Thursday, August 11, 2011

Microsoft Update Impacts WinPatrol Cookie Monitoring

WinPatrol fans who monitor cookies in Internet Explorer will discover after installing the latest Microsoft security updates that cookies do not display as expected in WinPatrol.

Instead of seeing the expected site or cookie name displayed, cookies are identified as alpha-numeric.txt files (i.e., HILD912G.txt).

In testing, I intentionally started installing the security updates one-by-one, selecting Microsoft Security Bulletin MS11-057 - Critical: Cumulative Security Update for Internet Explorer (2559049) first since it applies to all three operating systems and browsers. Indeed, following a restart, I was able to confirm the change in cookie display for IE9 on Windows 7. 

Based on feedback from WinPatrol users, this issue has been confirmed in Windows XP, Windows Vista and Windows 7 with IE8 and IE9.  (IE6 and IE7 have not been tested but will likely be impacted the same since the update applies to all versions of Internet Explorer.)

MS11-057 is a critical security update and it is strongly advised that it be installed. Cookies are a minor issue compared to the fix in this update, which, as described in the MSRC Blog:

"resolves five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer."
Bill Pytlovany has been advised of the situation and is actively working on a solution.  

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


ky331 said...

It's not just how WinPatrol perceives cookie names... the Microsoft Update has implemented a new cookie-naming system for ALL cookies used by Internet Explorer (perhaps for privacy/security concerns???). So ANY program (or user) that accesses one's IE-cookie-file will encounter these random cookie names.
BillP has written about it here:

Corrine said...

The cookie changes are explained in the "Cookie Filenames are Randomized" section of EricLaw's IEInternals blog post, Internet Explorer 9.0.2 Update.