Microsoft Releases Internet Explorer Cumulative Patch (MS04-004)
Earlier today Microsoft released patches for Internet Explorer versions 5.01, 5.5, and 6.0. This cumulative patch replaces the one that is provided by Microsoft Security Bulletin MS03-048.
The Bulletin is located at:
It is reported that this update eliminates a vulnerability in the cross-domain security model, a vulnerability involving drag-and-drop operations during dynamic HTML (DHTML) events, and the vulnerability involving URL parsing which contains special characters. Each of these vulnerabilities is rated at either Critical or Important for any version of Windows previous Windows Server 2003. They are listed as Moderate or Important for Windows Server 2003.
In addition, the basic authentication features of Internet Explorer have been modified to remove handling user names and passwords in HTTP, HTTPS, and XMLHTTP URLs. This change may have a dramatic effect on end-users that may be bookmarking or otherwise storing their passwords as part of the URL. Though this change does improve security, end users may complain about the loss of this ability.
For more information on the URL Parsing vulnerability please see:
Internet Storm Center
Scott Fendley - Handler on duty
Feb 2nd 2004
1 decade ago