Patch Available for the Cached Web Credentials Vulnerability

Article translations Article translations
Article ID: 273868 - View products that this article applies to.
This article was previously published under Q273868
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

SYMPTOMS

Microsoft has released a patch that eliminates a vulnerability that may enable a malicious user to obtain your user ID and password for a Web site.

RESOLUTION

To resolve this problem, obtain the latest service pack for Internet Explorer version 5.01. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
267954 How to Obtain the Latest Internet Explorer 5.01 Service Pack
For your convenience, the individual update is also available for download. The following file is available for download from the Microsoft Download Center:
Collapse this imageExpand this image
Download
Download Q273868.exe now
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. NOTE: This patch requires that you have Internet Explorer 5.01 Service Pack 1 (SP1). If you install this patch and you are using a version of Internet Explorer other than Internet Explorer 5.01 SP1, the update is not installed and you may receive the following error message:
This update does not need to be installed on this system.
This message is correct if you are running Internet Explorer 5.5, which is not affected by this vulnerability. If you are running a version of Internet Explorer earlier than version 5.01 SP1, Microsoft recommends that you upgrade to Internet Explorer 5.01 SP1 and then install this patch, or upgrade to Internet Explorer 5.5.

The English-language version of this patch should have the following file attributes or later:
   Date        Time     Size     File name
   -----------------------------------------

   06/09/2000  10:34AM   89,360  Advpack.dll
   09/25/2000  04:57PM  459,536  Wininet.dll
				
For additional information about how to determine which version of Internet Explorer that is installed, click the article number below to view the article in the Microsoft Knowledge Base:
164539 How to Determine Which Version of Internet Explorer Is Installed

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Internet Explorer version 5.01 Service Pack 2.

MORE INFORMATION

If you log on to a secure Web page by using basic authentication, and then visit a non-secure page on the same site, Internet Explorer automatically sends the cached credentials (typically your user ID and password) to the non-secure page. If a malicious user can control your network communications, the user can read your credentials and use them. However, the malicious user cannot force you to log on to a secure page; the user can use this vulnerability only to reveal credentials that are cached during the current Internet Explorer session.

For additional information about this issue, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/ms00-076.mspx

Properties

Article ID: 273868 - Last Review: February 28, 2014 - Revision: 4.3
APPLIES TO
  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 4.01 Service Pack 1
  • Microsoft Internet Explorer 4.01 Service Pack 2
  • Microsoft Internet Explorer 4.0 128-Bit Edition
  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 4.01 Service Pack 2
  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 4.01 Service Pack 1
  • Microsoft Internet Explorer 4.01 Service Pack 2
  • Microsoft Internet Explorer 4.0 128-Bit Edition
  • the operating system: Microsoft Windows 2000
Keywords: 
kbnosurvey kbarchive kbbrowse kberrmsg kbfix kbgraphxlinkcritical kbie501presp2fix kbnetwork kbprb kbqfe kbhotfixserver KB273868

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com