Microsoft alerts Passport users to need for patch
Published: 04 Jan 2002 12:54 GMT
Microsoft is pressing .Net Passport users to install a patch for some versions of its browser nearly two months after it fixed a security flaw that threatens customers' personal data online.
The company has sent millions of email notifications in the past month to Passport users, urging them to visit a special Web page to determine whether Internet Explorer needs a security upgrade.
"The reason for the 'canvassing' approach is that we feel that we need to do everything to make users aware of fixes to browser issues that could affect their Passport experience," said a Microsoft representative. "The fundamental architecture of IE and .Net Passport continues to be safe and secure for consumers."
The move illustrates Microsoft's sensitivity to the possibility of ongoing security risks, since many customers often ignore fixes to flawed software. Although Microsoft has not tracked how many people applied the IE fix, the company has said the issue has been a problem in the past.
The fix is meant to shore up a known vulnerability in IE 5.5 and 6.0. In November, Microsoft warned that the flaw could expose personal data contained within cookies -- tiny electronic files used by Web sites to file account information or personalize pages. The flaw could allow an outsider to break into cookies and steal or alter data from Web accounts, including credit card numbers, usernames and passwords.
The software maker has been racked with security problems of late. Just two weeks ago, Microsoft released a fix for a security hole in Windows XP that could leave some systems open to a malicious attack. At the time, Microsoft recommended that every Windows XP customer apply the patch immediately.
In November, security flaws were found in Microsoft's Passport authentication system, causing the software maker to remove part of the service from the Internet. The privacy breach in the Passport service, which keeps track of data used by e-commerce sites, potentially exposed the financial data of thousands of consumers, undermining Microsoft's recent efforts to convince people that it is serious about security.
For the IE fix, Microsoft said it has sent email to 25 million Passport subscribers and newsletters via Hotmail and MSN Internet access accounts.
For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.
Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.
Let the editors know what you think in the Mailroom. And read other letters.
Did you find this article useful?
42 out of 106 people found this useful
- Share this article:
