Update Available for IE 6.0 SP1 Security Vulnerability

This morning we re-released our August security update (MS06-042) for IE 6.0 SP1. This update is available through all of our normal release channels including Windows Update, Automatic Update, Download Center and our deployment tools such as WSUS.

As I mentioned Tuesday, the original release of MS06-042 introduced a new security vulnerability for IE 6.0 SP1 users. This re-release fixes that vulnerability. We recommend all IE 6.0 SP1 customers install the update immediately. Users running Windows XP SP2, Server 2003 SP1, IE 5.01 on Windows 2000, or any of the IE7 betas, The IE7 Release Candidate 1, or Windows Vista are not affected and do not need to take action.

Tony Chor
Group Program Manager

Comments (23)

  1. Joe says:

    Still can’t drag a tab to the links bar.

  2. Bob says:

    Joe: IE6 SP1 doesn’t have tabs, so your comment doesn’t make any sense.

  3. Bob says:

    Joe: IE6 SP1 doesn’t have tabs, so your comment doesn’t make any sense.

    If you’re trying to do this in ie7 and just posted on the wrong topic, try dragging from the address bar to the links bar instead.

  4. baillard says:

    It still appears that the OCA only offers Windows XP SP2 when http 1.1 cause IE crash under the original version of MS06-042.  Has OCA been updated yet (requests made to MSRC and this blog)?

  5. reo says:

    after logon to my Hotmail it tell me I have to upgrde to IE6.0,…seems Im running 5.1 right now, or my Hotmail may not run properly.

    Clicked the button and ended up with  V7.0 beta….and a bunch of numbers.  Hate it so far.I still get the same warning everytime I go to my HotMail…please help thank you

  6. baillard says:

    OCA is now detecting that computer does not have all critical patches installed but does not explicitly mention MS06-042 as the problem.  Also after logging into OCA the status of the report still lists the error as being researched.

  7. ST says:

    Mission complete:

    923762-IE6SP1 public patch release

    Next Mission:

    923996-IE6SP2 public patch release


  8. Tom Taylor says:

    Nice try folks but there are still issues with 918899.  I’ve updated to V2 of this patch (even gone as far as to uninstall V1 and then install V2 yet we are still experiencing the same issue we had before with V1+hotfix 923762.  IE crashes in urlmon.dll when visiting many of our Peoplesoft pages.  This did NOT happen prior to the release of 918899 and if we completely uninstall 918899 we have no more crashes.  Turning off http 1.1 causes issues as Peoplesoft uses it heavily.  Please fix this!

  9. I agree with ST.  Why was the fix for 923996 (createPopup) not included in the re-released August update?  As far as I can tell, it was this update that caused the problem described in 923996.

  10. the_guy says:

    Can someone update the bulletin? It’s just that the bulletin says it includes urlmon.dll version 6.0.2800.1565 (RTMGDR) and 6.0.2800.1567 (RTMQFE). The correct versions are 6.0.2800.1567 (RTMGDR) and 6.0.2800.1568 (RTMQFE).

  11. Matt says:

    This is definitely still a problem with XP SP2 users.  My company just released the updated version of MS06-042 on Tuesday and we were hit with a flood of calls to the help desk concerning IE 6 SP2 crashing on a lot of our internal sites (which use custom pop-ups, menus, etc.)

    I would say that Microsoft needs to get yet another re-release of this patch to correct this problem instead of offering 923996 only to people who are "severely affected."

  12. James_A says:

    As and when Microsoft issue version 3 of this update I hope they fix the errors in the registry too. Scenario: (Win2k SP4)

    1. install v1 of update

    2. install v2 of update

    3. check registry (HKLM….filelist)and weep


    wrong build date

    wrong date for URLMON.DLL

    wrong build number for URLMON.DLL

  13. IEBlog says:

    This morning we re-released three versions of our August 2006 cumulative security update (MS06-042)….