Microsoft has made an update available that addresses a potential security issue with regard to the use of frames in Internet Explorer. Additional information about this issue is available from the following Microsoft Web site:Updates are available for the following products:

•	Microsoft Internet Explorer 4.01 and 4.01 SP1 for Windows 95
•	Microsoft Internet Explorer 4.01 and 4.01 SP1 for Windows NT 4.0 (Alpha and x86)
•	Microsoft Windows 98
•	Microsoft Internet Explorer 4.01 for Windows 3.1
•	Microsoft Internet Explorer 4.01 for Windows NT 3.51

This issue may enable a malicious Web site operator to mimic a legitimate Web site by inserting a window as a frame within the legitimate Web site's window. Microsoft has not received any reports of adverse effects as a result of this issue.

This update also fixes the "Untrusted Scripted Paste" and "Cross Frame Navigate" issues in Microsoft Internet Explorer 4.01 and 4.01 Service Pack 1 running on Windows operating systems. Additional information is available at the following Microsoft Web site: After installing this update, "3214" is added to the "Update versions" line when you click About Internet Explorer on the Help menu.

Note Internet Explorer 5 automatically includes protection against the "Frame Spoof" vulnerability at High security. To enable this protection in Internet Explorer 5 without using a High security setting, use the following steps:

1.	Click Start, point to Settings, click Control Panel, and then double-click Internet.
2.	Click the Security tab.
3.	Under Select a Web content zone to specify its security settings, click Internet.
4.	Click Custom Level.
5.	Under Navigate sub-frames across different domains, click Disable.
6.	Click OK.

Update Information by Product:

Warning This Frame Spoof patch may affect programs that host WebBroswer controls. Microsoft recommends you not install this patch if your program is affected.

Note If you are using Internet Explorer 3.x or 4.0, you must install Internet Explorer 4.01 in order to apply this update. You can install Internet Explorer 4.01 with Service Pack 1 from the following Microsoft Web site: Microsoft Internet Explorer 4.01 and 4.01 with Service Pack 1 for Windows 95:

   Updated File Name    Size (bytes)   Date       Version
   -------------------------------------------------------------
   Mshtml.dll           2422032        12/19/98   4.72.3612.1700
				

Microsoft Internet Explorer 4.01 and 4.01 with Service Pack 1 for Windows NT 4.0 x86:

   Updated File Name    Size (bytes)   Date       Version
   -------------------------------------------------------------
   Mshtml.dll           2421520        12/19/98   4.72.3612.1700
				

Microsoft Internet Explorer 4.01 and 4.01 with Service Pack 1 for Windows NT 4.0 Alpha:

   Updated File Name    Size (bytes)   Date       Version
   -------------------------------------------------------------
   Mshtml.dll           3948304        12/19/98   4.72.3612.1700
				

Windows 98:

   Updated File Name    Size (bytes)   Date       Version
   -------------------------------------------------------------
   Mshtml.dll           2422832        12/19/98   4.72.3612.1700
				

Microsoft Internet Explorer 4.01 for Windows 3.1 and Windows NT 3.51:

   Updated File Name    Size (bytes)   Date       Version
   ------------------------------------------------------------
   Mshtml16.dll         3086400        12/21/98   4.1.2512.2100
				

Note After applying this update, cross-frame navigation will be permitted only in the following cases:

1.	You own the frame (ownership is defined as being the direct parent).
2.	You are in the same domain as the owner of the frame. -or-
3.	The frame is a top-level window (applies to "target=" cases).

Also, after applying this update, you may receive the following error message when loading a Web page that contains the potential security issue: