Microsoft clarifies Windows URI patch strategy

Microsoft Corp. yesterday clarified what it plans to patch to fix a bug in Windows XP and Server 2003, but said it had no plans to overhaul the operating system's protocol-handling technology. Mark Miller, director of the Microsoft Security Response Center (MSRC), and Mike Reavey, the MSRC's operations manager, acknowledged there was confusion around its […]

Microsoft Corp. yesterday clarified what it plans to patch to fix a bug in Windows XP and Server 2003, but said it had no plans to overhaul the operating system's protocol-handling technology.

Mark Miller, director of the Microsoft Security Response Center (MSRC), and Mike Reavey, the MSRC's operations manager, acknowledged there was confusion around its decision to patch a vulnerability in Windows XP and Windows Server 2003 on systems running Internet Explorer 7.

"There are two separate issues," said Miller, referring to the Universal Resource Identifier (URI) bug in Windows that was the focus of a security advisory issued yesterday, and a larger problem that first surfaced in June but gained traction in July. "The issue [from] back in June is really related to protocol handling, and is really around how third-party applications handle them," Miller said.

Full Article

Microsoft, Internet Explorer 7, IE7, Security, Vulnerability, Bug, Exploit, Protocol-handling bug, Windows XP, Windows 2003, Windows Server 2003, Windows URI, Security Update, Patch