Security threats Toolkit

Microsoft IE patch leaves users locked out

Munir Kotadia ZDNet.co.uk

Published: 04 Feb 2004 14:05 GMT

A critical security patch released this week that fixes vulnerabilities in Internet Explorer has left many users unable to access certain Web sites and Internet resources.

Microsoft's latest IE update, which was released outside the monthly patching cycle, stops the company's browser from being used to transfer malicious code to a user's PC and fixes the URL spoofing flaw, but it also stops URLs from being used to access password-protected Internet resources, a feature that many companies employ.

Up until June 2003, Microsoft itself thought the system safe enough to use in Passport, a secure repository designed to hold users' personal information, including their credit card numbers.

Richard Excoffier, founder of adult entertainment Web site Toteme, told ZDNet UK that the IE update has left many of his customers complaining that they cannot access the site: "We distribute our software via shareware and the registration process uses the feature to communicate with our servers. We have a rapidly rising number of users complaining because they can't access the content and resources they have paid for," he said.

According to Excoffier, the company's system can be modified to work with IE within a few days, but in the cut-throat business of adult entertainment, losing a percentage of customers because they can't access the systems for even a short time means they will probably switch to a competitor: "The cost in human resources is not very high, we're more concerned about customers giving up because 'our system does not work' within the day or two we need to fix it," he said.

In addition, the effect of the patch appears to be inconsistent. Some users have found that even after the patch is applied, IE can still be used to access resources with a URL password, contrary to Microsoft's claims.

Microsoft was not available for comment.