HelpWithWindows | Windows Forum | RoseCitySoftware





Windows 95 > Internet Explorer 4 Tips


Security Patches

By:

To date a number of security issues have been discovered in Internet Explorer 4.x. A lot of these patches will be included in the latest version of IE 4 (SP2), so check which one has to be applied to your version of Internet Explorer.

Please note that IE4 is no longer supported by Microsoft!

  1. "Freiburg" Text-Viewing Issue
  2. Buffer Overrun Problem (For more Information see: www.news.com)
  3. Fix for the "Page Redirect" issue. (For more Information see: www.microsoft.com)
  4. MK Overrun issue (For more Information see: www.news.com)
  5. Embed issue (see below).
  6. "Window.External" JScript Vulnerability in Microsoft Internet Explorer 4. (For more Information see Microsoft's Knowledge Base Article No. 191200. The following software is affected by this vulnerability:

    • Microsoft Internet Explorer 4, 4.01, 4.01 SP1 on Windows 95 and Windows NT 4.0
    • Microsoft Windows 98

    Internet Explorer 4 for Windows 3.1, Windows NT 3.51, Macintosh and UNIX (Solaris) are not affected by this problem. Internet Explorer 3.x is not affected by this problem.

  7. Internet Explorer Cross Frame Navigate Vulnerability (more info below)
  8. "Untrusted Scripted Paste" Issue (more info below)
  9. "Dotless IP Address" Issue (more info below)
  10. "Frame Spoof" Issue (more info below)
  11. Patch for "DHTML Edit" Vulnerability (more info below)
  12. MSHTML Update Available for Internet Explorer (more info below)
  13. Patch for "Malformed Favorites Icon" Vulnerability (more info below)
  14. Patch for "Scriptlet.typlib/Eyedog" Vulnerability (more info below)
  15. Patch Available for "IFRAME ExecCommand" Vulnerability (more info below)
  16. Patch Available for "Active Setup Control" Vulnerability (more info below)
  17. Patch Available for "Javascript Redirect" Vulnerability (more info below)
  18. Patch Available for "Server-side Page Reference Redirect" Vulnerability (more info below)
  19. Patch Available for "Frame Domain Verification", "Unauthorized Cookie Access", and "Malformed Component Attribute" Vulnerabilities (more info here)
  20. Patch Available for "Image Source Redirect" Vulnerability (more info here)
  21. Patch Available for "HTML Help File Code Execution" Vulnerability (more info here)
  22. Patch Available for "SSL Certificate Validation" Vulnerability (more info here)
  23. Patch Available for "Active Setup Download" Vulnerability (more info here)
  24. Patch Available for "The Office HTML Script" Vulnerability and a Workaround for "The IE Script" Vulnerability (more info here
  25. Patch Available for "Malformed E-mail Header" Vulnerability (more info here
  26. Patch Available for "Persistent Mail-Browser Link" Vulnerability (more info here
  27. Patch Available for "Cache Bypass" Vulnerability (more info here
  28. Patch Available for "Scriptlet Rendering" Vulnerability (more info here
  29. Patch Available for "Cached Web Credentials" Vulnerability (more info here

Note: Fix #3 applies for IE4.0 on Win 95 and WinNT 4.0 AND IE3.02 on Win 95 and WinNT 4.0

Note: Fix #4 applies for:

  • Internet Explorer 4 and 4.01 for Windows 95 and Windows NT 4.0
  • Internet Explorer 3.02 for Windows 95 and Windows NT 4.0 with Microsoft Visual Studio installed.

For more Information you can always visit Microsoft's Internet Explorer Security Page.

If you download IE 4.01 the fixes #1, #2 and #3 are included, so you don't need to re-install them. If you're not sure of your version of Internet Explorer, select Help from the Internet Explorer menu bar and select About Internet Explorer. Here you can see the version number.

IE 4.0: 4.71.1712.6
IE 4.01: 4.72.2106.8 (or higher)

"Embed Issue":

Microsoft has issued a patch to correct a security hole discovered in Internet Explorer 4/4.01 browsers. Though difficult to execute, a malicious web page could cause Internet Explorer 4 to crash while using the Embed tag.

The following Web site will automatically check your browser to see if your version of Explorer is affected. The site also provides a patch:

http://www.microsoft.com/windows/Ie/security/embed.asp

"Window.External" JScript Vulnerability

The patch for the "Window.External" JScript Vulnerability is available for download from the Microsoft Scripting Technologies web site, http://www.microsoft.com/msdownload/vbscript/scripting.asp.

