Security Update, May 24, 2001
DownloadEnglish
Arabic
Chinese (Simplified)
Chinese (Traditional)
Czech
Danish
Dutch
Finnish
French
German
Greek
Hebrew
Hungarian
Italian
Japanese
Korean
Norwegian
Polish
Portugese (Brazilian)
Portugese
Russian
Slovak
Slovenian
Spanish
Swedish
Turkish
|
Read This First
This update resolves several security vulnerabilities in Internet Explorer 5.5 Service Pack 1 (SP1), and is discussed in Microsoft Security Bulletins MS01-015 and MS01-027. It also includes a previously released update, which is discussed in Microsoft Security Bulletin MS01-020. Download now to help eliminate multiple certificate validation vulnerabilities and to help prevent a malicious Web site operator from running programs on your computer via HTML Help (.chm) files, and executable e-mail attachments, and to help prevent malicious Web site operators from making it appear that the content from his or her Web site actually originated from another site, even a trusted or secure Web site.
This update addresses these issues:
| • | A vulnerability that prevents Internet Explorer from validating the digital certificates used in Secure Sockets Layer (SSL) sessions correctly. Under a certain set of conditions, this vulnerability enables a malicious Web site operator to make his or her Web site appear to be a trusted site when it is not. |
| • | A vulnerability that could allow an unauthorized user to learn the location of cached content on your computer. This could enable the unauthorized user to launch compiled HTML Help (.chm) files that contain shortcuts to executable (.exe) files, allowing the unauthorized user to run the .exe files on your computer. |
| • | Several variants of the "Frame Domain Verification" vulnerability, which could enable a malicious Web site operator to read, but not change or add, files on the computer of a visiting user. These variants were originally discussed in Microsoft Security Bulletin MS00-033. |
| • | A vulnerability that could enable an attacker to make his or her Web site appear to be a different site. By posing as a site that you trust, the attacker's site might be able to persuade you to provide information that you would only provide to a trusted site. |
This update also includes a previously released update which addresses the "Incorrect MIME Header Can Cause Internet Explorer to Execute E-mail Attachment" security vulnerability in Internet Explorer, and is discussed in Microsoft Security Bulletin MS01-020. This update eliminates the vulnerability by correcting the way Internet Explorer handles MIME (Multipurpose Internet Mail Extensions) headers in HTML e-mails, preventing e-mails from automatically launching .exe file attachments.
For more information about these vulnerabilities, read Microsoft Security Bulletins MS01-015, MS01-027, and MS01-020.
