August 15, 2006 5:32 PM PDT

Microsoft patch can cause IE trouble

Microsoft's security update from Aug. 8 to Internet Explorer is causing browser trouble for some systems.

After people apply the MS06-042 update, rated "critical" by Microsoft, IE may crash when certain Web sites are viewed, the company said in a notice on its customer support Web site. The problem affects IE 6 with Service Pack 1 on Windows XP and Windows 2000 systems, it said.

"Microsoft has identified an issue with the security update MS06-042," the company said in a statement Tuesday. It plans to re-release the bulletin and patch on Aug. 22 for all affected users.

The problem occurs when IE users view Web sites that use version 1.1 of HTTP alongside compression, according to Microsoft's notice. HTTP, or hypertext transfer protocol, is the standard protocol used to browse Web sites.

IE users on security mailing lists have reported browser crashes when using PeopleSoft applications that have Web-based interfaces. Others report running into problems when using other applications, including Microsoft's own customer relationship management, or CRM, tools.

"We are running PeopleSoft for administration systems, and our Windows 2000 SP4 and Windows XP SP1 running Internet Explorer 6.0 SP1 crash when they got into the PeopleSoft pages," Fred Dunn, a systems administrator at the University of Texas Health Science Center at San Antonio, said in an e-mail interview.

Dunn called Microsoft's product support service, which recommended disabling the use of HTTP 1.1 in IE's advanced settings menu. However, that's not a change that's easily done on all PCs in the university, Dunn said. "Our only workaround was to get the PeopleSoft programmers to turn off compression...which slows down the response," he said.

MS06-042 is an update for IE that addresses eight vulnerabilities in the popular browser. It is one of a dozen security updates that Microsoft released last week on Patch Tuesday.

Patches have caused trouble at times, on occasion prompting Microsoft to fix already released updates. In April, it released a second version of a Windows Explorer update because the original interfered with Hewlett-Packard software and Nvidia drivers. In June, it had to fix a patch that caused network connection trouble for some people.

Microsoft has a temporary fix available for the problems caused by MS06-042. However, this fix is not available for download; people have to call Microsoft's support line.

See more CNET content tagged:
PeopleSoft Inc., security update, HTTP, CRM, Microsoft Internet Explorer

46 comments

Join the conversation!
Add your comment
Let the...
bashing begin! Just another example of a failing company with
failing software showing their incompetency. Wake up world, and
dump M$...there are much better alternatives.
Posted by robot999 (109 comments )
Reply Link Flag
Alternatives
How about keeping your computer up to date? That's an alternative. There are alternatives. Much better? Maybe they would be if the Linux community would get off its high horse, stop sticking it's nose out at those who aren't computer geeks, and actually try to promote their alternatives. Instead they say things like RTFM (read the f*** manual) which, by the way, don't really exist because everything is open source and consists of very little and very technical documentation. Then they cry foul every time Microsoft tries to move forward and blast them when they have errors. But you don't here much when a product like Firefox wipes out one's bookmarks after an update (which seem to have been increasing lately) or when a new development tool like Ruby on Rails has a MAJOR security hole. These are simply labeled growing pains. This dead horse has been beaten over and over again. Use what works for you and whatever it is, keep it up to date.
Posted by richleick (7 comments )
Link Flag
A patch that causes more problems?
You have to love a company that puts out a security
<a class="jive-link-external" href="http://www.techknowcafe.com/content/view/603/43/" target="_newWindow">http://www.techknowcafe.com/content/view/603/43/</a>
breaching patch. So they build this patch to breach millions of computers and they feel it's a good idea to release it. Good one.
Posted by (156 comments )
Link Flag
Microsoft has a temporary fix...
&gt;Microsoft has a temporary fix available for the problems caused by MS06-042. However, this fix is not available for download; people have to call Microsoft's support line.&lt;

Is the fix Download Firefox?:-)

Good grief. This kind of problem damages security, by discouraging people from keeping their systems patched and up to date.
Posted by john55440 (1020 comments )
Reply Link Flag
MS IS a temporary fix...
oooooooo "snap"!
Posted by Llib Setag (951 comments )
Link Flag
TYPICAL...
Each Microsoft update fixes one thing but screws up another...
Posted by PCCRomeo (432 comments )
Reply Link Flag
NOW you're getting it...
It keeps the IT people in business &#38; makes more sales for the "new
&#38; improved" MS Security Software.