Microsoft has also made this patch available as a "Critical Update" for Windows 98 customers through the Windows Update.

"Cross Frame Navigate Issue"

Microsoft has released a patch that fixes a recently discovered issue with the implementation of cross frame security in Microsoft Internet Explorer.

The Cross Frame Navigate issue involves a vulnerability in Internet Explorer that could allow a malicious hacker to circumvent certain Internet Explorer security safeguards. This vulnerability makes it possible for a malicious Web site operator to read the contents of files on your computer.

The following software is affected by this vulnerability:

  • Microsoft Internet Explorer 4, 4.01 and 4.01 SP1 on Windows NT 4.0, Windows 95
  • Microsoft Windows 98, with integrated Internet Explorer (version 4.01 SP1)
  • Microsoft Internet Explorer 4 and 4.01 for Windows 3.1 and Windows NT 3.51
  • Microsoft Internet Explorer 4 and 4.01 for Macintosh
  • Microsoft Internet Explorer 3.x

This vulnerability could also affect software that uses HTML functionality provided by Internet Explorer. Anyone using such programs should download the patch even if they do not run Internet Explorer as their default browser.

More information is available in this Microsoft Security Bulletin.

The Fix:

Internet Explorer 3 Users:

Users of Internet Explorer 3 should first upgrade to the latest version of Internet Explorer 4 and then obtain the patch. Information on updating to Internet Explorer 4 can be found from the Internet Explorer download site

Internet Explorer 4:

Customers using versions of Internet Explorer listed above, can obtain the patch from the Internet Explorer Security Web site.

Windows 98:

Windows 98 customers can get the updated patch using the Windows Update. To obtain this patch using Windows Update, launch Windows Update from the Windows Start Menu and click Product Updates. When prompted, select Yes to allow Windows Update to determine whether this patch and other updates are needed by your computer. If your computer does need this patch, you will find it listed under the Critical Updates section of the page.

Internet Explorer 5 users do NOT need this patch

"Untrusted Scripted Paste" Issue.

Affected Software Versions:

  • Microsoft Internet Explorer 41 and 4.01 SP1 on Windows NT 4.0, Windows 95
  • Microsoft Windows 98, with integrated Internet Explorer
  • Microsoft Internet Explorer 41 for Windows 3.1 and Windows NT 3.51

This vulnerability could also affect software that uses HTML functionality provided by Internet Explorer, even if Internet Explorer is not used as your default browser. All customers that have affected versions of Internet Explorer on their systems should install this patch, whether or not they use Internet Explorer for web browsing.

This vulnerability does not affect Internet Explorer 3.x or 4.0 on any platform.

This does not affect any Macintosh or UNIX versions of Internet Explorer

The "Untrusted Scripted Paste" issue involves a vulnerability in Internet Explorer that could allow a malicious hacker to circumvent certain Internet Explorer security safeguards. This vulnerability makes it possible for a malicious Web site operator to read the contents of a file on the user's computer if the hacker knows the exact name and path of the targeted file.

This could also be used to view the contents of a file on the user's network to which the user has access, and whose direct path name is known by the attacker.

The nature of this problem is that a script is able to use the Document.ExecCommand function to paste a filename into the file upload intrinsic control, which should only be possible by explicit user action. As a result, a subsequent form submission could send the file to a remote web site not known to the user if the user has disabled the default warning that is displayed when submitting unencrypted forms.

While there have not been any reports of customers being adversely affected by these problems, Microsoft released a patch to address any risks posed by this issue.

The Fix:

Windows 98 users:

Windows 98 customers can obtain the patch using Windows Update. To obtain this patch using Windows Update, launch Windows Update from the Windows Start Menu and click Product Updates. When prompted, select Yes to allow Windows Update to determine whether this patch and other updates are needed by your computer. If your computer does need this patch, you will find it listed under the Critical Updates section of the page.

Internet Explorer 4 users:

Customers using Internet Explorer 4 can obtain the patch from the Internet Explorer Security web site.

More information can be found in this Microsoft Knowledge Base Article No. 169245

On November 18th Microsoft released an updated version of the patch for the "Untrusted Scripted Paste" vulnerability (also known as the "Cuartango" vulnerability). The updated patch fixes the original vulnerability as well as a newly-discovered variant.

