Security Update 2, February 27, 2001
Download
|
Read This First
This update resolves a security vulnerability in Internet Explorer, and is discussed in Microsoft Security Bulletin MS01-015. Download now to help prevent an unauthorized user from creating and executing programs on your computer.
This vulnerability allows a Web site or HTML e-mail to start a Telnet session through Internet Explorer. By design, a Web site or HTML e-mail should be able to start a Telnet session, but it should not be able to select Telnet's operating mode when doing so. However, the flaw enables a Web site to bypass this restriction, which poses a security problem if you have installed Services for UNIX 2.0 on your computer. The version of Telnet in Services for UNIX 2.0 provides an operating mode which, if invoked by a Web site or HTML e-mail, could enable an attacker to stream an executable (.exe) file onto your computer. The .exe file could be executed automatically the next time you turn on your computer.
For more information about this vulnerability, read Microsoft Security Bulletin MS01-015.
System Requirements
This update applies to:
| • | Internet Explorer 5.01 Service Pack 1 |
| • | Internet Explorer 5.5 Service Pack 1 |
How to download and install
| • | Click the Security Update link at the top of this page. |
| • | Choose Run this program from its current location and click OK. |
| • | Click Yes if asked whether you would like to install and run Security Update 2, February 27, 2001. |
| • | Accept the License Agreement and click Next to begin the installation process. |
