Security Update, October 10, 2000
DownloadEnglish
Arabic
Chinese (Simplified)
Chinese (Traditional)
Czech
Danish
Dutch
Finnish
French
German
Greek
Hungarian
Italian
Japanese
Korean
Norwegian
Polish
Portugese (Brazilian)
Russian
Spanish
Swedish
Turkish
|
Read This First
This update resolves the "Cached Web Credentials" security vulnerability in Internet Explorer. Download now to help prevent a malicious user from learning the credentials of another user and then using them to log onto a Web site as the other user. This vulnerability does not give a malicious user the ability to add, change, or delete files on your computer.
Under the "Cached Web Credentials" vulnerability, if a user logs onto a secured Web page using Basic Authentication, and subsequently visits a non-secure page on the same site, Internet Explorer automatically sends the cached credentials, normally a user ID and password, to the non-secure page. If a malicious user gains control over the other user's network communications, it is possible for the malicious user to read the credentials and use them. This vulnerability does not provide a means by which the malicious user can force another user to log onto a secure page, and can only be used to reveal credentials that had been cached during the current Internet Explorer session.
For more information on these vulnerabilities, please read Microsoft Security Bulletin MS00-076.
