Microsoft on Monday released an oft-delayed cumulative patch to fix several known security holes in its flagship Internet Explorer (IE) browser.

The software giant issued the IE fix outside of its scheduled release cycle because of the "critical" nature of the patch and because proof-of-concept exploits have been circulating on several mailing lists.

Microsoft said the IE update would eliminate three vulnerabilities, including a URL-spoofing flaw being exploited by scammers, a file download flaw that could lead to harmful code execution and a bug in the cross-domain security model of IE that could lead to system takeover.

Get Patch Here (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-004.asp)

this sucks. nothing like M$ issuing a patch that breaks 60% of all our Car-Part.com paying customer's software.
we pass a username/pass through our software for a site that calls a CGI script (which is password ptoected). Now the customers who apply this patch can't use their service they paid for.

http://support.microsoft.com/?kbid=834489
a possible fix to this dliema

I installed the critical updates via automatic download.
The only thing I noticed with the IE update is that the browser is delayed about 1/8th of a second.

so should I patch the kids and mine boxes? is this gonna screw things up in xp and W2K?

Originally posted by SoopaStar
this sucks. nothing like M$ issuing a patch that breaks 60% of all our Car-Part.com paying customer's software.
we pass a username/pass through our software for a site that calls a CGI script (which is password ptoected). Now the customers who apply this patch can't use their service they paid for.

Interesting..

From http://news.com.com/2100-7355_3-5153534.html

Some Web developers are complaining that an Internet Explorer patch that's meant to foil Net scams is disabling some applications that didn't put a premium on security.

The update, which was released Monday, had some Web site programmers up in arms Wednesday due to complaints from Web users that they could no longer log in to sites that secure entry through credentials included in the URL.

I would have to agree, that putting credentials in the URL is not a good idea. Then they show up in proxy logs and are easily sniffed since the url is not encrypted only the data.

Yeah...Security is a double edged knife at times....

So, is anyone going to answer madfish's question?

I would say yes, patch. I cannot say if it will or will not screw anything up. But, I would lean towards that will not.

I've patched everyone of my systems