Internet Explorer Patch Gets Patched

Fixes come in the wake of an earlier "critical" browser update
Microsoft has released a series of follow-on fixes to its Internet Explorer patch of last week that allow Web sites and companies to continue to use the XMLHTTP control for authentication.

Last Monday, Microsoft rolled out a patch for IE to plug a hole that could allow an attacker to "spoof" a URL by disguising a malicious site as a legitimate address showing in the Web browser's address bar.

After the patch debuted, reports quickly began surfacing of users who were unable to access corporate sites or some of those on the Web. The trouble, which didn't affect all users, stemmed from an inability to access URLs in the format of "username:[email protected]," which some sites and intranets rely on to provide one-step authentication.

The updates, posted without fanfare on Thursday, restore Microsoft Extensible Markup Language functionality to machines that have been patched with the IE correction.

The update, which Microsoft characterized as "critical" on its Web site, is composed of three separate downloads: Microsoft XML 3.0 Service Pack 2, Service Pack 3, and Service Pack 4.

The affected operating systems include Windows 2000 (SR2, SR3, and SR4) Windows NT, Windows Server 2003, and Windows XP.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing