Microsoft bungles IE bug fix
Cross Patch, Turn the Latch
Microsoft has come under fire from users who have discovered the company's patch to fix a potentially seriously security problem works only if they upgrade their browsers.
As we reported last week, Microsoft issued a patch designed to fix flaws in the way IE renders binary attachments in HTML email. Problems in the way this was implemented in Internet Explorer left the door open for hackers to easily trick users into running malicious code on their machines.
Since we ran the story several Register readers have written to tell us that users of older versions of Internet Explorer may be wrongly informed that they are already protected from the flaw when they download the patch.
Users who attempt to download the security patch received the following unhelpful message during installation: "This update does not need to be installed on this system."
Microsoft has now confirmed the message is an error and advises users of older browsers to download either Internet Explorer 5.01 or Internet Explorer 5.5, before applying the patch.
Surfers using IE 5.01 Service Pack 2 do not need the fix. ®