ANN: KB918899 (MS06-042) Known Issues section updated today (15 Aug-06)

X-post to IE General, IE6 Browser & Windows Update newsgroups.
Followup-To set for Windows Update newsgroup.

<QP>
A new version of security update 918899 is currently in development and will
be released to all Microsoft Internet Explorer 6 Service Pack 1 customers by
August 22, 2006. The new update will be available on the Microsoft Download
Center and by using Windows Update. Customers who are using any version of
Internet Explorer other than Internet Explorer 6 Service Pack 1 together
with any Windows version are not affected by this release and do not have to
take any action. We recommend that customers who are not experiencing this
issue continue to deploy security update 918899 in their environments to
receive protection from the vulnerabilities that are documented in security
bulletin MS06-042. Customers who experience this issue should apply the new
security update when it is available. Customers who want to avoid the issue
before the new security update is available may apply hotfix 923762.
</QP>
Source: MS06-042: Cumulative security update for Internet Explorer
http://support.microsoft.com/?kbid=918899
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org

I hope MS knows there's more than one problem with 918899.
I followed the workaround (disabled HTTP1.1) and *still* got
IE crashes, although not as many. It wasn't until I reverted both
URLMON.DLL *and* WININET.DLL to pre-918899 levels
that these crashes went away entirely.

"PA Bear" <> wrote in message news:...
> X-post to IE General, IE6 Browser & Windows Update newsgroups.
> Followup-To set for Windows Update newsgroup.
>
> <QP>
> A new version of security update 918899 is currently in development and will
> be released to all Microsoft Internet Explorer 6 Service Pack 1 customers by
> August 22, 2006. The new update will be available on the Microsoft Download
> Center and by using Windows Update. Customers who are using any version of
> Internet Explorer other than Internet Explorer 6 Service Pack 1 together
> with any Windows version are not affected by this release and do not have to
> take any action. We recommend that customers who are not experiencing this
> issue continue to deploy security update 918899 in their environments to
> receive protection from the vulnerabilities that are documented in security
> bulletin MS06-042. Customers who experience this issue should apply the new
> security update when it is available. Customers who want to avoid the issue
> before the new security update is available may apply hotfix 923762.
> </QP>
> Source: MS06-042: Cumulative security update for Internet Explorer
> http://support.microsoft.com/?kbid=918899
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org
>

Hey Glen-
How do i revert URLMON.DLL and WINNET.DLL to pre-918899 levels? i cant find
any how to's online.

Hi,

Having the same problems - how do y9uo revert these .Dll's ? rename old
files and replace with files from the .dll website?

Martin Lee

"Glen" wrote:

> I hope MS knows there's more than one problem with 918899.
> I followed the workaround (disabled HTTP1.1) and *still* got
> IE crashes, although not as many. It wasn't until I reverted both
> URLMON.DLL *and* WININET.DLL to pre-918899 levels
> that these crashes went away entirely.
>
> "PA Bear" <> wrote in message news:...
> > X-post to IE General, IE6 Browser & Windows Update newsgroups.
> > Followup-To set for Windows Update newsgroup.
> >
> > <QP>
> > A new version of security update 918899 is currently in development and will
> > be released to all Microsoft Internet Explorer 6 Service Pack 1 customers by
> > August 22, 2006. The new update will be available on the Microsoft Download
> > Center and by using Windows Update. Customers who are using any version of
> > Internet Explorer other than Internet Explorer 6 Service Pack 1 together
> > with any Windows version are not affected by this release and do not have to
> > take any action. We recommend that customers who are not experiencing this
> > issue continue to deploy security update 918899 in their environments to
> > receive protection from the vulnerabilities that are documented in security
> > bulletin MS06-042. Customers who experience this issue should apply the new
> > security update when it is available. Customers who want to avoid the issue
> > before the new security update is available may apply hotfix 923762.
> > </QP>
> > Source: MS06-042: Cumulative security update for Internet Explorer
> > http://support.microsoft.com/?kbid=918899
> > --
> > ~Robear Dyer (PA Bear)
> > MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org
> >
>
>
>

How about if MS just fixes and redeploys the patch like they said they were
going to a week ago! My people are freaking out..."When is this going to be
resolved....when?...what time?...why?" Whiskey Tango Foxtrot! Is there any
update on that?

