Security Advisory

Microsoft Security Advisory 923762

Microsoft Security Advisory (923762): Long URLs to sites using HTTP 1.1 and compression Could Cause Internet Explorer 6 Service Pack 1 to Unexpectedly Exit

Published: August 22, 2006 | Updated: August 24, 2006

On August 15, 2006 Microsoft announced that it would be re-releasing Microsoft Security Bulletin MS06-042 Tuesday, August 22, 2006 to address an issue affecting Internet Explorer 6 Service Pack 1 customers as discussed in Microsoft Knowledge Base Article 923762. Due to an issue discovered in final testing, Microsoft was not able to re-release MS06-042 on August 22, 2006. On August 24, 2006, Microsoft completed testing to ensure the update re-released for Internet Explorer 6 Service Pack 1 met the appropriate level of quality for broad distribution.

On August 22, 2006 Microsoft also became aware of public notification on the exploitable nature of this vulnerability. Microsoft has completed the investigation into the vulnerability, and has revised Microsoft Security Bulletin MS06-042 with information on this vulnerability, and the availability of revised Internet Explorer Service Pack 1 security updates. Customers are encouraged to apply the revised update to Internet Explorer Service Pack 1 systems immediately.

General Information

Overview

Purpose of Advisory:

Advisory Status: Investigation Complete. A revised security bulletin has been issued.

Recommendation: Please review the revised security bulletin and apply the available update.

References Identification
Security Bulletin MS06-042
CVE Reference CVE-2006-3869
Microsoft Knowledge Base Article 923762

This advisory discusses the following software.

Related Software
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1

Suggested Actions

  • Please review the revised security bulletin and apply the available update.

  • Customers who believe they may have been affected can contact Product Support Services. You can contact Product Support Services in the United States and Canada for help with security update issues or viruses at no charge using the PC Safety line (1 866-PCSAFETY). Customers outside of the United States and Canada can locate the number for no-charge virus support by visiting the Microsoft Help and Support Web site.

    All customers should apply the most recent security updates released by Microsoft to help ensure that their systems are protected from attempted exploitation. Customers who have enabled automatic updates will automatically receive all Windows Updates. For more information about security updates, visit https:

  • We continue to encourage customers follow our Protect Your PC guidance of enabling a firewall, getting software updates and installing antivirus software. Customers can learn more about these steps at Protect Your PC Web site.

  • For more information about staying safe on the Internet, customers can visit theMicrosoft Security Home Page.

Other Information

Resources:

Disclaimer:

The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions:

  • August 22, 2006: Advisory published
  • August 24, 2006: Advisory updated to direct customers to the revised version of Microsoft Security Bulletin MS06-042 that includes new updates for Internet Explorer 6 Service Pack 1.

Built at 2014-04-18T13:49:36Z-07:00 </https:>