Invalid SSL Certificates May Be Bypassed in Internet Explorer

Article translations Article translations
Article ID: 254902 - View products that this article applies to.
This article was previously published under Q254902
Expand all | Collapse all

SYMPTOMS

If you use a command-line option to start an instance of Webserver.exe and specify a server certificate at startup, and you then stop the current Webserver.exe instance and start a new instance of Webserver.exe with a different server certificate, a computer that is running Internet Explorer may not recognize the certificate change.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack


Microsoft has released an update that resolves this issue. For information about this update, please visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/ms00-039.mspx

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

This problem was first corrected in Windows 2000 Service Pack 1.

MORE INFORMATION

NOTE: This update may not appear when you click Product Updates on the Microsoft Windows Update Web site, or you may receive the following message when you are installing this update from the Microsoft Download Center:
This update does not need to be installed on this system.
Updates are available only for Internet Explorer 4.01 Service Pack 2 (SP2) and Internet Explorer 5.01. Internet Explorer versions 4.0, 4.01, 4.01 Service Pack 1, 5, and 5.5 Beta are also vulnerable to this issue, but running the patch on a version of Internet Explorer 4.x earlier than 4.01 SP2, a version of Internet Explorer 5 earlier than 5.01, or Internet Explorer 5.5 Beta results in the message listed above. This patch is not listed as a critical update on the Microsoft Windows Update Web site unless you are running Internet Explorer 4.01 SP2 or 5.01.

Microsoft recommends that you update to Internet Explorer 4.01 SP2 or 5.01 and then install this patch. If you are using Internet Explorer 5.5 Beta, Microsoft recommends that you uninstall Internet Explorer 5.5 Beta and then install this patch for Internet Explorer 4.01 SP2 or 5.01. The final released version of Internet Explorer 5.5 includes all of the updates in this patch.

For information about determining the version of Internet Explorer you are using, please see the following article in the Microsoft Knowledge Base:
164539 How to Determine Which Version of Internet Explorer Is Installed

Properties

Article ID: 254902 - Last Review: March 22, 2007 - Revision: 3.7
APPLIES TO
  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.01
  • the operating system: Microsoft Windows 2000
Keywords: 
kbhotfixserver kbqfe kbbug kbfix kbsecurity kbwin2000sp1fix KB254902

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com