MS06-040 (Server Service Patch):We are getting a lot of questions about this one. The short answer: Don't panic, but keep on patching. It apprears that the release of a public exploit is imminent, but we don't have it. A lot of speculations about a possible worm. But then again, worms are so 2004. Once an exploit is made public, I would expect it to be added to standard bot payloads quickly.
MS06-042 (MSIE Rollup patch):We received some reports about users having problems with Internet Explorer crashing after applying the latest patch (MS06-042) and accessing certain sites ? mainly Peoplesoft applications.
We can't confirm this yet, but it looks like only Windows XP SP1 machines that applied the patch are affected (Windows XP SP2 with the patch seems to be working ok, from some very limited tests we were able to do).
Let us know if you can confirm this.
We have also had a number of reports that Windows 2000 is also affected, particularly accessing Peoplesoft applications. Rather than un-installing the patch, using an alternate browser is another workaround.
I will be teaching next: Defending Web Applications Security Essentials - SANS Brussels September 2019
Aug 9th 2006
1 decade ago