Microsoft Issues XML Fix to IE Patch

By Matthew Hicks  |  Posted 2004-02-06 Email Print this article Print
 
 
 
 
 
 
 

WEBINAR: Event Date: Tues, December 5, 2017 at 1:00 p.m. ET/10:00 a.m. PT

How Real-World Numbers Make the Case for SSDs in the Data Center REGISTER >

Microsoft Corp. this week released a follow-on update to its earlier patch for an Internet Explorer spoofing vulnerability. The patch of a patch applies to Web sites and applications that make use of XMLHTTP authentication.

Microsoft Corp. this week released a follow-on update to its earlier patch for an Internet Explorer spoofing vulnerability.

The new update, released in a series of service packs on Thursday, fixes Microsoft Extensible Markup Language (MSXML) functionality so that it can work properly with the changes made in the IE security bulletin that Microsoft released on Monday. That IE update patched a hole that could let an attacker disguise a malicious URL as a legitimate one in the Web browser's address bar.

The new MSXML update specifically applies to Web sites and applications that make use of an XMLHTTP control for authentication in IE, said Mike Reavey, a Microsoft security program manager.

Monday's IE security update disallowed navigation to "username:password@host.com" URLs for XMLHTTP, but the new service packs provide new methods for authenticating.

Microsoft released the MSXML update, called a "Critical Update for Microsoft XML 3.0" in three different downloads: Service Pack 2, Service Pack 3 and Service Pack 4.

The update documentation said the MSXML updates support Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows NT, Windows Server 2003 and Windows XP.

 
 
 
 
Matthew Hicks As an online reporter for eWEEK.com, Matt Hicks covers the fast-changing developments in Internet technologies. His coverage includes the growing field of Web conferencing software and services. With eight years as a business and technology journalist, Matt has gained insight into the market strategies of IT vendors as well as the needs of enterprise IT managers. He joined Ziff Davis in 1999 as a staff writer for the former Strategies section of eWEEK, where he wrote in-depth features about corporate strategies for e-business and enterprise software. In 2002, he moved to the News department at the magazine as a senior writer specializing in coverage of database software and enterprise networking. Later that year Matt started a yearlong fellowship in Washington, DC, after being awarded an American Political Science Association Congressional Fellowship for Journalist. As a fellow, he spent nine months working on policy issues, including technology policy, in for a Member of the U.S. House of Representatives. He rejoined Ziff Davis in August 2003 as a reporter dedicated to online coverage for eWEEK.com. Along with Web conferencing, he follows search engines, Web browsers, speech technology and the Internet domain-naming system.
 
 
 
 
 
























 
 
 
 
 
 

Submit a Comment

Loading Comments...
























 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date