Glitch in critical IE patch
Shortly after releasing its security patches for August, Microsoft pulled the "critical" fixes for Internet Explorer from its Download Center Web site. An error in the updates for several Windows versions made it impossible for users to install them, a Microsoft representative said.
"Several of the Internet Explorer updates provided only to the Download Center were corrupted, breaking the digital signature and preventing them from installing," the representative said in an instant message conversation Tuesday.
The IE patches will be reposted to the Download Center as soon as they have been fixed. Meanwhile the patches are still available through Microsoft Update and Windows Update as well as the Automatic Updates feature in Windows, the representative said.
Most consumers get their Microsoft patches through Automatic Updates or Windows Update, not the Download Center. However, Download Center is used by IT professionals. The links to the patches in Microsoft's technical security bulletins go to the Download Center. On Tuesday afternoon following the link to the IE patch in bulletin MS05-038 resulted in an message stating that the requested download was not available.
Steven Bink is one of those IT pros who noticed the problem. Bink publishes the Bink.nu Microsoft enthusiast Web site and runs IT Solutions BV, an IT consultancy company in Amsterdam. "Of course I was one of the first to download the patches," he said in an instant message conversation. Bink received an error message that the digital signature of the patch was not valid.
The patches for several versions of Windows address three serious flaws in Internet Explorer that put users at risk of attack. A user could fall into an attacker's trap and have his PC commandeered simply by viewing a specially crafted JPEG image.