you visit a Web page that uses a custom pop-up object, Internet
Explorer 6 closes unexpectedly
(IE errors involving Mshtml.dll)
http://support.microsoft.com/kb/923996/
--
~PA Bear


PA Bear wrote:
> MS06-042: Cumulative security update for Internet Explorer
> http://support.microsoft.com/?kbid=918899
>
> <QP>
> [Known Issues]
>
> On August 15, 2006, Microsoft announced that it will release a new version
> of security update 918899 (MS06-042) on August 22, 2006. This new version
> was to address this problem for customers who use Internet Explorer 6
> Service Pack 1. Because of an issue that was discovered in final testing,
> Microsoft will not release the new version of security update 918899 on
> August 22, 2006. Microsoft will release this update for Internet Explorer
> 6 Service Pack 1 when it meets an appropriate level of quality for broad
> distribution.
>
> Microsoft is also aware of public reports that this issue could lead to a
> buffer overrun condition for customers who use Internet Explorer 6 Service
> Pack 1 and who have applied security update 918899. We are not aware of
> attacks that try to use the reported vulnerability at this point, nor are
> we aware of customer impact at this point. Microsoft is aggressively
> investigating the public reports.
> </QP>
>
> cf. http://www.securityfocus.com/news/11408

Hi,

Does the "hotfix" that MS Customer Service issues have the same problems?

They sent it to me but I have not yet installed it - I was somewhat
suspicious when the rep gave the disclaimer that it had not been regression
tested and that I should backup all the data on my hard drive before
installing it!

I have been using the "workaround" (uncheck HTTP 1.1 support in IE) and it
seems to be working fine but I don't know what I may be missing.

TIA

"PA Bear" wrote:

> X-post to IE General, IE6 Browser & Windows Update newsgroups.
> Followup-To set for Windows Update newsgroup.
>
> MS06-042: Cumulative security update for Internet Explorer
> http://support.microsoft.com/?kbid=918899
>
> <QP>
> [Known Issues]
>
> On August 15, 2006, Microsoft announced that it will release a new version
> of security update 918899 (MS06-042) on August 22, 2006. This new version
> was to address this problem for customers who use Internet Explorer 6
> Service Pack 1. Because of an issue that was discovered in final testing,
> Microsoft will not release the new version of security update 918899 on
> August 22, 2006. Microsoft will release this update for Internet Explorer 6
> Service Pack 1 when it meets an appropriate level of quality for broad
> distribution.
>
> Microsoft is also aware of public reports that this issue could lead to a
> buffer overrun condition for customers who use Internet Explorer 6 Service
> Pack 1 and who have applied security update 918899. We are not aware of
> attacks that try to use the reported vulnerability at this point, nor are we
> aware of customer impact at this point. Microsoft is aggressively
> investigating the public reports.
> </QP>
>
> cf. http://www.securityfocus.com/news/11408
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org
>
>

Hi,
One of my comany's applications is having an issue with the
problem reported below:

> When you visit a Web page that uses a custom pop-up object, Internet
> Explorer 6 closes unexpectedly

Here is an example of what happens: <a
href="http://www.comcept.net/crash.htm">
http://www.comcept.net/crash.htm </a>. It seems to affect any version
of windows and any version of IE6.
The navigation menu of our application depends on custom pop-ups
so it is a big problem for thousands of users. We cannot tell our
customers to go and get the hotfix from Microsoft either. Does anyone
have any information as to how long before we will see an official fix
for this problem? Does anyone have a workaround for this particular
problem?

No, we do not have PeopleSoft installed, yes, we have tried turning off
HTTP/1.1.

Thanks!

-Mark


PA Bear wrote:
> X-post to IE General, IE6 Browser & Windows Update newsgroups.
> Followup-To set for Windows Update newsgroup.
>
> Another day, another revision of Known Issues section, and at least one new
> hotfix for WinXP SP2 and Win2K03 SP1:
>
> When you visit a Web page that uses a custom pop-up object, Internet
> Explorer 6 closes unexpectedly
> (IE errors involving Mshtml.dll)
> http://support.microsoft.com/kb/923996/
> --
> ~PA Bear
>
>
> PA Bear wrote:
> > MS06-042: Cumulative security update for Internet Explorer
> > http://support.microsoft.com/?kbid=918899
> >
> > <QP>
> > [Known Issues]
> >
> > On August 15, 2006, Microsoft announced that it will release a new version
> > of security update 918899 (MS06-042) on August 22, 2006. This new version
> > was to address this problem for customers who use Internet Explorer 6
> > Service Pack 1. Because of an issue that was discovered in final testing,
> > Microsoft will not release the new version of security update 918899 on
> > August 22, 2006. Microsoft will release this update for Internet Explorer
> > 6 Service Pack 1 when it meets an appropriate level of quality for broad
> > distribution.
> >
> > Microsoft is also aware of public reports that this issue could lead to a
> > buffer overrun condition for customers who use Internet Explorer 6 Service
> > Pack 1 and who have applied security update 918899. We are not aware of
> > attacks that try to use the reported vulnerability at this point, nor are
> > we aware of customer impact at this point. Microsoft is aggressively
> > investigating the public reports.
> > </QP>
> >
> > cf. http://www.securityfocus.com/news/11408