Microsoft highly recommends that all affected customers - including anyone who downloaded the original patch before November 18 - download and install the updated patch to protect their computers.

"Dotless IP Address" Issue.

Microsoft has released a patch that fixes a vulnerability in the way Internet Explorer 4 determines what security zone a target server is in. By exploiting this vulnerability, a malicious hacker could misrepresent the URL of their Web site, causing the site to be treated as it if were located on an intranet by Internet Explorer's Security Zones feature.

The "Dotless IP Address" issue involves a vulnerability in Internet Explorer that could allow a malicious hacker to circumvent certain Internet Explorer security safeguards. This vulnerability makes it possible for a malicious web site operator to misrepresent the URL of an Internet web site and make it appear as if the machine is in the user's "Local Intranet Zone". Internet Explorer has the ability to set security settings differently between different zones. By exploiting this vulnerability, a malicious site could potentially perform actions that had been disabled in the Internet Zone or Restricted Sites Zone, but which are permitted in the Local Intranet Zone.

Affected Software Versions

  • Microsoft Internet Explorer 4, 4.01 and 4.01 SP1 on Windows NT 4.0, Windows 95
  • Microsoft Windows 98, with integrated Internet Explorer
  • Microsoft Internet Explorer 4 and 4.01 for Windows 3.1 and Windows NT 3.51
  • Microsoft Internet Explorer 41 for UNIX

This vulnerability does not affect Internet Explorer 3.
This vulnerability does not affect Internet Explorer 4 for the Macintosh.

The Fix:

Windows 98:

Windows 98 customers can obtain the patch using Windows Update. To obtain this patch using Windows Update, launch Windows Update from the Windows Start Menu and click Product Updates. When prompted, select Yes to allow Windows Update to determine whether this patch and other updates are needed by your computer. If your computer does need this patch, you will find it listed under the Critical Updates section of the page.

Internet Explorer 4:

Customers using Internet Explorer 4 can obtain patch information for specific platforms from the Internet Explorer Security web site, http://www.microsoft.com/windows/Ie/security/dotless.asp

More information can be found in this Microsoft Knowledge Base Article No. 168617

"Frame Spoof" Issue.

Microsoft has released a patch that fixes a vulnerability in Internet Explorer that could allow a malicious web site operator to impersonate a window on a legitimate web site. The threat posed by this vulnerability is that the bogus window could collect information from the user and send it back to the malicious site.

The "Frame Spoof" vulnerability exists because Internet Explorer's cross domain protection does not extend to navigation of frames. This makes it possible for a malicious web site to insert content into a frame within another web site's window. If done properly, the user might not be able to tell that the frame contents were not from the legitimate site, and could be tricked into providing personal data to the malicious site. Non-secure (HTTP) and secure (HTTPS) sites are equally at risk from this vulnerability.

Affected Software Versions

  • Microsoft Internet Explorer versions 3.X, 4.0, 4.01, 4.01 Service Pack 1 for Windows 95
  • Microsoft Internet Explorer versions 4.01 Service Pack 1 for Windows 98
  • Microsoft Internet Explorer versions 3.X, 4.0, 4.01, 4.01 Service Pack 1 for Windows NT 4.0
  • Microsoft Internet Explorer versions 3.X, 4.0, 4.01 for Windows 3.1
  • Microsoft Internet Explorer versions 3.X, 4.0, 4.01 for Windows NT 3.51
  • Microsoft Internet Explorer versions 3.X, 4.X for Macintosh
  • Microsoft Internet Explorer version 4 for UNIX on HPUX
  • Microsoft Internet Explorer version 4 for UNIX on Sun Solaris

No other products or versions of Internet Explorer are affected.

The Fix:

NOTE: The patch for the "Frame Spoof" Vulnerability also includes two previously-released patches, for the "Untrusted Scripted Paste" and "Cross Frame Navigate" vulnerabilities. If you have not yet downloaded and installed these two patches, you only need to download and apply the patch for the "Frame Spoof" Vulnerability. If you have applied either or both of the patches, you should apply the patch for the "Frame Spoof" Vulnerability to ensure that you have the latest protection against all three vulnerabilities.

Windows 98:

Windows 98 customers can obtain the patch using Windows Update. To obtain this patch using Windows Update, launch Windows Update from the Windows Start Menu and click Product Updates. When prompted, select Yes to allow Windows Update to determine whether this patch and other updates are needed by your computer. If your computer does need this patch, you will find it listed under the Critical Updates section of the page.

Internet Explorer 3.x and 4.0:

Internet Explorer 3.x and 4.0 users must first upgrade to Internet Explorer 4 with Service Pack 1, which is available at Microsoft. After installing the upgrade, apply the Internet Explorer 4 patch.

Internet Explorer 4:

Internet Explorer 4 (with or without Service Pack 1) users can obtain the patch from the Internet Explorer Security Web site.

The patches for the Macintosh, HPUX and Solaris versions will be slightly delayed. When they are available, a notice will be posted on the Internet Explorer Security Web site.

More information can be found in this Microsoft Knowledge Base Article No. 167614

Patch for "DHTML Edit" Vulnerability

Microsoft has released a patch that eliminates a vulnerability in an ActiveX control that is distributed in Internet Explorer 5 and downloadable for Internet Explorer 4.0. The vulnerability could allow a malicious web site operator to read information that a user had loaded into the control, and it also could allow files with known names to be copied from the user's local hard drive.

Affected Software Versions:

  • Microsoft Internet Explorer 5 on Windows 95, Windows 98, and Windows NT 4.0. Internet Explorer 5 on other platforms is not affected
  • Microsoft Internet Explorer 4.0 on Windows 95, Windows 98 and the x86 version of Windows NT 4.0. Internet Explorer 4.0 on other platforms, including the Alpha version of Windows NT 4.0, is not affected

More information is available in the Microsoft Knowledge Base Article No. Q226326 Update Available For "DHTML Edit" Security Issue.

The patch can be found at http://www.microsoft.com/windows/ie/security/dhtml_edit.asp.

MSHTML Update Available for Internet Explorer

Microsoft has released an updated version of a component of Internet Explorer 4.0 and 5. The updated version eliminates three security vulnerabilities described below.

MSHTML.DLL is the parsing engine for HTML in Internet Explorer. The vulnerabilities that are eliminated by the update are not related to each other except for the fact that all reside within the parsing engine.

  1. The first vulnerability is a privacy issue involving the processing of the "IMG SRC" tag in HTML files. This tag identifies and loads image sources - image files that are to be displayed as part of a web page. The vulnerability results because the tag can be used to point to files of any type, rather than only image files, after which point the document object model methods can be used to determine information about them. A malicious web site operator could use this vulnerability to determine the size and other information about files on the computer of a visiting user. It would not allow files to be read or changed, and the malicious web site operator would need to know the name of each file
  2. The second vulnerability is a new variant of a previously-identified cross-frame security vulnerability. A particular malformed URL could be used to execute scripts in the security context of a different domain. This could allow a malicious web site operator to execute a script on the web site, and gain privileges on visiting users' machines that are normally granted only to their trusted sites
  3. The third vulnerability affects only Internet Explorer 5.0, and is a new variant of a previously-identified untrusted scripted paste vulnerability. The vulnerability would allow a malicious web site operator to create a particular type of web page control and paste into it the contents of a visiting user's clipboard

Affected Software Versions:

  • Internet Explorer 4.0 and 5 on Windows 95, Windows 98 and Windows NT 4.0

More information is available in the Microsoft Knowledge Base Article No. Q226325 Update Available For MSHTML Security Issues In Internet Explorer.

The patch can be found at http://www.microsoft.com/windows/ie/security/mshtml.asp.

Patch for "Malformed Favorites Icon" Vulnerability

Microsoft has released a single patch that eliminates two security vulnerabilities in Microsoft® Internet Explorer 4.0 and 5. The first potentially could allow arbitrary code to be run on a user's computer. The second potentially could allow the local hard drive to be read. A fully supported patch is available to eliminate both vulnerabilities, and Microsoft recommends that affected customers download and install it, if appropriate.

Affected Software Versions:

  • Microsoft Internet Explorer 4.0 and 5.0

More information is available in the Microsoft Knowledge Base Article's:

The patch can be found at www.microsoft.com/windows/ie/security/favorites.asp.

Note: The patch will determine the version of IE and the platform on which it is installed, and will apply only the appropriate fix. As a result, the single patch above is appropriate for use by customers who are affected by either or both of the vulnerabilities.

