| By Susan Bradley |
I thought all I needed to worry about this Patch Tuesday was a Windows patch or two and an Office patch.
But it turns out to be essential that you redo August’s critical Internet Explorer and Server Service patches on Windows 2003 and XP SP1.
Troublesome ‘Server Service’ patch is reissued
Those who use Navision accounting software on their servers found themselves in a pickle last month. Install MS06-040 (921883) and your accounting application fails. Remove it and your network is at risk.
Hotfix 921883, which fixes Navision-style issues, has been now been rolled into a full rerelease of the August security patch. If you haven’t installed this patch, and you have any XP macines running SP1 or earlier, let me stress again how important this is. I’ve personally heard of several firms that have been very detrimentally impacted by this security hole.
If MS06-040 is not installed (including installing the Sept. 12 version), your company risks being taken over by Trojans that will use your network in nefarious ways. If you haven’t yet patched, or you installed only the older, August version, now is the time to update.
We still haven’t seen a patch for the denial-of-service issue that affects MS06-040, which was described in the MSRC blog back in August. You should expect to be soon patching 040 yet again. Both the reissued Server Service patch and this week’s reissued IE patch (MS06-042, described below) will be properly supported by Shavlik and other patch-management engines as though they were new patches.
Now let us reinstall the IE Patch
The Aug. 8 Internet Explorer patch for XP SP1 and earlier, MS06-042 (918899), was reissued by Microsoft on Sept. 12 because the original release actually introduced a critical security flaw of its own.