Microsoft schließt Lücken im Internet Explorer

Ich habe mal den deutschen Patch von der Downloadseite gestartet. Allerdings ist die Downloadrate von 1kB/s recht dürftig. Deshalb habe ich den Download mal gestoppt und lade weiter, wenn der erste Ansturm vorbei ist.
Außerdem warte ich mit dem Installieren, bis ich meine Systempartition in Kürze wieder mal gesichert habe.
Man hört ja immer wieder von seltsamen Phänomenen nach misslungenen Patchversuchen. Dann gibt es eventuell einen Patch für den Patch.

 

... abgesehen davon scheint die MS-Seite nicht erreichbar, vermutlich per Wurm und/oder Updatewillige überlastet.
Oder hat es schon jemand geschafft???
Ich gehe mal vom richtigen Link auf der PC-Welt Seite aus

 

...und immer mal wieder am Kiosk die PC-Hefte mit Heft-CDs durchgucken. Manchmal bringen die die neuste Windows-Update-CD gratis raus.
Meine letzte hatte zum Glück SP4 für Windows 2000 und den Blaster Patch drauf. So konnte ich gleich mit meinem frisch installierten Windows mit den aktuellen Patches online gehen...

 

Hallo TomJoe, frag doch nen Kumpel von dir, ob er dir die Batch-sammlung eventuell von dieser Webseite als installations-datei runterladen und auf ne CD-R sichern kann, damit du die dann einspielen kannst!

http://www.winpage.info/scripte/news/innovated_news.php

 

@ kommputer:

@ droessler: Auf Deutsch wär's mir lieber gewesen...

 

This is a cumulative update that includes the functionality of all the previously-released updates for Internet Explorer 5.01, Internet Explorer 5.5, and Internet Explorer 6.0. Additionally, it eliminates the following three newly-discovered vulnerabilities:

A vulnerability that involves the cross-domain security model of Internet Explorer. The cross domain security model of Internet Explorer keeps windows of different domains from sharing information. This vulnerability could result in the execution of script in the Local Machine zone. To exploit this vulnerability, an attacker would have to host a malicious Web site that contained a Web page designed to exploit the vulnerability and then persuade a user to view the Web page. The attacker could also create an HTML e-mail message designed to exploit the vulnerability and persuade the user to view the HTML e-mail message. After the user has visited the malicious Web site or viewed the malicious HTML e-mail message an attacker who exploited this vulnerability could access information from other Web sites, access files on a user's system, and run arbitrary code on a user's system. This code would run in the security context of the currently logged on user.
A vulnerability that involves performing a drag-and-drop operation with function pointers during dynamic HTML (DHTML) events in Internet Explorer. This vulnerability could allow a file to be saved in a target location on the user's system if the user clicked a link. No dialog box would request that the user approve this download. To exploit this vulnerability, an attacker would have to host a malicious Web site that contained a Web page that had a specially-crafted link. The attacker would then have to persuade a user to click that link. The attacker could also create an HTML e-mail message that had a specially-crafted link, and then persuade the user to view the HTML e-mail message and then click the malicious link. If the user clicked this link, code of the attacker's choice would not be executed, but could be saved on the user's computer in a targeted location.
A vulnerability that involves the incorrect parsing of URLs that contain special characters. When combined with a misuse of the basic authentication feature that has "username:password@" at the beginning of a URL, this vulnerability could result in a misrepresentation of the URL in the address bar of an Internet Explorer window. To exploit this vulnerability, an attacker would have to host a malicious Web site that contained a Web page that had a specially-crafted link. The attacker would then have to persuade a user to click that link. The attacker could also create an HTML e-mail message that had a specially-crafted link, and then persuade the user to view the HTML e-mail message and then click the malicious link. If the user clicked this link, an Internet Explorer window could open with a URL of the attacker's choice in the address bar, but with content from a Web Site of the attacker's choice inside the window. For example, an attacker could create a link that once clicked on by a user would display http://www.tailspintoys.com in the address bar, but actually contained content from another Web Site, such as http://www.wingtiptoys.com. (Note: these web sites are provided as an example only, and both redirect to http://www.microsoft.com.)
As with the previous Internet Explorer cumulative updates that were released with bulletins MS03-004, MS03-015, MS03-020, MS03-032, MS03-040, and MS03-048, this cumulative update causes the window.showHelp( ) control to no longer work if you have not applied the HTML Help update. If you have installed the updated HTML Help control from Microsoft Knowledge Base article 811630, you will still be able to use HTML Help functionality after you apply this update.

This Internet Explorer cumulative update also includes a change to the functionality of a Basic Authentication feature in Internet Explorer. The update removes support for handling user names and passwords in HTTP and HTTP with Secure Sockets Layer (SSL) or HTTPS URLs in Microsoft Internet Explorer. The following URL syntax is no longer supported in Internet Explorer or Windows Explorer after you install this software update:

http(s)://username:password@server/resource.ext

For more information about this change, please see Microsoft Knowledge Base article 834489.

Additionally, this update will disallow navigation to "username:password@host.com" URLs for XMLHTTP.

Microsoft is currently creating an update to MSXML that will address this issue specifically for XMLHTTP and we will provide more information in this bulletin when the update becomes available.

The update also refines a change made in Internet Explorer 6 Service Pack 1, which prevents web pages in the Internet Security zone from navigating to the local computer zone. This is discussed further in the "Frequently Asked Questions" section of this bulletin.