November 3, 2005

According to two security advisories posted on the Microsoft website, it was discovered yesterday that two Microsoft security patches for Internet Explorer can actually prevent certain functionalities in some websites that use specific custom applications. The new problems occur after the delivered patches were installed, pursuant with security bulletins MS05-038 and MS05-052.

The bulletins were issued in August and October, respectively.

Both patches can cause problems with ActiveX controls, small programs designed to perform simple tasks that can make a Web site more interactive. The MS05-038 patch can also hinder Java applications. After the patches are installed, applications that are programmed in specific ways will no longer work in Internet Explorer, Microsoft said.

Any problems caused by MS05-038 and MS05-052 affect only a few users, Stephen Toulouse, a program manager in Microsoft's Security Response Center, wrote on the MSRC blog late Wednesday. "As a result of these changes that we made for security sake, for a limited amount of customers some pages may not load as expected," he wrote.

The issue of broken Web sites is the latest problem with Microsoft patches. One recent fix wreaked havoc on systems of users who had changed certain settings on their PCs to be more secure, while Windows 2000 users had trouble finding the right patch for another security problem.

The MS05-052 patch causes the problem because it makes several changes to Windows meant to increase the security of the IE Web browser. After installing the patch, IE will check for a special security setting called on ActiveX controls. If the control does not have the setting, IE will block it, according to a Microsoft advisory.

To resolve this issue, Microsoft advises developers to recompile an affected ActiveX control and mark it as safe when run in an Internet browser, according to the advisory. As a workaround, users of sites with ActiveX controls that no longer work can lower their IE security settings, the company said, although it does not recommend doing so.

Changes made for the benefit of security with the MS05-038 patch mean trouble for ActiveX controls and Java applications. The problems occur if so-called "custom monikers" are used, Microsoft said in a second advisory. To solve the issue, the applications should be converted.

Microsoft's advisories offer technical tips on resolving any issues. The company did not say how many customers have experienced trouble.

Source: C-Net News

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.