"idiot"...
Posted by Llib Setag (951 comments )
Link Flag
Crashed
Yes, it's true. Internet Explorer have crashed about 5 times for me since last update. You don't recive any error message after, it just exit.
Posted by Karl Viklund (51 comments )
Reply Link Flag
Crashed for me
Yes, it's true. Internet Explorer have crashed about 5 times for me since last update. You don't recive any error message after, it just exit.
Posted by Karl Viklund (51 comments )
Reply Link Flag
It's BSOD Day!
IS it Blue Screen Of Death Day already?

My how time flies when your WintelDell has crashed &#38; burned...
Posted by Llib Setag (951 comments )
Link Flag
Patch TUESDAY?
MS has SOOOOOO many viruses, worms, trojen horses, security
swiss cheese OS that they have to name a day of the week after
their endless stream of patches....?

LOL!

Patch Tuesday?
How about Patch EVERYDAY?
Microsoft...where do you want to go to today?

TGINPT!
(Thank God It's Not Patch Tuesday!

HAHAHAHAHAHAHA! losers...
Posted by Llib Setag (951 comments )
Reply Link Flag
This is what happens...
....when you sway away from the standards that are set forth for
creating a web browser to meat your own needs. Take AOL for
instance; merely a "candy bar" wrapper around the preverbal
Microsoft Snickers!

A client asks me the other day: what is the difference between
AOL and IE (The blue E, or Internet Explorer)? I said nothing. It's
a little known fact that AOL is just a shiny wrapper around a
messed up IE6. Don't believe me, try to clear the history in your
AOL or up the security on the cookies, AOL will steer you to IE!

There are set standards into which a web browser are to be
built, these standards have been laid in stone for years now. The
security issues come when people like Microsoft find the need to
tweak the web browser to better fit there need's. This in turn
leaves the needs of the client hanging in identity theft land just
waiting to be exploited or hacked.

You know it's not just identity theft either. Poor programming
techniques and lax management leave both the Public and
Private Technology Sectors at risk to worse things like
Government hacking and loss of Confidential Information.

It's about time to start making these tech companies like
Microsoft and AOL and Cisco responsible for there programming
regardless of there own EULA's (End User License Agreements).

You know, it's one thing to **** up a railing on a porch and to
fix it, it's another thing to **** up the whole house while
continuing to try and fix it!

J Gund
Tech01
www.Tech01.net
Posted by OneWithTech (196 comments )
Reply Link Flag
This is what happens...
....when you sway away from the standards that are set forth for
creating a web browser to meat your own needs. Take AOL for
instance; merely a "candy bar" wrapper around the preverbal
Microsoft Snickers!

A client asks me the other day: what is the difference between
AOL and IE (The blue E, or Internet Explorer)? I said nothing. It's
a little known fact that AOL is just a shiny wrapper around a
messed up IE6. Don't believe me, try to clear the history in your
AOL or up the security on the cookies, AOL will steer you to IE!

There are set standards into which a web browser are to be
built, these standards have been laid in stone for years now. The
security issues come when people like Microsoft find the need to
tweak the web browser to better fit there need's. This in turn
leaves the needs of the client hanging in identity theft land just
waiting to be exploited or hacked.

You know it's not just identity theft either. Poor programming
techniques and lax management leave both the Public and
Private Technology Sectors at risk to worse things like
Government hacking and loss of Confidential Information.

It's about time to start making these tech companies like
Microsoft and AOL and Cisco responsible for there programming
regardless of there own EULA's (End User License Agreements).

You know, it's one thing to **** up a railing on a porch and to
fix it, it's another thing to **** up the whole house while
continuing to try and fix it!

J Gund
Tech01
www.Tech01.net
Posted by OneWithTech (196 comments )
Reply Link Flag
Should change name to "3 with Tech"
Triple posting? C'mon.
Posted by ejevo (134 comments )
Link Flag
This is what happens...
....when you sway away from the standards that are set forth for
creating a web browser to meat your own needs. Take AOL for
instance; merely a "candy bar" wrapper around the preverbal
Microsoft Snickers!

A client asks me the other day: what is the difference between
AOL and IE (The blue E, or Internet Explorer)? I said nothing. It's
a little known fact that AOL is just a shiny wrapper around a
messed up IE6. Don't believe me, try to clear the history in your
AOL or up the security on the cookies, AOL will steer you to IE!

