Microsoft's Patch Tuesday on Sep. 12 brought three bulletins covering a three software flaws, but the day will be remembered most for an Internet Explorer mega-patch that is being re-rereleased to address a 10th vulnerability that was missed by the software maker. Just weeks after re-issuing the cumulative browser update amidst a round of verbal jousting with a private security research company, Microsoft has again refreshed the patch to cover another code execution bug that could cause PC takeover attacks.
The flaw, which exists in the way IE handles long URLs when visiting Web sites using HTTP 1.1 protocol and compression, was flagged by eEye Digital Security, the same company that had its name zapped from the flaw credits when the update shipped for a second time on Aug. 24. "We found another problem that they missed, even with the rerelease," said Marc Maiffret, chief hacking officer at eEye, in Aliso Viejo, Calif. The latest bulletin credits eEye with finding the additional bug.