Had no problem ... popup worked perfectly.

<> wrote in message
news: oups.com...
> Hi,
> One of my comany's applications is having an issue with the
> problem reported below:
>
> > When you visit a Web page that uses a custom pop-up object, Internet
> > Explorer 6 closes unexpectedly
>
> Here is an example of what happens: <a
> href="http://www.comcept.net/crash.htm">
> http://www.comcept.net/crash.htm </a>. It seems to affect any version
> of windows and any version of IE6.
> The navigation menu of our application depends on custom pop-ups
> so it is a big problem for thousands of users. We cannot tell our
> customers to go and get the hotfix from Microsoft either. Does anyone
> have any information as to how long before we will see an official fix
> for this problem? Does anyone have a workaround for this particular
> problem?
>
> No, we do not have PeopleSoft installed, yes, we have tried turning off
> HTTP/1.1.
>
> Thanks!
>
> -Mark
>
>
> PA Bear wrote:
> > X-post to IE General, IE6 Browser & Windows Update newsgroups.
> > Followup-To set for Windows Update newsgroup.
> >
> > Another day, another revision of Known Issues section, and at least one
new
> > hotfix for WinXP SP2 and Win2K03 SP1:
> >
> > When you visit a Web page that uses a custom pop-up object, Internet
> > Explorer 6 closes unexpectedly
> > (IE errors involving Mshtml.dll)
> > http://support.microsoft.com/kb/923996/
> > --
> > ~PA Bear
> >
> >
> > PA Bear wrote:
> > > MS06-042: Cumulative security update for Internet Explorer
> > > http://support.microsoft.com/?kbid=918899
> > >
> > > <QP>
> > > [Known Issues]
> > >
> > > On August 15, 2006, Microsoft announced that it will release a new
version
> > > of security update 918899 (MS06-042) on August 22, 2006. This new
version
> > > was to address this problem for customers who use Internet Explorer 6
> > > Service Pack 1. Because of an issue that was discovered in final
testing,
> > > Microsoft will not release the new version of security update 918899
on
> > > August 22, 2006. Microsoft will release this update for Internet
Explorer
> > > 6 Service Pack 1 when it meets an appropriate level of quality for
broad
> > > distribution.
> > >
> > > Microsoft is also aware of public reports that this issue could lead
to a
> > > buffer overrun condition for customers who use Internet Explorer 6
Service
> > > Pack 1 and who have applied security update 918899. We are not aware
of
> > > attacks that try to use the reported vulnerability at this point, nor
are
> > > we aware of customer impact at this point. Microsoft is aggressively
> > > investigating the public reports.
> > > </QP>
> > >
> > > cf. http://www.securityfocus.com/news/11408
>

See http://support.microsoft.com/?kbid=923996

The hotfix (WinXP SP2) referenced is available here:
http://www.microsoft.com/downloads/d...8-d701d2e60c1d
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Security, Shell/User)


