Log in

No account? Create an account

Previous Entry | Next Entry


That's right. IE 7 will be able to be implemented through Automatic Updates as a Critical patch, planned for later this year. Presumably, this also means WSUS will get this. I'm curious about how SMS 2003's ITMU will address this. At this time, XP SP2 is the target for desktop -- no plans for W2K SP4 or XP SP1. Vista will have this bulit in would be my guess. On the server side, it's Windwos Server 2003 SP1, again with no plans for W2K or Windows Server 2003 RTM. Presumably, Longhorn will have this built in.

From TFA:
We are also providing a Blocker Toolkit for our enterprise customers who may want to block automatic delivery of IE7 in their organizations; this blocker has no expiration date. Enterprise customers can download the free Blocker Toolkit from the Microsoft Download Center today. We’ve also made additional information for IT administrators available at the Windows Update/Microsoft Update site on TechNet.

Further, regarding the Blocker Toolkit, from the download site:
Organizations do not need to deploy the Blocker Toolkit in environments managed with an update management solution such as Windows Server Update Services or Systems Management Server 2003. Organizations can use those products to fully manage deployment of updates released through Windows Update and Microsoft Update, including Internet Explorer 7, within their environment.



Jul. 27th, 2006 07:55 pm (UTC)
My argument - are you (M$) saying that IE 6 sucks donkey tits and should have never been released? And aren't all the security "features" mostly holes in Windows?

If the stack mechanism for calling routines and allocating variables had not caught on, the number of buffer overruns would be about 99% less. There was a discussion not too long ago on IBMVM-L (z/VM mailing list) about buffer overruns, and in the TCP/IP stack (written mostly in Pascal in the late 1980's (long story)) there was a whopping 16 total buffer overrun bugs, all fixed by 1993, and never exploited.

Data should not be allocated in a stack. Period. Thank you Intel and K&R.
Jul. 27th, 2006 08:21 pm (UTC)
Whoa. A little bitter there, huh? ;)
Jul. 27th, 2006 08:35 pm (UTC)
Those that forget history are condemned to repeat it. Or something like that. :-)

I just hate to see how people missed design flaws. Or just didn't test properly. It's pretty easy to detect buffer overflows in a stack environment in testing - just type in a lot of characters and if you get a WAB, duh.

I forgot to mention that the Pascal stuff uses standard IBM VM storage management - no stack, no data on stack.