Microsoft KB Archive/254902

= Invalid SSL Certificates May Be Bypassed in Internet Explorer =

Article ID: 254902

Article Last Modified on 3/22/2007

-

APPLIES TO


 * Microsoft Internet Explorer 5.01
 * Microsoft Internet Explorer 5.01
 * Microsoft Internet Explorer 5.01
 * Microsoft Internet Explorer 5.01
 * Microsoft Windows 2000 Standard Edition

-



This article was previously published under Q254902



SYMPTOMS
If you use a command-line option to start an instance of Webserver.exe and specify a server certificate at startup, and you then stop the current Webserver.exe instance and start a new instance of Webserver.exe with a different server certificate, a computer that is running Internet Explorer may not recognize the certificate change.



RESOLUTION
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

Microsoft has released an update that resolves this issue. For information about this update, please visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/ms00-039.mspx



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

This problem was first corrected in Windows 2000 Service Pack 1.



MORE INFORMATION
NOTE: This update may not appear when you click Product Updates on the Microsoft Windows Update Web site, or you may receive the following message when you are installing this update from the Microsoft Download Center:

This update does not need to be installed on this system.

Updates are available only for Internet Explorer 4.01 Service Pack 2 (SP2) and Internet Explorer 5.01. Internet Explorer versions 4.0, 4.01, 4.01 Service Pack 1, 5, and 5.5 Beta are also vulnerable to this issue, but running the patch on a version of Internet Explorer 4.x earlier than 4.01 SP2, a version of Internet Explorer 5 earlier than 5.01, or Internet Explorer 5.5 Beta results in the message listed above. This patch is not listed as a critical update on the Microsoft Windows Update Web site unless you are running Internet Explorer 4.01 SP2 or 5.01.

Microsoft recommends that you update to Internet Explorer 4.01 SP2 or 5.01 and then install this patch. If you are using Internet Explorer 5.5 Beta, Microsoft recommends that you uninstall Internet Explorer 5.5 Beta and then install this patch for Internet Explorer 4.01 SP2 or 5.01. The final released version of Internet Explorer 5.5 includes all of the updates in this patch.

For information about determining the version of Internet Explorer you are using, please see the following article in the Microsoft Knowledge Base:

164539 How to Determine Which Version of Internet Explorer Is Installed

Additional query words: webserver exe

Keywords: kbbug kbfix kbwin2000sp1fix kbqfe kbsecurity kbhotfixserver KB254902

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.