Microsoft KB Archive/308411

= The MS01-020 and MS01-027 Security Patches May Not Be Applied When You Upgrade to Internet Explorer 6 =

Article ID: 308411

Article Last Modified on 1/31/2007

-

APPLIES TO


 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0

-



This article was previously published under Q308411



SYMPTOMS
When you upgrade to Internet Explorer 6, the MS01-020 or MS01-027 security updates may not be applied to your computer.



CAUSE
The files that contain the vulnerability are associated with Microsoft Outlook Express, which is included as part of Internet Explorer. If all of the following conditions exist, Outlook Express is not upgraded and the vulnerability remains:
 * You are running Microsoft Windows 98, Microsoft Windows 98 Second Edition, or Microsoft Windows Millennium Edition (Me). Note that Internet Explorer 6 is not supported on Microsoft Windows 95.
 * You upgraded from Internet Explorer 5, 5.01, 5.01 Service Pack 1 (SP1), 5.5, or 5.5 SP1 to Internet Explorer 6.
 * You did not apply the patch for MS01-020 or MS01-027 before you upgraded to Internet Explorer 6.
 * When you installed Internet Explorer 6, you either selected the Custom Install option and cleared the option to install Outlook Express, or you selected the Minimal Install option.

Note that this issue does not apply to Microsoft Windows NT 4.0, Microsoft Windows 2000, or Microsoft Windows XP because the vulnerable code is always updated on these versions of Windows.



RESOLUTION
To resolve this problem, reinstall Internet Explorer 6 from the following Microsoft Web site:

http://www.microsoft.com/windows/ie/downloads/ie6/default.asp

The default installation mode for Internet Explorer 6 is the Typical Install option, which upgrades Outlook Express and protects against the vulnerability. Also, the Full Install option upgrades Outlook Express and protects against the vulnerability.



MORE INFORMATION
The files that contain the vulnerability cannot be added to your computer by an Internet Explorer 6 installation; they must already be present before the installation. If your computer was not affected by the vulnerability before you installed Internet Explorer 6, your computer is not vulnerable afterwards. If you applied the MS01-020 or MS01-027 security update, or Internet Explorer Service Pack 2 (SP2) before you installed Internet Explorer 6, you have already eliminated the vulnerability.

If you upgraded directly from Internet Explorer 4.x or earlier, you are fully protected because these versions do not contain the vulnerability.

If you think you might be affected by this problem, start Outlook Express, and then click About Outlook Express on the Help menu. The version number is displayed in the dialog box. If the version number begins with &quot;5&quot;, you need to upgrade Outlook Express. The easiest way to do this is to reinstall Internet Explorer 6 by using the Typical Install or Full Install option.

For more information, see the following Microsoft Web site:

http://www.microsoft.com/technet/security/topics/NimdaIE6.asp

Additional query words: nimda worm virus

Keywords: kbenv kbprb KB308411

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.