Results 1 to 11 of 11
  1. #1
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Swanzey, New Hampshire, USA
    Posts
    1,707
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Security Update/Patch notification (5.5 SP-1)

    I received a notification from Microsoft of a highly recommended "patch" that is available for all users of MSIE 5.5 and 6.0. I visited the page with this URL <A target="_blank" HREF=http://securitycheck.passport.com/default.asp>http://securitycheck.passport.com/default.asp</A> and thought it was just a gimmick to try and get me to upgrade to 6.x... but clicking on the link, "Tell me more about the security patch", it seems there is a "patch" for MSIE 5.5

    BUT... here's why I'm posting this question. Reading the information about the patch itself, it says that the affected browsers are 5.5 SP-2 and 6.0... I don't have SP-2, according to the "Help/About" information I have. Sooooo, should I install this patch or no? I looked through all my Woody's ezines and couldn't find anything on this particular patch that deals with the Active Scripting vulnerability, etc....

    Thanks,

    Jeff
    Jeff
    simul iustus et peccator

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Silver Lounger
    Join Date
    Apr 2001
    Location
    New York, New York, USA
    Posts
    2,328
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Security Update/Patch notification (5.5 SP-1)

    It looks like Microsoft abandoned all versions of Internet Explorer prior to 5.5 SP2 altogether. If you didn't upgrade to IE 5.5 SP2 or IE 6 (all versions), count on yourself...

    This patch you are asking about (Q312461) is cumulative patch, another words, it combines all previous patches AND eliminates three new vulnerabilities: the first two involve how IE handles cookies across domains and the third one involves how IE handles URLs that include dotless IP addresses. For more information, see <A target="_blank" HREF=http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms01-055.asp>Microsoft Security Bulletin MS01-055</A>

  4. #3
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Swanzey, New Hampshire, USA
    Posts
    1,707
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security Update/Patch notification (5.5 SP-1)

    kaplinb,

    Thanks for the response. However, I seem to still be stuck in a quandary whether or not I should install this patch? Woody has been quite explicit and forceful, even in today's "Woody's Office Watch" that we should avoid anything to do with the SR-2 patch. Since this security patch says it applies to MSIE 5.5 SP-2 and 6.0, I have that old "uneasy feeling" <img src=/S/laugh.gif border=0 alt=laugh width=15 height=15> But then again, perhaps I am confusing the SR-2 patch for Office and SP-1 and SP-2 for MSIE?

    Are you personally recommending that this patch be installed if someone is using MSIE 5.5 SP-1? The vulnerability issue it addresses seems to be quite serious, but I don't want to install something that is going to cause problems. As you know, not all of MS's patches are desirable... hehe!

    Jeff
    Jeff
    simul iustus et peccator

  5. #4
    Bronze Lounger
    Join Date
    Feb 2001
    Location
    England
    Posts
    1,306
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security Update/Patch notification (5.5 SP-1)

    Thing is, if you don't upgrade you're open to whatever security holes MS left unplugged. Personally, I'd go the whole hog and install IE6 (preferably from a CD, unless you've broadband), 128-bit encryption, MSJVM 5.00.3802. Then see if you still need the update. If so, install it. IE6 has a much more configurable way of handling cookies, for instance.
    I use IE6 flavor as above with XPP and 2kP. With 98SE I prefer 5.5 SP2.
    I don't now what Woody had to say, but I've not had any problem doing it this way. When updating, always chhose the option to back-up, so you can revert if need be. Sometimes these things don't bite first go.

    Rgds

  6. #5
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Swanzey, New Hampshire, USA
    Posts
    1,707
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security Update/Patch notification (5.5 SP-1)

    Okay, I downloaded the security patch and tried to install it.... <img src=/S/doh.gif border=0 alt=doh width=15 height=15>... and as I suspected it won't work because it is only good for 5.5 SP-2, which I don't have (SP-1). I'm not really keen on upgrading? to 6.0 since it appears to be more "entertainment" oriented rather than functional, hehe.

    Okay, I found where I could download/install MSIE 5.5 SP-2.... did that... and installed the patch! Thanks for everyone's advice and help. <img src=/S/grin.gif border=0 alt=grin width=15 height=15>

    Jeff
    Jeff
    simul iustus et peccator

  7. #6
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Security Update/Patch notification (5.5 SP-1)

    As a footnote, I believe the IE 5.5 SP2 patch was the one that removed support for "Netscape-style" plug-ins, breaking all sorts of third party applications and requiring downloads of new versions of, for example, QuickTime. Hopefully all the plug-in providers have ActiveX controls by now, as that is what MS now demands.

  8. #7
    Silver Lounger
    Join Date
    Apr 2001
    Location
    New York, New York, USA
    Posts
    2,328
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Security Update/Patch notification (5.5 SP-1)

    And to be clear... Woody is talking about SR-2 Patch for OFFICE 2000, not for IE 5.5

    I know, some people can't tell Windows from Office (all Microsoft stuff has identical version names), so please read carefully what is it about.

  9. #8
    Gold Lounger
    Join Date
    Dec 2000
    Location
    New Hampshire, USA
    Posts
    3,386
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security Update/Patch notification (5.5 SP-1)

    Woody is referring to SR-2 for Office, that's a different critter.

  10. #9
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Swanzey, New Hampshire, USA
    Posts
    1,707
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security Update/Patch notification (5.5 SP-1)

    Just a followup note here and a bit of advice to others. <img src=/S/grin.gif border=0 alt=grin width=15 height=15>

    I installed the SP2 patch for IE and then the Security Update. It caused numerous problems, e.g., disallowing pictures to be inserted in Outlook (2000 SP1a), timeout errors when retrieving e-mail, etc.. So it would appear that the SP2 Update for IE has a direct effect on other Office applications.

    To solve these problems, I reverted back to the previous version of 5.5 (through the Control Panel/Add&Remove Programs/etc. The result was I had to download the SP1 Patch again, etc... <img src=/S/doh.gif border=0 alt=doh width=15 height=15> But all the problems were resolved after the restore.

    Bottom line is, at least the way I see it, DO NOT INSTALL THE IE SP2 PATCH

    Question for you: You said, When updating, always choose the option to back-up, so you can revert if need be. That's sound advice, but I'm wondering if you are implying that there is a way to preserve/backup your current version of IE so that if problems arise, such as I experienced, you can easily revert to the "good" version without having to go through the long and tedious trouble of using the "Setup.exe" again; i.e., downloading and installing the entire thing?

    Thanks,

    Jeff
    Jeff
    simul iustus et peccator

  11. #10
    Bronze Lounger
    Join Date
    Feb 2001
    Location
    England
    Posts
    1,306
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security Update/Patch notification (5.5 SP-1)

    Hi Jeff
    Yes. If you've chosen to back-up, you can revert via the Repair option, I believe. This is the quick route I recommend. Nonetheless, when this happens to me, I prefer to take a longer approach and do exactly as you describe : reinstall IE by doing an over-the-top installation of the OS, then download the upgrades again. Belt-and-braces I suppose, but it wouldn't be everyone's best route. It has the advantage of correcting any fault that may have been caused by or in the download process.



    Rgds

  12. #11
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re-enabling Outlook 2000 Insert Picture

    I think we figured it out over on the Outlook board in <A target="_blank" HREF=http://www.wopr.com/cgi-bin/w3t/showthreaded.pl?Cat=&Board=out&Number=108311>Post #108311</A>. (I have Office 2000 SR-1a and IE 5.5 SP2.)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •