You may not be able to log on to a Web site or complete an Internet transaction after you install the 832894 (MS04-004) security update. For example, when you submit your user name and password to an SSL-secured Web site by using a form on a HTTPS Web page, you may receive an HTTP 500 (Internal Server Error) Web page.
This problem may occur after you apply the 832894 security update (MS04-004) or the 821814 hotfix on a computer that runs Microsoft Windows XP, Windows 2000, Windows NT 4.0, Windows Millennium Edition, or Windows 98.
For additional information about these software updates, click the following article number to view the article in the Microsoft Knowledge Base:
832894 MS04-004: Cumulative security update for Internet Explorer
821814 You receive a "page cannot be displayed" error message when you post to a site that requires authentication
The 832894 security update (MS04-004) and the 821814 hotfix change how the Internet extensions for Windows (Wininet.dll) retries POST requests when a Web server resets the connection. Programs that use Windows Internet (Wininet) application programming interface (API) functions to post data (such as a user name or a password) to a Web server retry the POST request without including the POST data if the Web server closes (or resets) the initial connection request.
Note A POST request does not include POST data if its content length is set to 0 or is empty.
Sometimes, this behavior prevents another reset and permits authentication to complete. However, you may receive an HTTP 500 (Internal server error) Web page if the Web server must have the POST data included when Wininet retries the POST request.
To download and to install this update, visit the Microsoft Windows Update Web site, and then install critical update 831167:
Administrators can download this update from the Microsoft Download Center or from the Microsoft Windows Update Catalog to deploy to multiple computers. If you want to install this update later on one or more computers, search for this article ID number by using the Advanced Search Options feature in the Windows Update Catalog.
For more information about how to download updates from the Windows Update Catalog, click the following article number to view the article in the Microsoft Knowledge Base:
323166 How to download updates that include drivers and hotfixes from the Windows Update Catalog
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
To install this update, you must be running Internet Explorer 6 SP1 (version 6.00.2800.1106) on one of the following versions of Windows:
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition, Service Pack 1
Microsoft Windows XP
Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4
Microsoft Windows NT Workstation, Server, and Terminal Server Edition 4.0 Service Pack 6a
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Note Because the 832894 (MS04-004) security update supports Windows 98, Windows 98 Second Edition, Windows Millennium Edition, and Windows 2000 SP2, this update will be also be supported on those operating systems.
You must restart your computer after you apply this update.
Update replacement information
This update replaces 821814 for Windows XP, Windows 2000, Windows NT 4.0, Windows Millennium Edition, Windows 98 Second Edition, and Windows 98.
Note This update does not replace 821814 for Windows Server 2003 because the problem that is described in this article does not occur on Windows Server 2003-based computers.
The packages for this update support the following Setup switches:
/q : Use Quiet mode or suppress messages when the files are being extracted.
/q:u : Use User-Quiet mode. User-Quiet mode presents some dialog boxes to the user.
/q:a Use Administrator-Quiet mode. Administrator-Quiet mode does not present any dialog boxes to the user.
/t: path Specify the location of the temporary folder that is used by Setup or the target folder for extracting files (when using /c).
/c Extract the files without installing them. If /t: path is not specified, you are prompted for a target folder.
/c: path Specify the path and the name of the Setup .inf file or the .exe file.
/r:n Never restart the computer after installation.
/r:i Prompt the user to restart the computer if a restart is required, except when this switch is used with the /q:a switch.
/r:a Always restart the computer after installation.
/r:s Restart the computer after installation without prompting the user.
/n:v Do not check version. Use this switch with caution to install the update on any version of Internet Explorer.
For example, to install the update without any user intervention and without a restart, use the following command:
q831167.exe /q:a /r:n
The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name Platform ------------------------------------------------------------------- 06-Feb-2004 18:05 6.0.2800.1405 588,288 Wininet.dll 07-Feb-2004 01:41 6.0.2800.1405 1,796,608 Wininet.dll IA-64
If you cannot apply the update that is discussed in the Resolution section, you can use one of the following server-side actions to work around the problem:
Increase the HTTP keep-alive timeout interval on the Web server or the proxy server. There is no setting in Microsoft Internet Information Services (IIS) to control the keep-alive timeout other than the Windows registry KeepAliveTime value. But with some Web servers and some proxy servers, you can specify a connection expiration time. If you can specify a connection expiration time in the Web server or the proxy server, increase the keep-alive timeout interval. See your Web server documentation for the correct setting name and value. The default keep-alive timeout value for Internet Explorer is one minute (60 seconds). Therefore, you must use an HTTP keep-alive timeout interval on the Web server or the proxy server that is greater than one minute.
For additional information about the Windows KeepAliveInterval parameter, the Windows KeepAliveTime parameter, and the Internet Explorer KeepAliveTimeout parameter, click the following article numbers to view the articles in the Microsoft Knowledge Base:
314053 TCP/IP and NBT configuration parameters for Windows XP
120642 TCP/IP and NBT configuration parameters for Windows 2000 or Windows NT
813827 How to change the default keep-alive time-out value in Internet Explorer
Disable the HTTP "keep alive connections" on the server. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
238210 HTTP keep-alive header sent whenever ASP buffering is enabled
Microsoft has confirmed that this is a problem in Microsoft Internet Explorer 6.
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
After you apply the 831167 software update that is described in this article, programs that use Wininet functions to post data to a Web server will resend complete POST requests when a connection with a Web server is reset.
To enable header-only post behavior, create a DWORD value named SampleApp.exe, where SampleApp is the name of the executable file that runs the program. Set the DWORD value's value data to 1 in one of the following registry keys:
For all users of the program, set the value in the following registry key:
For example, to enable header-only post behavior in Internet Explorer and in Windows Explorer, create DWORD values for Iexplore.exe and for Explorer.exe in one of these registry keys, and then set their value data to 1.
Note To enable header-only post behavior for all programs that use Wininet functions to post data to a Web server, create a DWORD value named * to the same registry key, and set the value's value data to 1.