Microsoft has been screaming for users to get the patch to fix vulnerability MS06-040. And now it’s warning them they might want to wait before fixing MS06–042 — or at least be careful.
Patch MS06-042, a fairly comprehensive fix, plugs multiple holes in Internet Explorer 5 and 6, several of which could allow for remote code execution.
However, there is one rather specific problem.
If you are using both Internet Explorer 6 with Service Pack 1 on either Windows XP with its Service Pack 1 or Windows 2000, Service Pack 4, IE could suddenly crash while trying to access a Web page using the HTTP 1.1 protocol.
Both IE 6 and Windows XP are on their second Service Packs, and there is no problem if you are using both products at these levels, a Microsoft spokesperson told internetnews.com.
Support for Windows XP Service Pack 1 will end in October.
The spokesman said Microsoft will reissue MS06-042 next Tuesday and encourages SP1 users to update when it’s available.
Customers not using IE 6 SP1 are not affected and should continue their deployments of MS06-042, Microsoft said.