Patch for "Scriptlet.typlib/Eyedog" Vulnerability

Microsoft has released a patch that eliminates security vulnerabilities in two ActiveX controls. The net effect of the vulnerabilities is that a web page could take unauthorized action against a person who visited it. Specifically, the web page would be able to do anything on the computer that the user could do.

Affected Software Versions:

  • Microsoft Internet Explorer 4.0 and 5.0

More information is available in the Microsoft Knowledge Base Article's:

Here is the Scriptlet.typlib/Eyedog Patch.

Patch Available for "IFRAME ExecCommand" Vulnerability

On October 11, 1999, Microsoft released a workaround for a vulnerability in Microsoft® Internet Explorer. The vulnerability could allow a malicious web site operator to read files on the computer of a user who visited the site, under certain circumstances. Microsoft has completed a patch that completely eliminates the vulnerability.

Frequently asked questions regarding this vulnerability can be found on the Microsoft security Web site.

Affected Software Versions:

  • Microsoft Internet Explorer 4.01, versions prior to Service Pack 2
  • Microsoft Internet Explorer 5

Patch Availability

Note I: The IE5 patch also includes the previously-released fix for the Download Behavior vulnerability.

Note II: The IE5 patch also will be available shortly at the Windows Update Web site.

More Information

Please see the following references for more information related to this issue.

Patch Available for "Active Setup Control" Vulnerability

Summary

Microsoft has released a patch that eliminates a vulnerability that could allow a malicious user to embed an unsafe execuTABLE within an email and disguise it as a safe type of attachment. Through a complicated series of steps, the unsafe execuTABLE could be made to execute under certain conditions, if the user opened the attachment.

Frequently asked questions regarding this vulnerability can be found on the Microsoft security Web site.

Affected Software Versions:

  • The affected ActiveX control ships as part of Microsoft Internet Explorer 4 and 5

Patch Availability

Note: Microsoft produces security patches for Internet Explorer 4.01 SP2 and higher. In the event that this package is applied to Internet Explorer 4.01 SP1, the package states that a fix is not needed. This message is incorrect, as the vulnerability does exist on Internet Explorer 4.01 SP1. If you are using Internet Explorer 4.01 SP1, please upgrade to the latest version of Internet Explorer to resolve this issue.

Patch Available for "Javascript Redirect" Vulnerability

Summary

On October 18, 1999, Microsoft released a workaround for a vulnerability in Microsoft® Internet Explorer. The vulnerability could allow a malicious web site operator to read files on the computer of a user who visited the site, under certain circumstances. Microsoft has completed a patch that completely eliminates the vulnerability.

Frequently asked questions regarding this vulnerability can be found on the Microsoft security Web site.

Affected Software Versions:

  • Microsoft Internet Explorer 4.01 and 5

Patch Availability

Note I: The IE 4.01 patch requires IE 4.01 SP2 in order to install. IE 4.01 SP 2 is available at the Internet Explorer Web site.

Note II: The patch will be available shortly via the WindowsUpdate site.

More Information

Please see the following references for more information related to this issue.

Patch Available for "Server-side Page Reference Redirect" Vulnerability

Summary

Microsoft has released a patch that eliminates a vulnerability in Microsoft® Internet Explorer 4.01, 5 and 5.01, that could allow a malicious web site operator to view a file on the computer of a visiting user, provided that the web site operator knew the name and folder of the file.

Frequently asked questions regarding this vulnerability can be found on the Microsoft security Web site.

Affected Software Versions:

  • Microsoft Internet Explorer 4.01
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 5.01

Patch Availability

Note I: Microsoft produces security patches for Internet Explorer 4.01 SP2 and higher. In the event that this package is applied to Internet Explorer 4.01 SP1, the package states that a fix is not needed. This message is incorrect, as the vulnerability does exist on Internet Explorer 4.01 SP1 or any earlier release. If you are using Internet Explorer 4.01 SP1 or any earlier release, please upgrade to the latest version of Internet Explorer to resolve this issue.

Note II: The patch will be available shortly at the WindowsUpdate site.

More Information

Please see the following references for more information related to this issue.

Although not a direct IE4 security issue, we'll report it here anyway:

Patch Available for "File Access URL" Vulnerability

Summary

Microsoft has released a patch that eliminates a vulnerability in Microsoft Windows 95 or Windows 98. The vulnerability could allow a malicious web site or e-mail message to cause the Windows machine to crash, or to run arbitrary code.