"Martin_alee" wrote:

> Hi,
>
> Having the same problems - how do y9uo revert these .Dll's ? rename old
> files and replace with files from the .dll website?
>
> Martin Lee
>
> "Glen" wrote:
>
> > I hope MS knows there's more than one problem with 918899.
> > I followed the workaround (disabled HTTP1.1) and *still* got
> > IE crashes, although not as many. It wasn't until I reverted both
> > URLMON.DLL *and* WININET.DLL to pre-918899 levels
> > that these crashes went away entirely.
> >
> > "PA Bear" <> wrote in message news:...
> > > X-post to IE General, IE6 Browser & Windows Update newsgroups.
> > > Followup-To set for Windows Update newsgroup.
> > >
> > > <QP>
> > > A new version of security update 918899 is currently in development and will
> > > be released to all Microsoft Internet Explorer 6 Service Pack 1 customers by
> > > August 22, 2006. The new update will be available on the Microsoft Download
> > > Center and by using Windows Update. Customers who are using any version of
> > > Internet Explorer other than Internet Explorer 6 Service Pack 1 together
> > > with any Windows version are not affected by this release and do not have to
> > > take any action. We recommend that customers who are not experiencing this
> > > issue continue to deploy security update 918899 in their environments to
> > > receive protection from the vulnerabilities that are documented in security
> > > bulletin MS06-042. Customers who experience this issue should apply the new
> > > security update when it is available. Customers who want to avoid the issue
> > > before the new security update is available may apply hotfix 923762.
> > > </QP>
> > > Source: MS06-042: Cumulative security update for Internet Explorer
> > > http://support.microsoft.com/?kbid=918899
> > > --
> > > ~Robear Dyer (PA Bear)
> > > MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org
> > >
> >
> >
> >

http://support.microsoft.com/?kbid=918899 was updated again today (22
Aug-06):

<QP>
Known Issues

On August 15, 2006, Microsoft announced that it will release a new version
of security update 918899 (MS06-042) on August 22, 2006. This new version
was to address this problem for customers who use Internet Explorer 6
Service Pack 1. Because of an issue that was discovered in final testing,
Microsoft will not release the new version of security update 918899 on
August 22, 2006. Microsoft will release this update for Internet Explorer 6
Service Pack 1 when it meets an appropriate level of quality for broad
distribution.

Microsoft is also aware of public reports that this issue could lead to a
buffer overrun condition for customers who use Internet Explorer 6 Service
Pack 1 and who have applied security update 918899. We are not aware of
attacks that try to use the reported vulnerability at this point, nor are we
aware of customer impact at this point. Microsoft is aggressively
investigating the public reports.
</QP>

cf. http://www.securityfocus.com/news/11408
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org

<snip>
> > > "PA Bear" <> wrote in message
> > > news:...
> > > > X-post to IE General, IE6 Browser & Windows Update newsgroups.
> > > > Followup-To set for Windows Update newsgroup.
> > > >
> > > > <QP>
> > > > A new version of security update 918899 is currently in development
> > > > and will be released to all Microsoft Internet Explorer 6 Service
> > > > Pack 1 customers by August 22, 2006. The new update will be
> > > > available on the Microsoft Download Center and by using Windows
> > > > Update. Customers who are using any version of Internet Explorer
> > > > other than Internet Explorer 6 Service Pack 1 together with any
> > > > Windows version are not affected by this release and do not have to
> > > > take any action. We recommend that customers who are not
> > > > experiencing this issue continue to deploy security update 918899
> > > > in their environments to receive protection from the
> > > > vulnerabilities that are documented in security bulletin MS06-042.
> > > > Customers who experience this issue should apply the new security
> > > > update when it is available. Customers who want to avoid the issue
> > > > before the new security update is available may apply hotfix
> > > > 923762. </QP>
> > > > Source: MS06-042: Cumulative security update for Internet Explorer
> > > > http://support.microsoft.com/?kbid=918899

I've been checking Windows Update and Microsoft Security Bulletin
MS06-042
Cumulative Security Update for Internet Explorer (918899) since
yesterday to see if a new version of 918899 was released. Instead, it
seems as if Microsoft has decided not to release the new version at
this time due to continuing problems. Am I interpretting things
correctly?

Vickie


Microsoft Security Bulletin MS06-042
Cumulative Security Update for Internet Explorer (918899)



PA Bear wrote:
> http://support.microsoft.com/?kbid=918899 was updated again today (22
> Aug-06):
>
> <QP>
> Known Issues
>
> On August 15, 2006, Microsoft announced that it will release a new version
> of security update 918899 (MS06-042) on August 22, 2006. This new version
> was to address this problem for customers who use Internet Explorer 6
> Service Pack 1. Because of an issue that was discovered in final testing,
> Microsoft will not release the new version of security update 918899 on
> August 22, 2006. Microsoft will release this update for Internet Explorer 6
> Service Pack 1 when it meets an appropriate level of quality for broad
> distribution.
>
> Microsoft is also aware of public reports that this issue could lead to a
> buffer overrun condition for customers who use Internet Explorer 6 Service
> Pack 1 and who have applied security update 918899. We are not aware of
> attacks that try to use the reported vulnerability at this point, nor are we
> aware of customer impact at this point. Microsoft is aggressively
> investigating the public reports.
> </QP>
>
> cf. http://www.securityfocus.com/news/11408
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org
>
> <snip>
> > > > "PA Bear" <> wrote in message
> > > > news:...
> > > > > X-post to IE General, IE6 Browser & Windows Update newsgroups.
> > > > > Followup-To set for Windows Update newsgroup.
> > > > >
> > > > > <QP>
> > > > > A new version of security update 918899 is currently in development
> > > > > and will be released to all Microsoft Internet Explorer 6 Service
> > > > > Pack 1 customers by August 22, 2006. The new update will be
> > > > > available on the Microsoft Download Center and by using Windows
> > > > > Update. Customers who are using any version of Internet Explorer
> > > > > other than Internet Explorer 6 Service Pack 1 together with any
> > > > > Windows version are not affected by this release and do not have to
> > > > > take any action. We recommend that customers who are not
> > > > > experiencing this issue continue to deploy security update 918899
> > > > > in their environments to receive protection from the
> > > > > vulnerabilities that are documented in security bulletin MS06-042.
> > > > > Customers who experience this issue should apply the new security
> > > > > update when it is available. Customers who want to avoid the issue
> > > > > before the new security update is available may apply hotfix
> > > > > 923762. </QP>
> > > > > Source: MS06-042: Cumulative security update for Internet Explorer
> > > > > http://support.microsoft.com/?kbid=918899

Vickie wrote:

> I've been checking Windows Update and Microsoft Security Bulletin
> MS06-042
> Cumulative Security Update for Internet Explorer (918899) since
> yesterday to see if a new version of 918899 was released. Instead, it
> seems as if Microsoft has decided not to release the new version at
> this time due to continuing problems. Am I interpretting things
> correctly?
>
> Vickie

Yes.

--
Vincenzo Di Russo
Microsoft® MVP - Most Valuable Professional
Windows - Internet Explorer since 2003
My Blog: http://blogs.dotnethell.it/vincent/
My Home: http://mvp.support.microsoft.com/

