Article ID: 980088 - Last Review: July 2, 2010 - Revision: 4.0

Microsoft Security Advisory: Vulnerability in Internet Explorer could allow information disclosure

View products that this article applies to.
System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.
Expand all | Collapse all

INTRODUCTION

Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/advisory/980088.mspx (http://www.microsoft.com/technet/security/advisory/980088.mspx)


To have us fix this problem for you, go to the "Fix it for me" section. If you would rather fix this problem yourself, see the workaround section in the security advisory (http://www.microsoft.com/technet/security/advisory/980088.mspx) .

Fix it for me

This fixit solution described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this fixit solution as a workaround option for some scenarios.

For more information about this workaround, visit the following Microsoft Security Advisory Web page:
http://www.microsoft.com/technet/security/advisory/980088.mspx (http://www.microsoft.com/technet/security/advisory/980088.mspx)
The advisory provides more information about the issue, including the following:
  • The scenarios in which you might apply or disable the workaround.
  • How to manually apply the workaround.
Specifically, to see this information, look for the General Information heading, then expand the Suggested actions section, and then expand the Workaround section.

To automatically apply this resolution, click the Fix this problem link under the "Enable Network Protocol Lockdown" heading. Then, click Run in the File Download dialog box and follow the steps in the wizard. This applies the "enable network protocol lockdown" workaround that is listed in CVE-2010-0255.

To automatically undo the fix and restore the original settings, click the Fix this problem link under the "Disable Network Protocol Lockdown" heading. Then, click Run in the File Download dialog box and follow the steps in the wizard. This removes the "enable network protocol lockdown" workaround that is listed in CVE-2010-0255.

Microsoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. For more information about the workarounds, see the security advisory (http://www.microsoft.com/technet/security/advisory/980088.mspx) .
Collapse this tableExpand this table
Enable Network Protocol LockdownDisable Network Protocol Lockdown
Fix this problem
Microsoft Fix it 50365
Fix this problem
Microsoft Fix it 50366

Notes
  • This Fix it can be used with supported versions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
  • This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.
  • If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or to a CD, and then you can run it on the computer that has the problem.
For more information about the Internet Explorer Network Protocol Lockdown functionality, visit the following Microsoft Web page:
http://technet.microsoft.com/en-us/library/cc737488(WS.10).aspx (http://technet.microsoft.com/en-us/library/cc737488(WS.10).aspx)
APPLIES TO
  • Windows Internet Explorer 8, when used with:
    • Windows Server 2008 for Itanium-Based Systems
    • Windows Server 2008 Datacenter
    • Windows Server 2008 Enterprise
    • Windows Server 2008 Standard
    • Windows Web Server 2008
    • Windows Server 2008 R2 Datacenter
    • Windows Server 2008 R2 Enterprise
    • Windows Server 2008 R2 Standard
    • Windows Web Server 2008 R2
    • Windows 7 Enterprise
    • Windows 7 Home Basic
    • Windows 7 Home Premium
    • Windows 7 Professional
    • Windows 7 Ultimate
    • Windows Vista Business
    • Windows Vista Enterprise
    • Windows Vista Home Basic
    • Windows Vista Home Premium
    • Windows Vista Ultimate
    • Windows Vista Enterprise 64-bit Edition
    • Windows Vista Home Basic 64-bit Edition
    • Windows Vista Home Premium 64-bit Edition
    • Windows Vista Ultimate 64-bit Edition
    • Windows Vista Business 64-bit Edition
    • Microsoft Windows XP Professional
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Windows Internet Explorer 7, when used with:
    • Windows Server 2008 for Itanium-Based Systems
    • Windows Server 2008 Datacenter
    • Windows Server 2008 Enterprise
    • Windows Server 2008 Standard
    • Windows Web Server 2008
    • Windows Vista Business
    • Windows Vista Enterprise
    • Windows Vista Home Basic
    • Windows Vista Home Premium
    • Windows Vista Ultimate
    • Windows Vista Enterprise 64-bit Edition
    • Windows Vista Home Basic 64-bit Edition
    • Windows Vista Home Premium 64-bit Edition
    • Windows Vista Ultimate 64-bit Edition
    • Windows Vista Business 64-bit Edition
    • Microsoft Windows XP Professional
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Internet Explorer 6.0, when used with:
    • Microsoft Windows XP Professional
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Internet Explorer 5.01 Service Pack 4, when used with:
    • Microsoft Windows 2000 Advanced Server
    • Microsoft Windows 2000 Professional Edition
    • Microsoft Windows 2000 Server
Back to the top
Keywords: 
kbexpertiseinter kbinfo kbsecadvisory kbsecurity kbsecvulnerability kbmsifixme kbfixme kbsurveynew KB980088