Frequently asked questions regarding this vulnerability can be found on the Microsoft security Web site

Issue

There is a buffer overflow in the Windows 95 and Windows 98 networking software that processes file name strings. If the networking software were provided with a very long random string as input, it could crash the machine. If provided with a specially-malformed argument, it could be used to run arbitrary code on the machine via a classic buffer overrun attack.

The vulnerability could be exploited remotely in cases where a file:// URL or a Universal Naming Convention (UNC) string on a remote web site included a long file name or where a long file name was included in an e-mail message.

Affected Software Versions

  • The buffer overrun is present in the networking software in all versions of Windows 95 and Windows 98.

Patch Availability

More Information

Please see the following references for more information related to this issue.

Microsoft released a fix for NetMeeting Speed Dial issue.

If you are running NetMeeting 1.0, 2.0 or 2.1 for Windows 95, Windows NT 4.0, or Windows NT Alpha, your computer is at risk. It's possible for a malicious Web site author to link to a specially edited NetMeeting speed dial object and cause NetMeeting to crash. Once NetMeeting has crashed, a skilled hacker could run arbitrary code in the computer's memory.

Full info at the Internet Explorer Security Page.

You can go to the download page at http://www.microsoft.com/msdownload/ieplatform/nmdial/nmdial.htm for the fix.

Microsoft has posted an update to Microsoft Outlook Express that protects customers against a potential problem involving file attachments that have long names.

When the user attempts to open an attachment in Outlook Express mail or news client and the attachment has a filename longer than a certain number of characters, the client could terminate unexpectedly.

Affected Software Versions:

  • Outlook 98 on Windows '95, Windows '98 and Microsoft® Windows NT® (when configured for Internet Mail Only OR Corporate/Workgroup support with an Internet Mail service) (Outlook 97 and Outlook for Macintosh, Microsoft Exchange Server Edition are not affected by this issue)
  • Outlook Express included with Internet Explorer 4, 4.01 & 4.01 with Service Pack 1 on Windows '95, Windows '98 and Windows NT
  • Outlook Express included with Internet Explorer 41 on Solaris
  • Outlook Express included with Internet Explorer 41 on the Macintosh (Outlook Express 4.01 for Windows 3.1 is not affected by this issue)

More information, and patches can be found on the Microsoft Internet Explorer Security Site.

Note that Microsoft has updated the patch on the 11th of August. Visit the Internet Explorer Security page for more info!

Although not a direct IE4 security issue, we'll report it here anyway:

Updates available for Security Vulnerabilities in Microsoft PPTP.

Microsoft has released a set of patches that fix several security issues with implementations of the Point-to-Point Tunneling Protocol (PPTP) used in Microsoft Virtual Private Networking (VPN) products.

Customers using affected software listed below to secure communications over a public network (i.e. the Internet) should download and apply these patches as soon as possible.

Customers who are not using PPTP for network security are not affected by this issue.

Affected Software Versions:

The following software is affected by this vulnerability:

  • Microsoft Dialup Networking 1.2x and earlier on Windows 95
  • Microsoft Remote Access Services on Windows NT 4.0 (both client and server)
  • Microsoft Routing and Remote Access Services on Windows NT Server 4.0
  • Microsoft Windows 98 Dialup Networking

Fixes:

Windows NT 4.0 RAS:

Download the patch from: ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/pptp3-fix/

Windows NT 4.0 RRAS:

Download the patch from: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/rras30-fix/

Windows 95:

Download the patch from: ftp://ftp.microsoft.com/softlib/mslfiles/msdun13.exe

Windows 98

Download the patch from: ftp://ftp.microsoft.com/softlib/mslfiles/dun40.exe

Strong Encryption Versions (128-bit):

Customers in the United States and Canada can download the strong encryption versions of these updates from: http://mssecure.www.conxion.com/cgi-bin/ntitar.pl

Microsoft has published the following Knowledge Base (KB) articles on this issue:

  • Microsoft Knowledge Base (KB) article 154091, Windows 95 Dial-Up Networking 1.3 Upgrade Release Notes
  • Microsoft Knowledge Base (KB) article 189594, RRAS Hotfix 3.0
  • Microsoft Knowledge Base (KB) article 189595, Windows NT 4.0 PPTP Security Update
  • Microsoft Knowledge Base (KB) article 189771, Windows 98 PPTP Security Update

Next »

Last Updated: October 13, 2000