wrote:
> Hi,
> One of my comany's applications is having an issue with the
> problem reported below:
>
>> When you visit a Web page that uses a custom pop-up object, Internet
>> Explorer 6 closes unexpectedly
>
> Here is an example of what happens: <a
> href="http://www.comcept.net/crash.htm">
> http://www.comcept.net/crash.htm </a>. It seems to affect any version
> of windows and any version of IE6.
> The navigation menu of our application depends on custom pop-ups
> so it is a big problem for thousands of users. We cannot tell our
> customers to go and get the hotfix from Microsoft either. Does anyone
> have any information as to how long before we will see an official fix
> for this problem? Does anyone have a workaround for this particular
> problem?
>
> No, we do not have PeopleSoft installed, yes, we have tried turning off
> HTTP/1.1.
>
> Thanks!
>
> -Mark
>
>
> PA Bear wrote:
>> X-post to IE General, IE6 Browser & Windows Update newsgroups.
>> Followup-To set for Windows Update newsgroup.
>>
>> Another day, another revision of Known Issues section, and at least one
>> new
>> hotfix for WinXP SP2 and Win2K03 SP1:
>>
>> When you visit a Web page that uses a custom pop-up object, Internet
>> Explorer 6 closes unexpectedly
>> (IE errors involving Mshtml.dll)
>> http://support.microsoft.com/kb/923996/
>> --
>> ~PA Bear
>>
>>
>> PA Bear wrote:
>>> MS06-042: Cumulative security update for Internet Explorer
>>> http://support.microsoft.com/?kbid=918899
>>>
>>> <QP>
>>> [Known Issues]
>>>
>>> On August 15, 2006, Microsoft announced that it will release a new
>>> version
>>> of security update 918899 (MS06-042) on August 22, 2006. This new
>>> version
>>> was to address this problem for customers who use Internet Explorer 6
>>> Service Pack 1. Because of an issue that was discovered in final
>>> testing,
>>> Microsoft will not release the new version of security update 918899 on
>>> August 22, 2006. Microsoft will release this update for Internet
>>> Explorer
>>> 6 Service Pack 1 when it meets an appropriate level of quality for broad
>>> distribution.
>>>
>>> Microsoft is also aware of public reports that this issue could lead to
>>> a
>>> buffer overrun condition for customers who use Internet Explorer 6
>>> Service
>>> Pack 1 and who have applied security update 918899. We are not aware of
>>> attacks that try to use the reported vulnerability at this point, nor
>>> are
>>> we aware of customer impact at this point. Microsoft is aggressively
>>> investigating the public reports.
>>> </QP>
>>>
>>> cf. http://www.securityfocus.com/news/11408

<> wrote in message
news: oups.com...
> Hi,
> One of my comany's applications is having an issue with the
> problem reported below:
>
>> When you visit a Web page that uses a custom pop-up object, Internet
>> Explorer 6 closes unexpectedly
>
> Here is an example of what happens: <a
> href="http://www.comcept.net/crash.htm">
> http://www.comcept.net/crash.htm </a>. It seems to affect any version
> of windows and any version of IE6.
> The navigation menu of our application depends on custom pop-ups
> so it is a big problem for thousands of users. We cannot tell our
> customers to go and get the hotfix from Microsoft either. Does anyone
> have any information as to how long before we will see an official fix
> for this problem? Does anyone have a workaround for this particular
> problem?


IE7rc1? (No repro with that instead of IE6.)


FWIW

Robert Aldwinckle
---


>
> No, we do not have PeopleSoft installed, yes, we have tried turning off
> HTTP/1.1.
>
> Thanks!
>
> -Mark
>
>
> PA Bear wrote:
>> X-post to IE General, IE6 Browser & Windows Update newsgroups.
>> Followup-To set for Windows Update newsgroup.
>>
>> Another day, another revision of Known Issues section, and at least one new
>> hotfix for WinXP SP2 and Win2K03 SP1:
>>
>> When you visit a Web page that uses a custom pop-up object, Internet
>> Explorer 6 closes unexpectedly
>> (IE errors involving Mshtml.dll)
>> http://support.microsoft.com/kb/923996/
>> --
>> ~PA Bear
>>
>>
>> PA Bear wrote:
>> > MS06-042: Cumulative security update for Internet Explorer
>> > http://support.microsoft.com/?kbid=918899
>> >
>> > <QP>
>> > [Known Issues]
>> >
>> > On August 15, 2006, Microsoft announced that it will release a new version
>> > of security update 918899 (MS06-042) on August 22, 2006. This new version
>> > was to address this problem for customers who use Internet Explorer 6
>> > Service Pack 1. Because of an issue that was discovered in final testing,
>> > Microsoft will not release the new version of security update 918899 on
>> > August 22, 2006. Microsoft will release this update for Internet Explorer
>> > 6 Service Pack 1 when it meets an appropriate level of quality for broad
>> > distribution.
>> >
>> > Microsoft is also aware of public reports that this issue could lead to a
>> > buffer overrun condition for customers who use Internet Explorer 6 Service
>> > Pack 1 and who have applied security update 918899. We are not aware of
>> > attacks that try to use the reported vulnerability at this point, nor are
>> > we aware of customer impact at this point. Microsoft is aggressively
>> > investigating the public reports.
>> > </QP>
>> >
>> > cf. http://www.securityfocus.com/news/11408
>