Why did I fail this test ? because I have SP1 installed ( BETA - I know ).So SP1 Beta wipes out security patches !!!! Arrrghh

Solution if you have SP1 installed : go into control panel \ Add-remove programs and un-install Internet Explorer which will restore the previous version of I.E, meaning it will remove SP1.
Then I installed the dec 13 fix just in case and now I can pass the test -> I.E wants to download a file instead of just run it !

The same happens for win2k I believe. Of course if MShaft included all the securtiy patches within the service pack it wouldn't matter.

Why is this a surprise?
You've always had to reinstall patches and security updates when reinstalling/upgrading an OS. It resets everything to what is on the CD. Why trust an upgrade anyway?

It is a surprise becuase WindowsUpdate says all patches are in place!

Which is true, they are simply not active !!!!!!!!!!!!!!!!!!!! and that's scary.

All I did was install I.E 6.0 SP1 onto a PC which had ALL patches/fixes prior to installing I.E 6.0 SP1.

A check on windowsupdate, after installing SP1, didn't reveal any missing or misconfigured security patches, so I naturally assumed that everything was in place. BIG surprise when I tested I.E on the above link and found that code could be run on my system without any warning.

So, I downloaded the dec 13 security patch which contains all security pacthes up to that date and ...... BIG surprise ! I could not install it, it kept saying ... : This requires I.E 6 to be installed .... HELLO ... I guess I.E 6 SP1 isnt't I.E 6. Arrrgh

So the only thing I could do was to remove SP1 from I.E 6 and then install the dec 13 patch .... no problem this time.

My concern is ... : What will happen when SP1 becomes available on WindowsUpdate .. will it also wipe out security patches as the BETA did. And if it does, how many average users will actually discover that they have wiped out all the security patches they had previously installed.
Not that many I fear ....!

It's what I would call a large oversight by Microshaft. I wonder how many network admins have got caught out by this. Of course his Billiness reckons they're going to take security more seriously.
I hope so.