Security 10808 Published by

Microsoft has released a patch that eliminates a security
vulnerability in Microsoft(r) Internet Explorer. Under a daunting
set of conditions, the vulnerability could enable a malicious user to
obtain another user´s userid and password to a web site.

Frequently asked questions regarding this vulnerability
and the patch can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-076.asp

Affected Software Versions
==========================
- Microsoft Internet Explorer 4.x
- Microsoft Internet Explorer 5.x prior to version 5.5

Note: Internet Explorer 5.5 is not affected by this vulnerability.
Customers using IE 5.5 do not need to take any action.

Patch Availability
==================
- http://www.microsoft.com/windows/ie/download/critical/q273868.htm

Note: The patch requires IE 5.01 SP1 to install. Customers who
install this patch on other versions may receive a message reading
"This update does not need to be installed on this system". This
message is incorrect. More information is available in KB article
Q273868.

Note: As discussed in Affected Software Versions, this vulnerability
does not affect IE 5.5.