Microsoft Warns of Bug in IE -- Redmond Channel Partner

Microsoft Warns of Bug in IE

By Scott Bekker
February 18, 2000

Microsoft has released a patch that eliminates a security vulnerability in Internet Explorer (IE). The vulnerability could allow a malicious user to read, but not add, change, or delete, certain types of files on the computer of a visiting user.

When a Web server navigates a window from one domain into another, the IE security model checks the server's permissions on the new page. It is possible, however, for a Web server to open a browser window to a client-local file, then navigate the window to a page that is in the Web site's domain in such a way that the data in the client-local file is accessible to the new window. The data would only be accessible to the new window for a very brief period, but the result is that it could be possible for a malicious Web site operator to view files on the computer of a visiting user. The operator would need to know or guess the name and location of the file, and could only view file types that can be opened in a browser window.

IE 4.0, 4.01, 5, and 5.01 are all affected by the vulnerability. Patches are available at http://www.windowsupdate.microsoft.com and http://www.microsoft.com/windows/ie/security/patch5.asp. -- Isaac Slepner

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Free Webcast! Learn about Password Management Best Practices

Featured

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.
Microsoft Gives Orgs More Power to 'Tune' AI Agents

At its Build 2025 conference this week, Microsoft unveiled significant advancements aimed at empowering enterprises to create more sophisticated AI agents.
Build 2025: Microsoft Charts Wider Path for AI Agents

At Build 2025, Microsoft unveiled its strategic vision for the future of AI agents, emphasizing the development of autonomous systems capable of performing complex tasks across various applications.
Microsoft to Orgs: Ditch Your Passwords for Passkeys

May marks the first-ever "World Passkey Day," the occasion of which Microsoft marked by leaning into its vision of a passwordless future.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

Microsoft Warns of Bug in IE

Featured

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Gives Orgs More Power to 'Tune' AI Agents

Build 2025: Microsoft Charts Wider Path for AI Agents

Microsoft to Orgs: Ditch Your Passwords for Passkeys

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Build 2025: Microsoft Charts Wider Path for AI Agents

Microsoft Gives Orgs More Power to 'Tune' AI Agents

Meet 'The Evolvers': The Partner Masters

GTIA Steps Into the Channel Spotlight

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Build 2025: Microsoft Charts Wider Path for AI Agents

Microsoft Gives Orgs More Power to 'Tune' AI Agents

Meet 'The Evolvers': The Partner Masters

GTIA Steps Into the Channel Spotlight

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to Office 365 Security Costs

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

FREE WEBCASTS FROM OUR SPONSORS

Seamless Transitions: Migrating Your VMware Workloads to Azure

Azure Virtual Desktop: The Smart Choice for Remote Work Success

Veeam Data Cloud for Microsoft 365

Mastering Cost Management in Azure

FREE WHITE PAPERS FROM OUR SPONSORS

The Easy Button eBook: Simplicity of SaaS-Based Backup for Microsoft 365

Unlock the benefits of Microsoft Azure partnership

How Retailers Can Overcome 7 Common Tax Compliance Challenges

Tax Challenges Affecting the Manufacturing Industry