> Microsoft Security Bulletin MS06-042
> Cumulative Security Update for Internet Explorer (918899)
>
>
>
> PA Bear wrote:
>> http://support.microsoft.com/?kbid=918899 was updated again today (22
>> Aug-06):
>>
>> <QP>
>> Known Issues
>>
>> On August 15, 2006, Microsoft announced that it will release a new
>> version of security update 918899 (MS06-042) on August 22, 2006. This
>> new version was to address this problem for customers who use Internet
>> Explorer 6 Service Pack 1. Because of an issue that was discovered in
>> final testing, Microsoft will not release the new version of security
>> update 918899 on August 22, 2006. Microsoft will release this update for
>> Internet Explorer 6 Service Pack 1 when it meets an appropriate level of
>> quality for broad distribution.
>>
>> Microsoft is also aware of public reports that this issue could lead to a
>> buffer overrun condition for customers who use Internet Explorer 6
>> Service Pack 1 and who have applied security update 918899. We are not
>> aware of attacks that try to use the reported vulnerability at this
>> point, nor are we aware of customer impact at this point. Microsoft is
>> aggressively investigating the public reports.
>> </QP>
>>
>> cf. http://www.securityfocus.com/news/11408
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org
>>
>> <snip>
>>>>> "PA Bear" <> wrote in message
>>>>> news:...
>>>>>> X-post to IE General, IE6 Browser & Windows Update newsgroups.
>>>>>> Followup-To set for Windows Update newsgroup.
>>>>>>
>>>>>> <QP>
>>>>>> A new version of security update 918899 is currently in development
>>>>>> and will be released to all Microsoft Internet Explorer 6 Service
>>>>>> Pack 1 customers by August 22, 2006. The new update will be
>>>>>> available on the Microsoft Download Center and by using Windows
>>>>>> Update. Customers who are using any version of Internet Explorer
>>>>>> other than Internet Explorer 6 Service Pack 1 together with any
>>>>>> Windows version are not affected by this release and do not have to
>>>>>> take any action. We recommend that customers who are not
>>>>>> experiencing this issue continue to deploy security update 918899
>>>>>> in their environments to receive protection from the
>>>>>> vulnerabilities that are documented in security bulletin MS06-042.
>>>>>> Customers who experience this issue should apply the new security
>>>>>> update when it is available. Customers who want to avoid the issue
>>>>>> before the new security update is available may apply hotfix
>>>>>> 923762. </QP>
>>>>>> Source: MS06-042: Cumulative security update for Internet Explorer
>>>>>> http://support.microsoft.com/?kbid=918899

Vincenzo Di Russo [MVP] wrote:
> Vickie wrote:
> > I've been checking Windows Update and Microsoft Security Bulletin
> > MS06-042
> > Cumulative Security Update for Internet Explorer (918899) since
> > yesterday to see if a new version of 918899 was released. Instead, it
> > seems as if Microsoft has decided not to release the new version at
> > this time due to continuing problems. Am I interpretting things
> > correctly?
>
> Yes.

And the Known Issues section of 918899 was updated again today (23 Aug-06).

When you visit a Web page that uses a custom pop-up object, Internet
Explorer 6 closes unexpectedly:
http://support.microsoft.com/kb/923996/

--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org

I wonder if, and maybe even hope, a problem I had last night could have been
caused by 918899 and will soon be "fixed."
When I clicked on the Internet Explorer icon I got a message saying that
opening my web page along with 19 other applications simultaneously could
take a long time. It was then that I noticed that all the icons were
selected. I tried clicking on open spaces but could not remove the
selection.
When I clicked on the taskbar, the selections were removed, but then I'd
click ANY icon--or open space--on the desktop and again all icons were
selected.
Ultimately I shut down Windows completely and then rebooted and the Desktop
was back to normal.
It would be reassuring to understand why this happened--and to know that it
won't happen again.

"PA Bear" <> wrote in message
news:...
> Vincenzo Di Russo [MVP] wrote:
>> Vickie wrote:
>> > I've been checking Windows Update and Microsoft Security Bulletin
>> > MS06-042
>> > Cumulative Security Update for Internet Explorer (918899) since
>> > yesterday to see if a new version of 918899 was released. Instead, it
>> > seems as if Microsoft has decided not to release the new version at
>> > this time due to continuing problems. Am I interpretting things
>> > correctly?
>>
>> Yes.
>
> And the Known Issues section of 918899 was updated again today (23
> Aug-06).
>
> When you visit a Web page that uses a custom pop-up object, Internet
> Explorer 6 closes unexpectedly:
> http://support.microsoft.com/kb/923996/
>
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org