There are set standards into which a web browser are to be
built, these standards have been laid in stone for years now. The
security issues come when people like Microsoft find the need to
tweak the web browser to better fit there need's. This in turn
leaves the needs of the client hanging in identity theft land just
waiting to be exploited or hacked.

You know it's not just identity theft either. Poor programming
techniques and lax management leave both the Public and
Private Technology Sectors at risk to worse things like
Government hacking and loss of Confidential Information.

It's about time to start making these tech companies like
Microsoft and AOL and Cisco responsible for there programming
regardless of there own EULA's (End User License Agreements).

You know, it's one thing to **** up a railing on a porch and to
fix it, it's another thing to **** up the whole house while
continuing to try and fix it!

J Gund
Tech01
www.Tech01.net
Posted by OneWithTech (196 comments )
Reply Link Flag
This is what happens...
....when you sway away from the standards that are set forth for
creating a web browser to meat your own needs. Take AOL for
instance; merely a "candy bar" wrapper around the preverbal
Microsoft Snickers!

A client asks me the other day: what is the difference between
AOL and IE (The blue E, or Internet Explorer)? I said nothing. It's
a little known fact that AOL is just a shiny wrapper around a
messed up IE6. Don't believe me, try to clear the history in your
AOL or up the security on the cookies, AOL will steer you to IE!

There are set standards into which a web browser are to be
built, these standards have been laid in stone for years now. The
security issues come when people like Microsoft find the need to
tweak the web browser to better fit there need's. This in turn
leaves the needs of the client hanging in identity theft land just
waiting to be exploited or hacked.

You know it's not just identity theft either. Poor programming
techniques and lax management leave both the Public and
Private Technology Sectors at risk to worse things like
Government hacking and loss of Confidential Information.

It's about time to start making these tech companies like
Microsoft and AOL and Cisco responsible for there programming
regardless of there own EULA's (End User License Agreements).

You know, it's one thing to **** up a railing on a porch and to
fix it, it's another thing to **** up the whole house while
continuing to try and fix it!

J Gund
Tech01
www.Tech01.net
Posted by OneWithTech (196 comments )
Reply Link Flag
Here's an idea...
Why not move on to Service Pack 2? No, instead we complain and bash Microsoft for people that are running systems like Windows 2000 (it's 2006 for crying out loud), or running service pack 1 for XP which won't be supported in 2 months. Come on! Stop blaming MS for everything. Keep your computer up to date. PLEASE!
Posted by richleick (7 comments )
Reply Link Flag
I got news for you...
...the same problem occurs on SP2 systems as well. A client found the solution for us and that was to apply MS06-023 (KB917344).
Posted by hyperion127 (3 comments )
Link Flag
Here's why...
Businesses and home users alike invest $'s in to IT that can be used, not be constantly patched. How would you like it if your cell phone is patched every month, 2-5 times a year an issue comes up where you get dropped calls or no service at all until the patch for the patch is released?
Posted by extinctone (214 comments )
Link Flag
That is not true
I apply Microsoft patches every month to many client computers via WSUS which is a service provided by Microsoft.

I have yet to see a solution by any other vendor that comes even close to the efficiency and dependability of this process.

And, it is not very often they release a patch that has to be re-issued because of a widely known problem the patch can create. In the scope of things, it happens rarely.

You guys are going to have to dig deeper.
Posted by BruceLawrence (90 comments )
Reply Link Flag
sorry....wrong location
This post was to go under the "Now you're getting it" comments.
Posted by BruceLawrence (90 comments )
Link Flag
IE with peoplesoft problem bug possible work around
Was with a user this mornign and IE kept crashing.
Went into advanced and turned off http 1.1

exited IE then opened I back up to error page but this time no error but the site prompted to download a file. opened up file with notepad then exited IE. Then I opened it back up but not within peoplesoft but some other site like google.com then went back to advanced settings and turned http 1.1 back on then back to people soft in IE. so far no crash. not saying this is a fix but it worked for this user to complete their job.
Posted by inachu (963 comments )
Reply Link Flag
Have to reset all internet options to defaults
Our primary application we support is a PeopleSoft HR and PeopleSoft Portal system. We patched our own servers with MS06-042 last weekend, and noticed that IE running locally on the server had a problem using the PeopleSoft apps.

Our solution was to go into Internet Options and reset all default settings. (There's button that resets ALL settings for IE.) It won't change any proxy settings, just the properties.

