Patching computers increases vulnerability?

[pne]

Someone pointed out this quote to me from [1]:

In einem internen Testlauf stellten wir fest, dass das Exploit auf einem Windows XP mit IE 6.0 erst lauffähig war, nachdem wir alle aktuellen Sicherheitspatches von windowsupdate.com eingespielt hatten

or in English:

In an internal test we found that the exploit would only run on a Windows XP system with IE 6.0 after we had installed all current security patches from windowsupdate.com.

Comments

[denial-land.livejournal.com]

*wiggles firefox*...heh.

[opal1159.livejournal.com]

These IE exploit things - are you vulnerable because you use IE or because it's installed?

IE exploits

[pne.livejournal.com]

I believe with most of them, you're only vulnerable if you use IE to browse the Internet (or another program that uses IE as an ActiveX control), but I've seen at least one security bulletin by Microsoft that said you were vulnerable if you had it installed. (That was the one that caused me, reluctantly, to upgrade my IE to 6.0 on my old Windows 98 box.)

[jordik.livejournal.com]

With most of them you must actually be using the leaky browser to be at risk. But to be more safe, install a software firewall and block all access to MSIE. (You can still get Windows Updates manually or through the auto-updater.)

[pthalo]

well, think about all the times a bug was introduced on LJ while patching another one? the other week, a bug i reported was fixed in a way that didn't allow non supporthelps to submit screened answers. that was fixed quickly, but it happens.