Hi

The following came from find.pcworld.com/32573 (and is also on p. 59 (Bugs and Fixes) of the Feb. 03 PCWorld issue (Gaping Holes in Internet Explorer). I have IE 6 with SP1 installed and I have XP home edition, which I am 99.9% sure is the 32 bit version.


Second Cumulative Patch for Internet Explorer 5.5 and 6
Internet Explorer 5.5 and 6, like most new software offerings, come with a whole new set of problems. But how do you keep up with all the most current patches? This update closes all known security holes affecting these browsers (as of December 13) and addresses three new security issues: One security flaw allows an attacker to alter HTML header information to make IE believe that an executable file is actually a different type of file--one that it is appropriate to simply open without asking the user for confirmation. This could enable the attacker to create a Web page or HTML e-mail that, when opened, would automatically run an executable on the user's system. This vulnerability affects IE 6.0 only, not 5.5.

The second issue is a newly discovered variant of the Frame Domain Verification vulnerability. This could enable a malicious Web site operator to open two browser windows, one in the web site's domain and the other on the user's local file system, and to pass information from the latter to the former. This could enable the site operator to read, but not change, any file on the user's local computer that could be opened in a browser window. This affects both IE 5.5 and 6.0.

The third flaw is related to the display of file names in the File Download dialog box. When a download is initiated, a dialog provides the name of the file. However, in some cases it is possible for an attacker to misrepresent the name of the file in the dialog. This could be invoked from a Web page or in an HTML e-mail in an attempt to fool users into accepting unsafe file types from a trusted source. This vulnerability affects both IE 5.5 and 6.0. go to download site

When I get to the download site, I get offered these options:

Internet Explorer 6 SP1 (32-bit)

Security Update
2 MB file
10 min @ 28.8 Kbps


Internet Explorer 6 SP1 (64-bit)

Security Update
4.1 MB file
20 min @ 28.8 Kbps


Internet Explorer 6

Security Update
2.43 MB file
12 min @ 28.8 Kbps


Internet Explorer 5.5 SP2

Security Update
2.15 MB file
10 min @ 28.8 Kbps

I chose the 3rd. one down (Internet Explorer 6) I assume that was appropriate as I already had SP1 and did not have IE 5.5. It downloaded an exe file (I believe it was q324929.exe).

But when I told it to install I got the message that "this file requires that IE 6 be installed." Well, as will be noted I HAVE IE 6 installed.

I should appreciate any and all input re (1) did I download the right file and (2) what can I do about the message I got (see last paragraph)

John

where are you going to get the files the windows corp download site...because if you go to the windows update site it will tell you the updates that you need and choose accordingly.

You say you have got IE6 SP1 installed,so you need to select the download for IE6 SP1 (32 bit),not IE6.

Internet Explorer 6 SP1 (32-bit)

Security Update
2 MB file
10 min @ 28.8 Kbps


The reason it tells you "this file requires that IE 6 be installed."
Is because you are trying to install an IE6 file into IE6 SP1,and it can't recognize your version correctly.

I went to find.pcworld.com/32576. There at the bottom of the article, I clicked on "go to download site". That took me to "www.microsoft.com/technet/treeview/default..." and when I got there, there was a "download location for patch" link which I clicked on. That got me to

http://www.microsoft.com/windows/ie/downloads/critical/q324929/default.asp This was where I came across trhe 4 download options.

John

Well, Reverend...something seems amiss with MS or my computer. I tend to point the finger at MS since 2 supposedly different files were, upon download, identical. Your last answer caused me to go back to the site with the 4 download options and select the one you recommended, viz. IE 6, SP-1, 32 bit. And I discovered that what I downloaded was the same exact file as I got when I selected IE 6.0. I checked...both files had the same exact name...q324929.exe. And with this latest download I again got the same message about the file needing IE 6.0 to be installed.

Any comments or ideas?

John

In Internet explorer,go to Help > About Internet Explorer.
Could you post the whole version number.

Version: #######.........

It's 6.0.2800.1106.xpsp1.020828-1920

John

Have you tried installing it directly via Windows Update ?

http://v4.windowsupdate.microsoft.com/en/default.asp

Yes, I have and did (just now) try installation with Windows update. I just get told "there are no critical updates at this time."

John

They must already be installed.

You can check by going into control panel > Add or Remove Programs.See if the Hotfix number is in the installed software list.

Well, I went into Add/Remove and checked. There were 6 hotfix #s there:

Q329048
Q329115
Q329390
Q329834
Q328310
Q810565

But no Q324929 which was the designation of the exe file I downloaded but which only resulted in the message: "must have IE 6.0 for this update."

John

If it's not on Windows Update stop worrying then.

Originally posted by wumply
I just get told "there are no critical updates at this time."

John

If it doesn't appear on Windows Update,it means you already have it installed.

Conan:

I'm not convinced I have the update in my computer or that there isn't an update but who's to say for sure - and I think something is screwy - but I'll reluctantly let it go. It's probably practical.

My thanks to phishhead and Reverend.

John