We were then able to access all the PeopleSoft apps without problems. After we verified everything worked, we went back into Internet Settings and put the security settings back to where they originally were.

We had to inform all our user base of this same procedure.
Posted by Richard G. (137 comments )
Link Flag
Medical Impact
I work in a large Instuitional Health environment. The doctors and other health care professionals use a proprietary Web based application, for patient information, prescriptions, etc. This application is effected the same way Peoplesoft is. The users are all on automatic updates, and are on XP SP2. Microsoft should think through these security patches a little more thoroughly. Peoples medical care is being affected by this now.
Posted by kderoche (1 comment )
Reply Link Flag
Re: think through these security patches
You said " Microsoft should think through these security patches a
little more thoroughly. " The problem is Microsoft is doing the very
best that they can. And it isn't good enough.

IMO, until Microsoft can copy Apple one more time, dump the
entire Windows code base, and start from scratch. It isn't likely
Windows can ever be made reasonably secure.
Posted by rcrusoe (1305 comments )
Link Flag
Re: Medical Impact - MS products are not HIPAA compliant.
In my opinion, Microsoft products are not HIPAA compliant. They are insecure and unstable. Not something I want my doctor using to handle my medical records, affecting my care.
Posted by extinctone (214 comments )
Reply Link Flag
agree
Important functions with potentially life threating situations if it fails, should never be trusted to MS.
Posted by qwerty75 (1164 comments )
Link Flag
MS software has caused deaths?
It isn't only medical systems, but didn't a Microsoft worm cause or contribute to the blackout in the NE US and Canada in 2003? I know there is great debate, as to how much a part the MS worm actually played in to the blackout. But from what I read; 1) If the monitoring systems that were brought down by a Microsoft virus were functional, technicians may have been able to take action before the collapse of the grid. And 2) There sure seems to be a concerted effort in to burying or significantly downplaying the role of the Microsoft worm in the event. In either case it more than highlights the harm that low quality software from a monopolist can cause to society.
Posted by HandGlad2 (91 comments )
Link Flag
An Apple A Day...
keeps the viruses away.

That's why most University Med + public medical departments use UNIX / LINUX / Mac OSX / Web based applications on their secured server networks.

Much more secure &#38; efficient to use a HIPA compliant medical program designed for the medical profession, than the WintelDell Hell full of swiss cheese holes in the security of medical records &#38; hospital operations.
Posted by Llib Setag (951 comments )
Link Flag
HIPAA is So Ambiguous, More to worry about...
Don't worry so much about your doctor using Microsoft products as much as PDAs, Wireless networking, USB thumb drives, lack of perimeter firewalls, lack of network access controls, and unencrypted data.
It doesn't matter what platform you are on, data is data is data. It is generally easier to get data via one of the aforementioned means than hacking into an OS.
Just look at the newspapaers on any given day, it's not that that stolen laptop was compromised because it was Windows it was STOLEN.
The rule of thumb is that if I have physical possession of the device then I have your data whether it takes minutes or weeks, I'll have your data. The same holds true for a wireless network, CDs, old disk drives, usb flash drives, smartphones, etc, etc, etc.

HIPAA just mandates that you make a best effort within affordable measures to ensure data integrity and security. So what does that mean? Ask 1000 different security people and CIOs and you'll get 1000 different answers.
Posted by fred dunn (793 comments )
Link Flag
Not Quite
The only reason why windows is the OS with the most viruses is because:

a) It's the super majority.
b) It's the easiest platform to program on.

And before you go spouting off about B, yes for some it is easier to program on other platforms, but all in all crappy vb is king of simple, and almost all platforms can run on windows.

If all computers wither linux or mac, there would still be security and virus problems, just the methods used would differ.
Posted by (27 comments )
Reply Link Flag
IE6 crashing
A temporary fix is to go into IE options &gt;&gt; advanced &gt;&gt; disable third party browser extensions. Uninstall any toolbars you use.
This will help keep IE open longer, but won't
actually fix it. Call microsoft security while
it's still free. 1-866-727-2338 for the how to correct it. Apparently they won't release a fix until Oct 10 2006. The same day they stop support for XP SP1. Hmmm... coincidence? Yah right! Thanks M.S. for making us have to upgrade to SP2. And funny how Windows Genuine check came out right before this...
Posted by broken_halo (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.