Tiny correction here ..it's an old browser hole ..and a new patch ...for those of you on XP ..how many humungous bytes is it?

The Requested Web Page is Not Available

Just had a look and the patch page appears to not be available.

Take the period off the end of the URL that was posted.

Sorry you're right it's an old hole. I believe a company with the initials CW has been using it for a long time.

Believe it or not the patch is only about 104 K. It just adds a registry entry so that the exploit is not available.

I just went to windows update and there were no new updates for me... I'm on XP, do I have to do this manually too?

Jennifer

It may well not turn up on Windows Update until tomorrow, or even next week (second Tuesday of the month is the standard update day IIRC). However, it's a good idea to download it manually.

I wonder though if this a complete solution - a one-line registry-entry fix doesn't indicate they've got to the heart of the problem, rather that they are just mitigating a particular line of attack.

encyclo..when did they ever do otherwise?

someone posted yesterday in the Msn search thread that they would probably release the new search 60% or 70% finished/ready/viable and then slowly fix the glitches ..

Sounds like the history of 'doze .. ;)

Microsoft Press Release [microsoft.com].

Confirmed that it is only a quick fix for the existing exploit, not a patch for the underlying problem. To quote:

In addition to this configuration change, which will protect customers against the immediate reported threats, Microsoft is working to provide a series of security updates to Internet Explorer in coming weeks that will provide additional protections for our customers.

(My emphasis). It also confirms without explicitly saying so that the underlying vulnerability will remain unfixed until Windows XP Service Pack 2 later this summer. Who knows when (if) it will be fixed for Win98, 200, etc.

It should hit Windows Update later today.

Got it today 7/2, 4:30 pm MDT.