Help and Support
 

powered byLive Search

Invalid SSL Certificates May Be Bypassed in Internet Explorer

View products that this article applies to.
Article ID:254902
Last Review:March 22, 2007
Revision:3.6
This article was previously published under Q254902

SYMPTOMS

If you use a command-line option to start an instance of Webserver.exe and specify a server certificate at startup, and you then stop the current Webserver.exe instance and start a new instance of Webserver.exe with a different server certificate, a computer that is running Internet Explorer may not recognize the certificate change.

Back to the top

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 (http://support.microsoft.com/kb/260910/EN-US/) How to Obtain the Latest Windows 2000 Service Pack


Microsoft has released an update that resolves this issue. For information about this update, please visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/ms00-039.mspx (http://www.microsoft.com/technet/security/bulletin/ms00-039.mspx)

Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

This problem was first corrected in Windows 2000 Service Pack 1.

Back to the top

MORE INFORMATION

NOTE: This update may not appear when you click Product Updates on the Microsoft Windows Update Web site, or you may receive the following message when you are installing this update from the Microsoft Download Center:
This update does not need to be installed on this system.
Updates are available only for Internet Explorer 4.01 Service Pack 2 (SP2) and Internet Explorer 5.01. Internet Explorer versions 4.0, 4.01, 4.01 Service Pack 1, 5, and 5.5 Beta are also vulnerable to this issue, but running the patch on a version of Internet Explorer 4.x earlier than 4.01 SP2, a version of Internet Explorer 5 earlier than 5.01, or Internet Explorer 5.5 Beta results in the message listed above. This patch is not listed as a critical update on the Microsoft Windows Update Web site unless you are running Internet Explorer 4.01 SP2 or 5.01.

Microsoft recommends that you update to Internet Explorer 4.01 SP2 or 5.01 and then install this patch. If you are using Internet Explorer 5.5 Beta, Microsoft recommends that you uninstall Internet Explorer 5.5 Beta and then install this patch for Internet Explorer 4.01 SP2 or 5.01. The final released version of Internet Explorer 5.5 includes all of the updates in this patch.

For information about determining the version of Internet Explorer you are using, please see the following article in the Microsoft Knowledge Base:
164539 (http://support.microsoft.com/kb/164539/EN-US/) How to Determine Which Version of Internet Explorer Is Installed

Back to the top

APPLIES TO
Microsoft Internet Explorer 5.01
Microsoft Windows 2000 Standard Edition

Back to the top

Keywords: 
kbbug kbfix kbwin2000sp1fix kbqfe kbsecurity kbhotfixserver KB254902

Back to the top

Article Translations

 

Related Support Centers

Other Support Options

  • Need More Help?
    Contact a Support professional by Email, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.